DSA-2562-1 cups-pk-helper - privilege escalation

Bulletin has no description...

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

Researchers Identify Serious Capability Leaks in Many Android Phones

Many of the apps that come pre-installed on a variety of Android devices from manufacturers such as HTC, Samsung, Google and others have access to more services and capabilities on the devices than they should or that users are aware they have, according to new research. These “capability leaks”...

Parental Controls, 2.0, 3.0

It wasn’t until the second iteration of iOS that Apple got serious about what happens when children get their hands on their parents’ phones. With 2.0, parents were given the ability to block certain functions on their child’s handset including Safari, YouTube and whether or not anything could be...

#Anonymous Leaks Nude Pics of #BART Spokesman

Anonymous Leaks Nude Pics of BART Spokesman A member of Anonymous has set up a blog NSFW exposing BART spokesman Linton Johnson's, uh, Johnson. The blog shows a couple photos CAUTION: photos contain nudity of Johnson cavorting at an outdoor party, pulling down his pants and revealing his dong. Al...

Rapper Lil Wayne's Twitter account hacked !!

Rapper Lil Wayne has become the latest victim of web hackers when his Twitter account was compromised by an internet prankster. The 28-year-old hip hop star has suspended his Twitter account after the hacker sent a number of objectionable messages to his fans and followers, reported Contactmusic...

Discover MaosinCMS website system vulnerability testing-vulnerability warning-the black bar safety net

The recent move easy CMS vulnerability can be said to really was a fire, this article written by CMS although there is no move-powerful, but also the presence of injection vulnerabilities. This vulnerability with the tool is swept less than, can be said that the injection has been made by explici...

jQuery 2.3.5 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications =============================================== jQuery 2.3.5 Cross Site Scripting Vulnerability =============================================== +----------------------------------------------+ ADVISORY jQuery Validate 1.6.0 Demo Code...

WOW Gamers Targeted with Trojan Spam

Security experts are warning of a new malicious spam campaign with a Trojan Horse designed to harvest the log-in credentials of online gamers with sexually explicit images of Asian women. Read the full article. SC Magazine...

Porn dialers for smartphones

Security researchers at Kaspersky Lab our corporate sponsor are warning about a new potentially unwanted program viruslist.com targeting Symbian-based smart phones. The program, called iPornPlayer screenshot at right, promises sexually-explicit content on handsets but there’s a hefty price attach...

Path traversal

Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run...

Important: autofs security update

5.0.1-0.rc2.55.el5.1 - Bug 410041: CVE-2007-5964 autofs defaults don't restrict suid in /net - use mount option nosuid for -hosts map unless suid is explicily specified. - Related: rhbz410041...

Hawking Technology wireless router WR254-CA DNS issue

Hi, I have discovered a security issue with Hawking Technology wireless router, model WR254-CA. Since they are still available on the market so I think it will be good to warn the community. This router contains a DNS address 139.175.55.244 hardcoded in the firmware. At least when used in DHCP...

CVE-2006-5152

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032...

SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...

Safari archive metadata command execution

Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...

Safari archive metadata command execution

Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...

Safari archive metadata command execution

Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...

Safari archive metadata command execution

Added: 02/24/2006 CVE: CVE-2006-0848 BID: 16736 OSVDB: 23366 Background The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when...

GLSA-200406-21 : mit-krb5: Multiple buffer overflows in krb5_aname_to_localname

The remote host is affected by the vulnerability described in GLSA-200406-21 mit-krb5: Multiple buffer overflows in krb5anametolocalname The library function krb5anametolocalname contains multiple buffer overflows. This is only exploitable if explicit mapping or rules-based mapping is enabled...