Ruby on Rails Web Console IP 白名单安全模式绕过

IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...

CentOS 5 / 7 : java-1.7.0-openjdk (CESA-2016:0054) (SLOTH)

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SUSE SLED11 / SLES11 Security Update : mozilla-nss (SUSE-SU-2016:0189-1) (SLOTH)

This update contains mozilla-nss 3.19.2.2 and fixes the following security issue : - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature bsc959888 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE securi...

CentOS 7 : java-1.8.0-openjdk (CESA-2016:0049) (SLOTH)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

[SECURITY] Fedora 22 Update: prosody-0.9.9-2.fc22

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

OpenJDK: PBE incorrect key lengths (Libraries, 8138589)

It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...

[SECURITY] Fedora 22 Update: php-5.6.17-1.fc22

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Manage Engine Application Manager 12.5 - Arbitrary Command Execution

Exploit for php platform in category web applications !C:/Python27/python.exe -u Applications Manager 12.5 Arbitrary Command Execution Exploit Vendor: Zoho Corporation Pvt. Ltd. Product web page: https://www.manageengine.com Affected version: 12.5 Summary: ManageEngine Applications Manager is an...

RedHat Update for nss RHSA-2016:0007-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED11 / SLES11 Security Update : libksba (SUSE-SU-2016:0008-1)

The libksba package was updated to fix the following security issues : - Fixed an integer overflow, an out of bounds read and a stack overflow issues bsc926826. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Another ISIS Hacker Killed by U.S Drone Strike in Syria

A British-educated businessman who later joined Islamic State ISIS militant group in Syria has been killed in a US drone strike. Siful Haque Sujan, a Bangladesh-born man, was killed on 10 December 2015 by a US drone strike near Raqqa, Syria. Sujan has been described as one of the ISIS's top...

[SECURITY] Fedora 22 Update: python-django-1.8.7-1.fc22

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Multiple Adobe Product Type Obfuscation Vulnerabilities

Adobe Flash Player, Adobe AIR SDK, and Adobe AIR SDK & Compiler are products of Adobe, Incorporated.Adobe Flash Player is a multimedia player; Adobe AIR SDK and Adobe AIR SDK & Compiler are standard development kits for Adobe AIR a cross-OS runtime environment. Adobe Flash Player is a multimedia...

Memory Misreference Vulnerability in Multiple Adobe Products (CNVD-2015-08508)

Adobe Flash Player, Adobe AIR SDK, and Adobe AIR SDK & Compiler are products of Adobe, Incorporated.Adobe Flash Player is a multimedia player; Adobe AIR SDK and Adobe AIR SDK & Compiler are standard development kits for Adobe AIR a cross-OS runtime environment. Adobe Flash Player is a multimedia...

SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:2340-1)

This update fixes the following security issue : - CVE-2015-8000: Fix remote denial of service by misparsing incoming responses bsc958861. It also fixes a bug : - Fix a regression in caching entries with a TTL of 0 bsc923281. Note that Tenable Network Security has extracted the preceding...

Bitcoin Core Developers Quit Bitcoin Project to Launch a New Digital Currency

Some of Bitcoin’s Core developers have left the Bitcoin project and started building their separate cryptocurrency called DECRED. Decred aims to prevent the issues Bitcoin is currently facing regarding project governance and development funding. CEO of 'Company 0', Mr. Jacob Yocom-Piatt, who has...

phpMyAdmin -- path disclosure vulnerability

The phpMyAdmin development team reports: By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. We consider these vulnerabilities to ...

Joomla! 1.5 3.4.5 - Object Injection Remote Command Execution

Joomla! 1.5 3.4.5 - Object Injection Remote Command Execution ''' Simple PoC for Joomla Object Injection. Gary @ Sec-1 ltd http://www.sec-1.com/ ''' import requests easyinstall requests def geturlurl, useragent: headers = 'User-Agent': useragent cookies = requests.geturl,headers=headers.cookies f...