Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.0 Extended Update Support. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1162-1)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. CVE-2010-4243 Alexander Duyck discovered that the Intel Gigabit Ethernet driver...

Report: L3 Warns Employees Of Attacks Using Compromised SecurID Tokens

Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to...

Gadu-Gadu 10.5 - Remote Code Execution

Gadu-Gadu 10.5 - Remote Code Execution source: https://www.securityfocus.com/bid/48030/info Gadu-Gadu is prone to a remote code-execution vulnerability. Successful exploits will allow remote attackers to execute arbitrary code within the context of the affected application. Gadu-Gadu 10.5 is...

The Decline and Fall of Slammer?

Me and Slammer Helkern go back a long way… to 25 January 2003 to be precise. It was a baptism of fire for me in my new role as a virus analyst at Kaspersky Lab. It was a weekend and I was alone, in charge of monitoring the incoming flow of suspicious files. I had barely been at the company a mont...

[SECURITY] [DSA 2161-1] OpenJDK security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2161-1 [email protected] http://www.debian.org/security/ Florian Weimer February 13, 2011 http://www.debian.org/security/faq -...

DSA-2161-1 openjdk-6 - denial of service

Bulletin has no description...

CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to condu...

Sync Breeze Server 2.2.30 Buffer Overflow

!/usr/bin/python Exploit Title: Sync Breeze Server v2.2.30 Remote BOF Exploit Date: 10/10/2010 Author: Xsploited Security aka xsploitedsec URL: http://www.x-sploited.com/ Contact: xsploitedsecurity at x-sploited.com Software Link: http://www.syncbreeze.com/setups/syncbreezesrvsetupv2.2.30.exe...

SAP RFC SDK — Format String

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...

Re: Assurent VR - Oracle BEA WebLogic Server Apache Connector Buffer Overflow

Hello Assurent & Oracle, On Tue, 13 Jan 2009, [email protected] wrote: : Oracle BEA WebLogic Server Apache Connector Buffer Overflow : : Reference: http://www.bea.com/weblogic/server/ : : 2. Vulnerability Summary : : A remotely exploitable vulnerability has been discovered in t...

No Ding for? Teach you interdiction the latest Office vulnerability-vulnerability warning-the black bar safety net

Friends in a 3D training computer training company when the network management internship, a temporary home for a few days, find me instead of his work for a few days. This company belongs to the medium scale, through a router to form the LAN, probably a 2 0 0 more than one PC, 10M fiber access,...

Apple Mac OS X防火墙误导性配置漏洞

BUGTRAQ ID: 26461 CVECAN ID: CVE-2007-4702 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的应用防火墙设置存在误导性的功能描述，可能由于错误的安全认识导致信息泄露。 Mac OS X的应用防火墙的“阻断所有入站连接”设置允许任何以root用户权限（UID 0）运行的进程接收入站连接，也允许mDNSResponder接收连接，这可能导致非预期的暴露网络服务，远程攻击者可以破坏防火墙的安全策略执行某些网络攻击。 Apple Mac OS X 10.5 Apple MacOS X Server 10.5...

Solaris 10 (x86) : 124939-05 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Cacao. Supported versions that are affected are 10 and 11.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via SNMP. Successful attack of this vulnerability can...

The most classic hack introductory textbook-vulnerability warning-the black bar safety net

The first section, hack the type and behavior of the To my understanding, the“hackers”generally should be divided into“positive”and“evil”Categories, the decent hackers rely on their own knowledge to help system administrators to identify system vulnerabilities and be improved, while the evil...

Stream Raped (Windows) - Denial of Service

Stream Raped Windows - Denial of Service / Straped 1.0 author: Marco Del Percio 20/05/2005 Remember: this is a mulithreaded program! MSVC++ compile with /MT. Remember: This program requires raw socket support! You can't use it on Windows XP SP2 and if you've done MS05-019 update you'll have to...

LeadMind Pop Messenger 1.60 - Illegal Character Remote Denial of Service

// source: https://www.securityfocus.com/bid/11230/info LeadMind Pop Messenger is reported prone to a remote denial of service vulnerability. The issue exists because the messenger application fails to gracefully handle certain characters that are received. A remote attacker may exploit this...

security flaw

The Internet Printing Protocol IPP implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service service hang via a certain UDP packet to the IPP port...

CesarFTP Server - Long Command Denial of Service

/ ----------------------------------------------------------------------- cesarftp.c - Cesar FTP Server Long Command DoS Exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion : [email protected] : http://www.cnhonker.com Date : 2004-08-30...

Buffer overflow in sarad

I have found several buffer overflows in the sarad program used to serve the British National Corpus http://www.natcorp.ox.ac.uk/SARA/. At least one I didn't check the others too closely allows execution of arbitrary code over the network with the rights of the daemon which is supposed to be a...