ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

Suning a backstage bypass arbitrary file upload-vulnerability warning-the black bar safety net

http://58.213.19.68/users/signin Suning Plaza phone the client back-end management system http://58.213.19.68/users/signup you can register for an account Then login ! Snip2015010713. png Point into the background is not entitled to limit access, but the system using rb to develop The error...

Lessons Learned in Building a Vulnerability Coordination Program

CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software. Wrong. “The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at...

Oracle JRE/JDK: Multiple vulnerabilities

Background Oracle’s Java SE Development Kit and Runtime Environment Description Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be abl...

A Token’s Tale

Posted by James Forshaw currently impersonating NT AUTHORITY\SYSTEM. Much as I enjoy the process of vulnerability research sometimes there’s a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex...

JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vector...

JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Update OpenH264 plugin to version 1.3 — Mozilla

Mozilla and Cisco developers as well as security researcher Nils reported security and stability bugs affecting the OpenH264 plugin version 1.1. This plugin was available to Desktop Firefox 34 and 35 users as an on-demand download as needed. Security researchers Nils and Hanno Böck also reported...

Debian: Security Advisory (DSA-3151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9200

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM...

Dshell – Network Forensic Analysis Framework

Dshell An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04...

Apple MAC OS X Yosemite Security Bypass Vulnerability

Apple MAC OS X Yosemite is the latest operating system developed by Apple. A security bypass vulnerability exists in Apple MAC OS X Yosemite's handling of application certificate information caches, which allows applications signed with revoked development ID certificates to bypass GateKeeper...

[SECURITY] Fedora 20 Update: python-django-1.6.10-1.fc20

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 20 Update: python-django14-1.4.18-1.fc20

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

[SECURITY] Fedora 21 Update: python-django-1.6.10-1.fc21

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...