NIST Removes Dual_EC_DRBG Random Number Generator from Recommendations

The National Institute of Standards and Technology NIST has announced to abandon the controversial Dual Elliptic Curve Deterministic Random Bit Generator, better known as DualECDRBG in the wake of allegations that the National Security Agency. Back in December, Edward Snowden leaks revealed that...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

NIST removes Dual EC DRBG from SP 800-90A

The maligned Dual EC DRBG random number generator at the core of a $10 million secret contract between RSA Security and the National Security Agency has been removed from NIST’s draft guidance on random number generators. The National Institute for Standards and Technology said it will request...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

Code injection

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

CVE-2013-4116 affects npm (lib/npm.js) prior to 1.3.3. The vulnerability allows a local user to overwrite arbitrary files by creating a symbolic link at a predictable temporary file name used during archive unpacking, enabling potential local privilege escalation. The issue is tied to how npm cre...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

CVE-2013-4116

lib/npm.js in Node Packaged Modules npm before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives...

UBUNTU-CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

znc "CWebAdminMod::ChanPage()"空指针引用漏洞

ZNC是一款IRC代理。 ZNC "CWebAdminMod::ChanPage"函数modules/webadmin.cpp存在空指针引用错误，允许攻击者利用漏洞使应用程序崩溃。 0 ZNC 1.x 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://github.com/znc/znc/issues/528...

CVE-2011-3628

CVE-2011-3628 is an untrusted search path vulnerability in pam_motd (MOTD module) in libpam-modules. It affects Ubuntu releases where libpam-modules versions predating the listed fixes: before 1.1.3-2ubuntu2.1 on 11.10, before 1.1.2-2ubuntu8.4 on 11.04, before 1.1.1-4ubuntu2.4 on 10.10, before 1....

CVE-2011-3628

Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

UBUNTU-CVE-2014-2583

Multiple directory traversal vulnerabilities in pamtimestamp.c in the pamtimestamp module for Linux-PAM aka pam 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. dot dot in the 1 PAMRUSER value to the getruser function or 2 PAMTTY value to the checktty...

Destoon Sql注入漏洞2（有条件）

简要描述： 过滤不严。 详细说明： 上次是alipay 这次来个paypal的。 当然 tenpay也有这洞 paypal 和 tenpay的一起说了。 api\pay\paypal\notify.php中 require '../../../common.inc.php'; $POST = $DPOST; if!$POST exit'fail'; $bank = 'paypal'; $PAY = cacheread'pay.php'; if!$PAY$bank'enable' exit'fail'; //得开启这种支付方式。 if!$PAY$bank'partnerid'...

Updated python package fixes security vulnerabilities

Denial of service flaws due to unbound readline calls in the imaplib, poplib, and smtplib modules CVE-2013-1752. A gzip bomb and unbound read denial of service flaw in python XMLRPC library CVE-2013-1753...

[SECURITY] [DSA 2877-1] lighttpd security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...

MGASA-2014-0132 Updated webmin package fixes security vulnerabilities

Webmin has been updated to version 1.680, which fixes some security issues in the PHP Configuration and Webalizer modules, as well as several other bugs...

[SECURITY] Fedora 20 Update: drupal6-filefield-3.12-1.fc20

FileField provides a universal file upload field for CCK. It is a robust alternative to core's Upload module and an absolute must for users uploadin g a large number of files. Great for managing video and audio files for podcast s on your own site. Optional: APC php-pecl-apcu uploadprogress...