Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...

CentOS 4 : mysql (CESA-2005:685)

Updated mysql packages that fix a temporary file flaw and a number of bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisti...

Handling of Encryption, Tor Exposed in Leaked NSA Documents

New top-secret NSA documents released by the Guardian UK newspaper reveal that the United States’ top spy agency can retain encrypted communications for as long as it takes analysts to decrypt the secret messages—even if they’re collected by chance and without a warrant. In addition, the document...

ClamAV Encrypted PDF File Handling Memory Access Error (CVE-2013-2021)

A memory access error has been reported in ClamAV antivirus...

LinkedIn was not Hacked, suffered outage due to DNS issue

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change ...

Dedecms v57 sp1 plus/download.php SQL注入漏洞

起因是全局变量$GLOBALS可以被任意修改，随便看了下，漏洞一堆，我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖，是+ function SetQuery$sql $prefix="@"; $sql =...

CVE-2013-2959

The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

DEBIAN-CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

Out-of-bounds

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

ColdFusion 'password.properties' Hash Extraction

This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 auto-detect. This module requires Metasploit: https://metasploit.com/download Current...

Name.com Data Breach Forces Password Breach

Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...

Pentagon Approves Samsung KNOX Android Platform for DoD

Android has long been the outcast of mobile device security largely because hackers have been adept at getting malware onto the platform via third-party application marketplaces and lax submission policies on Google Play. The security of the operating system itself, however, hasn’t been challenge...

ClamAV < 0.97.8 Multiple Vulnerabilities

According to its version, the ClamAV clamd antivirus daemon on the remote host is earlier than 0.97.8 and is, therefore, potentially affected by the following vulnerabilities : - An overflow condition exists in the 'getsisstring' function in 'libclamav/sis.c' when handling SIS content. This flaw...

ClamAV < 0.97.8 Multiple Vulnerabilities

Binary data 6782.prm...

World's most secure messaging service offers £10,000 if you crack it

Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it. Redact believes that messages sent v...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

New Apache backdoor serving Blackhole exploit kit

A new sophisticated and stealthy Apache backdoor meant to drive traffic to malicious websites serving Blackhole exploit kit widely has been detected by Sucuri recently. Researchers claimed that this backdoor affecting hundreds of web servers right now. Dubbed Linux/Cdorked.A, one of the most...