Oracle: Security Advisory (ELSA-2015-2360)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cups-filters security, bug fix, and enhancement update

1.0.35-21 - Fix heap-based buffer overflow in texttopdf filter bug 1241242, CVE-2015-3258, CVE-2015-3279. 1.0.35-20 - Improvements to cups-browsed efficiency patch bug 1191691. 1.0.35-18 - Fix segfault in texttopdf filter bug 1194263. - Improve cups-browsed efficiency bug 1191691. - Fetch printer...

CVE-2015-8217

The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...

CVE-2015-8217

The ffhevcparsesps function in libavcodec/hevcps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service out-of-bounds array access or possibly have unspecified other impact via crafted High Efficiency Video Coding HEVC da...

CVE-2015-8217

The CVE-2015-8217 vulnerability in FFmpeg (libavcodec/hevc_ps.c) arose from not validating the Chroma Format Indicator, allowing a crafted HEVC stream to trigger an out-of-bounds array access and potential DoS. Connected advisories confirm FFmpeg up to version 2.8.2 fixed this issue by adding a c...

Vulnerability management the flow of electrons-vulnerability warning-the black bar safety net

0x01 is written on the front This article is mainly to share and record some of their own growth, such as a poorly written local, but also hope to Treatise on. In the most early for vulnerability management in this thing, individuals feel more nausea. Especially all kinds of mail sent to sent to,...

Samsung Launches 6GB RAM Chips for Next Generation Smartphones

With Launch of Galaxy S6 and Galaxy S6 Edge, Samsung was the first one to bring 4GB RAM access in the Android mobile phones; with Samsung Note 5 and the current OnePlus 2 carrying the same RAM capacity. Now, today Samsung has again taken the technology a step further with the launch of 12GB LPDDR...

How to Fix Chrome Massive Memory Usage? Simply Try 'Chrome 45' for Faster Performance

Rejoice Chrome users! Google has made major improvements to its Chrome web browser that would once again make it one of the least memory eater browsers in the market. Although Chrome is used by hundreds of millions of people worldwide due to its simplicity and power, most people aren't happy with...

Android IMSI-Catcher Detector: AIMSICD

AIMSICD is an app to detect IMSI-Catchers . IMSI-Catchers are false mobile towers base stations acting between the target mobile phones and the real towers of service providers. As such they are considered a Man-In-The-Middle MITM attack. In the USA the IMSI-Catcher technology is known under the...

Zer0 - Secured file deletion made easy

Zer0 is a user friendly file deletion tool with a high level of security. With Zer0, you'll be able to delete files and to prevent file recovery by a 3rd person. So far, no user reported an efficient method to recover a file deleted by Zer0. Features User friendly HMI : Drag'n'drop, 1 click and t...

SubBrute - Subdomain Bruteforcer

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting https://www.us-cert.gov/ncas/alerts/TA13-088A. This desig...

Some Recursive DNS Implementations Patch DoS Vulnerability

UPDATE: Some domain name system DNS server implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, OpenDNS, PowerDNS and NLnetLabs. According to an advisory from DHS and the CERT Coordination Cente...

DEBIAN-CVE-2014-9319

The ffhevcdecodenalsps function in libavcodec/hevcps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service out-of-bounds access via a crafted .bit file...

Tor 0.2.5.10 - Anonymity Online (Tor 0.2.3.x is deprecated!)

Tor 0.2.5.10 is the first stable release in the 0.2.5 series. It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux requires seccomp2. The controller protocol...

OWASP OWTF 1.0.1 - Offensive Web Testing Framework

OWASP OWTF, the Offensive Web Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive Web Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient. OWTF aims to make pen...

SUSE-SU-2015:0792-1 Recommended update for coreutils

This update for coreutils provides the following fixes and enhancements: cp1 could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on file systems supporting filemap extent scanning. bnc892862 Improve ls1 efficiency on lar...

What happens when you read a response?

There's a bit of disagreement over the behaviour of requests and responses in the fetch API, curious to know what you think… Setting the scene The new fetch API gives the web proper Request and Response primitives. fetch'/whatever'.thenfunctionresponse return response.body.asJSON; .thenfunctionda...

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information: 1. Information discovery 2. Exploit useful information 3. Report the...

Upload vulnerability science[1]-The file upload form is Web Security the main threat-vulnerability warning-the black bar safety net

In order to allow the end user to upload files to your website, just like Is to compromise your server for a malicious user to open another door. Even so, in today's modern Internet Web applications, it is a common requirement, because it helps to improve your business efficiency. On Facebook and...

[PACK] Password Analysis & Cracking Kit

PACK Password Analysis and Cracking Toolkit is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for...