269 matches found
php security update
CentOS Errata and Security Advisory CESA-2015:1135 Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...
Open Smart Grid Protocol Homegrown Crypto Weaknesses
In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide. And like its SCADA, industrial control system, and embedded system brethren, it’s rife with security issues. Two researchers, Phillip...
Updated not-yet-commons-ssl packages fix CVE-2014-3604
Updated not-yet-commons-ssl packages fixes security vulnerability: It was discovered that the implementation used by the Not Yet Commons SSL project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle MITM...
PHP/FI 1.0/FI 2.0/FI 2.0 b10 mylog/mlog Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features...
dovecot security update
CentOS Errata and Security Advisory CESA-2013:0520 Updated dovecot packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...
MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities : - The way .NET Framework validates the permissions of certain objects during reflection is flawed and could be exploited by an attacker to gain complete control of an affected...
Flaws in Shamoon Malware Reinforce Theory It's Not A Wiper Variant
Some clumsy coding discovered during an analysis of the Shamoon malware has led researchers to conclude that it is probably not related to the Wiper malware that hit some Iranian networks recently and likely isn’t the work of serious programmers. A prime error appears to come from the main...
GLSA-201204-06 : PolicyKit: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201204-06 PolicyKit: Multiple vulnerabilities Multiple vulnerabilities have been found in PolicyKit: Error messages in the pkexec utility disclose the existence of local files CVE-2010-0750. The pkexec utility initially checks the...
CentOS Update for openssl CESA-2009:0004-01 centos2 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RIAA Targeted by Anonymous Operation Payback !
The rogue hacktivist movement Anonymous is apparently breaking out the Low Orbit Ion Cannon again for a reprise of the Operation Payback campaign, this time setting their distributed denial of service DDoS attack sites on the Recording Industry Association of America RIAA. The campaign to disrupt...
Network fun online shopping users fashion Edition Build 1 0 1 1 0 1 SQL injection exploit-vulnerability warning-the black bar safety net
listshj. asp page there is the injection, not for authentication, wherein %dim shjiaid shjiaid=request. querystring"id" set rs=server. createobject"adodb. recordset" rs. open "select from shjia where shjiaid=" shjiaid ,conn,1,1% ID is not filtered, and injected into the generated/admin/listshj...
BSA-004 Security Update for subversion
Peter Samuelson uploaded new packages for subversion which fixed the following security problems: CVE-2010-3315 When "SVNPathAuthz shortcircuit" is enabled, authz authentication in the moddavsvn module for the Apache HTTP Server is flawed. Remote authenticated users can bypass intended access...
EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation
source: https://www.securityfocus.com/bid/42779/info EncFS is prone to design errors in its cryptographic implementation. Three flaws have been identified that contribute to a weakening of the protections provided under CBC/CFB cipher mode. Attackers may leverage these weaknesses to attack...
Consumer Groups Say Proposed Privacy Bill is Flawed
A long-awaited draft of a Congressional bill would extend privacy protections both on the Internet and off line, but privacy advocates said the bill did not go far enough in protecting consumers. Read the full article New York Times...
Flawed USB Sticks Can Be Used to Download Whatever Desired
UK security researchers MWR InfoSecurity have found a flaw in the driver software of USB sticks that could allow the technology to “interrogate” and download the complete content of any system. The company believes the use of such devices is only months away, and has shared its research with the...
Mandriva Update for file MDKSA-2007:114 (file)
Check for the Version of file OpenVAS Vulnerability Test Mandriva Update for file MDKSA-2007:114 file Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CentOS Update for thunderbird CESA-2008:0908 centos4 i386
Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2008:0908 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Integer overflow
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."...
Debian Security Advisory DSA 1533-1 (exiftags)
The remote host is missing an update to exiftags announced via advisory DSA 1533-1. OpenVAS Vulnerability Test $Id: deb15331.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1533-1 exiftags Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: LSrunasE, Supercrypt Vendor: Geert Moernaut Type: Flawed Encryption Risk: Medium Author: Daniel Roethlisberger Date: 2008-01-29 CVE Name: CVE-2007-6340 Introduction ------------ LSrunasE 1 and Supercrypt 2 are utilities used to run commands...