Oracle Linux 4 : evolution (ELSA-2008-0177)

From Red Hat Security Advisory 2008:0177 : Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of...

Oracle Linux 6 : libvirt (ELSA-2011-1197)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-1197 advisory. 0.8.7-18.0.1.el61.1 - Replace docs/et.png in tarball with blank image libvirt-0.8.7-18.el61.1 - debug: Avoid null dereference on uuid lookup api rhbz728546 - Fi...

Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities

Document Title: =============== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1009 Release Date: ============= 2013-07-12 Vulnerability Laboratory ID VL-ID: ====================================...

Oracle Linux 5 / 6 : libuser (ELSA-2011-0170)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0170 advisory. 0.56.13-4 - Correctly mark the LDAP default password value as encrypted CVE-2011-0002 Resolves: 668020 Tenable has extracted the preceding description block...

Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...

Microsoft handed over encrypted messages key and Skype calls access to NSA

New top secret documents provided by Edward Snowden exposed that Microsoft worked hand-in-hand with the United States government and handed the NSA access to encrypted messages and built a series of backdoors into Outlook.com, Skype, and SkyDrive to ease difficulties in accessing online...

CentOS 4 : mysql (CESA-2005:685)

Updated mysql packages that fix a temporary file flaw and a number of bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisti...

Handling of Encryption, Tor Exposed in Leaked NSA Documents

New top-secret NSA documents released by the Guardian UK newspaper reveal that the United States’ top spy agency can retain encrypted communications for as long as it takes analysts to decrypt the secret messages—even if they’re collected by chance and without a warrant. In addition, the document...

ClamAV Encrypted PDF File Handling Memory Access Error (CVE-2013-2021)

A memory access error has been reported in ClamAV antivirus...

LinkedIn was not Hacked, suffered outage due to DNS issue

The LinkedIn became inaccessible for an hour last night. Few Hours before App.net co-founder Bryan Berg posted that LinkedIn DNS was hijacked but later LinkedIn confirmed that they suffered outage due to DNS issue, not Hack. DNS Hijacking is an unauthorized modification of a DNS server or change ...

Dedecms v57 sp1 plus/download.php SQL注入漏洞

起因是全局变量$GLOBALS可以被任意修改，随便看了下，漏洞一堆，我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖，是+ function SetQuery$sql $prefix="@"; $sql =...

CVE-2013-2959

The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not provide an encrypted session for transmitting login credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

DEBIAN-CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

Out-of-bounds

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

CVE-2013-2021

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service out-of-bounds-read via a crafted length value in an encrypted PDF file...

ColdFusion 'password.properties' Hash Extraction

This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 auto-detect. This module requires Metasploit: https://metasploit.com/download Current...

Name.com Data Breach Forces Password Breach

Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...

Pentagon Approves Samsung KNOX Android Platform for DoD

Android has long been the outcast of mobile device security largely because hackers have been adept at getting malware onto the platform via third-party application marketplaces and lax submission policies on Google Play. The security of the operating system itself, however, hasn’t been challenge...