JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532...

JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

Discuz!某工具写文件导致getshell

简要描述： 就不告诉你们是什么工具，哼！害羞 详细说明： 产品名：Discuz!应用开发助手 安装量较高，此处分析此产品可getshell的一个部分。 创建应用处如下填写。 此处创建时他会存入数据库，进入下一步。 只需在 “普通页面嵌入脚本” 处 填入任意字符。 如xxx.class.php，填完直接下一步到导出插件包。 此时会在/data/develop/生成igetshell目录,目录下的xxx.class.php为插入的内容。 漏洞证明： 随便找了个站测试的，求不水表。...

CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2014:1620)

Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

java security update

CentOS Errata and Security Advisory CESA-2014:1620 Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)

It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class...

RedHat Update for java-1.8.0-openjdk RHSA-2014:1636-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:1620)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1620 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security and bug fix update

Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...

PT-2019-6288 · Intel +7 · Edk Ii +7

Name of the Vulnerable Software and Affected Versions: EDK II affected versions not specified Description: The issue is related to an unlimited recursion in the EDK II UEFI development environment, specifically in DxeCore. This allows an attacker to access confidential data, compromise its...

CVE-2014-6289

The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...

Authentication flaw

The Ajax dispatcher for Extbase in the Yet Another Gallery yag extension before 3.0.1 and Tools for Extbase development ptextbase extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors...

CVE-2014-6289

The CVE-2014-6289 issue affects TYPO3 extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase). The Ajax dispatcher for Extbase in yag (<=3.0.0) and pt_extbase (

[SECURITY] Fedora 20 Update: pairs-4.14.1-1.fc20

Pairs is a collection of games aimed to help the development of preschool children. With these games the child can improve memory, logic, hearing and even reading skills. Each game can have different themes so the child is stimulated with different and new challenges...

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

Charney on Trustworthy Computing: 'I Was the Architect of These Changes'

Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about th...

USN-2347-1: Django vulnerabilities

Florian Apolloner discovered that Django incorrectly validated URLs. A remote attacker could use this issue to conduct phishing attacks. CVE-2014-0480 David Wilson discovered that Django incorrectly handled file name generation. A remote attacker could use this issue to cause Django to consume...

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was...

[SECURITY] Fedora 20 Update: python-django15-1.5.9-1.fc20

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 20 Update: python-django14-1.4.14-1.fc20

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...