87 matches found
Faraday 1.0.15 - Collaborative Penetration Test and Vulnerability Management Platform
A brand new version is ready for you to enjoy! Faraday v1.0.15 Community, Pro & Corp was published today with new exciting features. As a part of our constant commitment to the IT sec community we added a tool that runs several other tools to all IPs in a given list. This results in a major scan ...
Third-Party Software Library Risks Scrutinized at Black Hat
Enterprise application developers are under real pressures to push projects out the door quickly and cheaply, and each new version certainly has to be better than the last. This forces them to make decisions that, at a minimum, improve efficiency—and also introduce additional risks. Of particular...
Chrome for Android Update Patches URL Spoofing Bug
The latest update to Chrome on Android – pushed yesterday – fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site. The problem, marked high priority by Google, was discovered by Japanese app developer Keita Haga. The...
The White House and Zero Day Sleight of Hand
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except...
DEBIAN-CVE-2009-1377
The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...
Sun xVM VirtualBox 1.6.4 - Privilege Escalation (PoC)
Sun xVM VirtualBox 1.6.4 - Privilege Escalation PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Sun xVM VirtualBox Privilege Escalation Vulnerability Advisory Information Title: Sun xVM VirtualBox Privilege...
Qualcomm QPopper 4.0.x - Remote Denial of Service
source: https://www.securityfocus.com/bid/4295/info Qualcomm's QPopper is a POP3 mail server for Linux and Unix based systems. Recent versions of QPopper have been released as open source projects. A vulnerability has been reported in some versions of qpopper. Reportedly, if a string of longer th...