The story of MS13-002: How incorrectly casting fat pointers can make your code explode

C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming OOP paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of th...

[security bulletin] HPSBHF02878 rev.1 - HP Smart Zero Client, Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03757330 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03757330 Version: 1 HPSBHF02878 rev....

Web application security vulnerability analysis and prevention（ASP article-the vulnerability warning-the black bar safety net

In previous articles we have for common Web security vulnerabilities and prevention methods are analyzed and described, and learn to Web security vulnerability of the website's security operations as well as corporate sensitive information anti-leakage effect is huge, so effective against Web...

Critical: Red Hat Security Advisory: RichFaces security update

An update for the RichFaces component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss Enterprise Application Platform 4.3.0 CP10 and 5.2.0; Red Hat JBoss Web Platform 5.2.0; Red Hat JBoss BRMS 5.3.1; Red Hat JBoss SOA Platform 4.3.0 CP05 and 5.3.1...

CVE-2013-3350

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components CFC public methods via WebSockets...

Code injection

Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components CFC public methods via WebSockets...

Java Applet ProviderSkeleton Class Insecure Invoke Method (CVE-2013-2460)

A vulnerabilty has been reported in the ProviderSkeleton class which allows to call arbitrary static methods with user supplied arguments...

MGASA-2013-0183 Updated perl-Dancer package fixes CVE-2012-5572

A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie and cookies methods. A remote attacker could use this flaw to inject arbitrary headers into responses from Perl...

OpenJDK: getEnclosing* checks (Libraries, 8007812)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

Design/Logic Flaw

The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression...

CVE-2013-3646

The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression...

PHP-Fusion: source code security analysis report

Several vulnerabilities were discovered in PHP-Fusion 'PHP-Fusion' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using Regular Expressions while Calling the pregreplace Function Using Insufficiently...

RUCKUS ADVISORY ID 031813-2: User authentication bypass vulnerability in ZoneDirector administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 031813-2 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE User authentication bypass vulnerability in ZoneDirector administrative web interface SUMMARY An user authentication bypass vulnerability has bee...

AXIS Media Control Active-X File Corruption

======================================================================== AXIS ==================================================================== ======================================================================== 1.Advisory Information Title: AXIS Media Control ActiveX vulnerability Date...

dav

This plugin finds WebDAV configuration errors. These errors are generally server configuration errors rather than a web application errors. To check for vulnerabilities of this kind, the plugin will try to PUT a file on a directory that has WebDAV enabled, if the file is uploaded successfully, th...

allowed_methods

This plugin finds which HTTP methods are enabled for a URI. Two configurable parameters exist: execOneTime reportDavOnly If "execOneTime" is set to True, then only the methods in the webroot are enumerated. If "reportDavOnly" is set to True, this plugin will only report the enabled method list if...

Beta Bot Trojan Emerges as New Type of Banking Malware

A new strain of banking malware, Beta Bot, has been refined over the last few months to target ecommerce and comes complete with an array of features to help prevent it from being caught by usual security measures. According to research conducted by RSA Security’s Limor Kessem, the bot started ou...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows

Borland Caliber 11.0 Quiksoft EasyMail SMTP Object Buffer Overflows ActiveX settings: Binary path: C:Program Files x86BorlandCaliberRMemsmtp.dll Version: 5.0.0.11 ProgID: EasyMail.SMTP.5 CLSID: 4610E7BF-710F-11D3-813D-00C04F6B92D0 Safe for Scripting: True Safe for Initialization: True...

Mandriva Linux Security Advisory : freeradius (MDVSA-2013:038)

Updated freeradius packages fixes security vulnerabilities : It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully...