The Novel Practice of DevOps Stars in The Phoenix Project

After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project. I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first...

postgresql DoS via infinite loop in regex NFA optimization code

The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service infinite loop via a crafted regular expression...

WordPress SEO Plugin 1.3.11 Cross Site Script Vulnerability

WordPress out of the box is already technically quite a good platform for SEO, this was true when I wrote my original WordPress SEO article in 2008 and it's still true today, but that doesn't mean you can't improve it further! This plugin is written from the ground up by WordPress SEO consultant...

Microsoft .NET Framework远程权限提升漏洞（MS12-074)

BUGTRAQ ID: 56464 CVE ID: CVE-2012-4777 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft .NET Framework 4、4.5的代码优化功能在反射实现中没有正确执行对象权限，通过特制的XAML浏览器应用或特制的.NET Framework应用，可允许远程攻击者执行任意代码。 0 Microsoft .NET...

Design/Logic Flaw

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

EUVD-2012-4702

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

CVE-2012-4777

CVE-2012-4777 affects Microsoft .NET Framework 4 and 4.5. The vulnerability arises from improper enforcement of object permissions in the reflection code-optimization feature, allowing remote code execution through a crafted XAML browser application (XBAP) or a crafted .NET Framework application....

Fedora Update for optipng FEDORA-2012-16680

Check for the Version of optipng OpenVAS Vulnerability Test Fedora Update for optipng FEDORA-2012-16680 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...

CVE-2012-2876

Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

[SECURITY] Fedora 18 Update: optipng-0.7.3-1.fc18

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

Potential for signature integrity compromise in Intel® Integrated Performance Primitives (Intel® IPP) Cryptography Domain

Summary: The cryptography CP domain in Intel’s newest version of Intel® Integrated Performance Primitives Intel® IPP v7.1 has been enhanced to improve its security and customers are strongly urged to update to this release. Description: Intel IPP v7.1 introduces Intel® AVX & Intel® AVX2 performan...

CVE-2012-2117

The CVE concerns the Gigya - Social optimization module for Drupal 6.x (prior to 6.x-3.2). The vulnerability arises from insufficient escaping of URL elements printed back to the user, enabling cross-site scripting (XSS). Affected software is the Gigya module for Drupal 6.x versions before 6.x-3....

eGlibc Signedness Code Execution

Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 A delicious, yet slightly cold...

Joomla Movm Extension (com_movm) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla commovm SQL Injection Date: 31-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.movm.net/ Version: 1.0 Date Added 28 July 2012 License: Commercial $...

eGlibc Signedness Code Execution Vulnerability

Exploit for linux platform in category dos / poc Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE :...

Kindle Touch a remote code execution vulnerability-vulnerability warning-the black bar safety net

I don't know if amazon kindle fans? Recent foreign media reports, the Kindle Touch appears a remote executable code vulnerabilities. For Kindle Touch 5.1.0 firmware version, you can remotely execute code, The/etc/shadow file is sent to the specifiedweb server. Vulnerability relates to...

[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.6

eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated...

Enterprise SEO professional website vulnerabilities and fixes-vulnerability warning-the black bar safety net

Program description: 1, upload to the virtual hostroot directory in. 2, If uploaded to the virtual host root directory is to modify the filespecial attention to modify the site configuration in the site address domain+“/” such as http://www. xxx. com/ or local test http://127.0.0.1/ then click on...