CVE-2011-3112

CVE-2011-3112 is a use-after-free vulnerability in Google Chrome’s PDF functionality. The flaw allows remote attackers to cause a denial of service or possibly other impact via an invalid encrypted PDF document. The affected component is Chrome’s PDF handling code; the vulnerability is associated...

CVE-2011-3112

Removed by vendor...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 117409 High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community Brett Wilson. 118018 Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team Inferno. 120912 High CVE-2011-3105: Use-after-free...

November 2011 – Steam Hack

Steam, an online distribution network that hosts countless video game catalogs struck down in November last year after a hacker was able to bypass the site’s message boards and databases. The hackers leaked 35 million customers’ information, including encrypted passwords, game purchases, email...

June 2011 – Bioware hacked, EA info compromised

Electronic Arts’ Bioware, creators of MMORPG Star Wars: The Old Republic and the popular Mass Effect and Dragon Age series had a hacker infiltrate a decade-old server that was hosting the Neverwinter Nights forums in June, 2011. While no social security numbers or credit cards were compromised, E...

Pidgin OTR Plugin Detection

The remote host has the Pidgin OTR Off-the-Record plugin installed. This plugin allows for secure, encrypted communication between parties using the Pidgin instant messaging software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59194; scriptversion"1.8";...

Proman Xpress 5.0.1 SQL Injection / XSS

Title: ====== Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=513 VL-ID: ===== 512 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Proman...

SuSE 11.1 Security Update : LibreOffice (SAT Patch Number 6003)

The update fixes the following security issues : - 740453: Vulnerability in RDF handling. CVE-2012-0037 - 752595: overflow in jpeg handling CVE-2012-1149 This update also fixes the following non-security issues : Extras : - add SUSE color palette fate312645 Filters : - crash when loading embedded...

Simple Help Desk Remote Upload Vulnerability

Exploit for php platform in category web applications Author : L3b-r1'z Title : Simple Help Desk Remote Upload Vulnerability Email : email protected Site : Sec4Leb.Com Download : http://simplehelpdesk.com/helpdeskfinal.zip Dork : allintitle: "Help Desk - Log In" Upload Vuln + P0c : First Register...

Tresdepicas - SQLi/XSS Multiple Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

Want lunch? Palm it over

Fed up with using swipe cards and PINs for their students’ lunch payments, a school board district in Clearwater, Fla. recently partnered with microelectronic company Fujitsu to use palm vein readers for nearly half of their 102,000 students. Pinellas County School Board District spent $120,000 t...

GLSA-201202-06 : Asterisk: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201202-06 Asterisk: Denial of Service A vulnerability has been found in Asterisk's handling of certain encrypted streams where the ressrtp module has been loaded but video support has not been enabled. Impact : A remote attacker...

Asterisk: Denial of service

Background Asterisk is an open source telephony engine and toolkit. Description A vulnerability has been found in Asterisk's handling of certain encrypted streams where the ressrtp module has been loaded but video support has not been enabled. Impact A remote attacker could send a specially craft...

Google Reacts to Google Wallet Security Issues

Google has temporarily disabled the provisioning of prepaid cards as the company deals with the fallout from the discovery of security vulnerabilities affecting Google Wallet. Google Wallet is a mobile payment application that enables users to store information such as credit cards on their mobil...

Total Defense Suite UNC Management Web Service Database Credentials Disclosure Vulnerability

This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AppCode.dll service listening by default on...

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2...

CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network...

Code injection

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network...

CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network...

Court: Forced Hard Drive Decryption Doesn't Violate Fifth Amendment

In what may become a precedent setting digital rights ruling, Judge Robert Blackburn of the United States District Court of Colorado ruled that compelling an individual to provide access to the encrypted contents of a device does not violate the US Constitution’s prohibition of self incrimination...