OpenSSL Releases Security Advisory

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code. The following updates are available: OpenSSL 0.9.8 SSL/TLS users shoul...

OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability

The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...

DARPA Cyber Grand Challenge Finale Set For DEF CON 2016

DARPA’s announcement last October that it would sponsor a $2 million contest, challenging academics and security industry stalwarts to come up with an automated network defense system, has already attracted 35 entrants and a high-profile venue to stage the tournament finale. The final stage of th...

May 2014 Microsoft Patch Tuesday Security Updates

As expected, Microsoft today pushed its largest batch of Patch Tuesday updates so far this year today – eight bulletins, two critical – addressing 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework. The first critical issue that involves IE...

The HeartBleed vulnerability: the bloody appearance is a peaceful-vulnerability warning-the black bar safety net

The recent Heart bleed vulnerability on the Internet set off a Xuan however huge wave, as the basis for security software major loopholes, far-reaching, the major Internet company, party A and party B, white hat and even CCTV and other media all act together against the common enemy, the race to...

SCADA Vulnerabilities Identified in Power, Petrochemical Plants

More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week. A researcher at Rapid 7, the Boston-based firm responsible for the popular pen testing software Metasploit, and an independent security researche...

GnuTLS Releases Security Update

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...

OkCupid: https://www.okcupid.com/hidden-users CSRF vulnerability.

Hi, The html code below : Will make it possible to hide an user.. You can patch this by supplying a CSRF token : Best regards, Olivier Beg...

MariaDB多个拒绝服务漏洞

MariaDB基于事务的Maria存储引擎，替换了MySQL的MyISAM存储引擎，它使用了Percona的 XtraDB，InnoDB的变体，分支的开发者希望提供访问即将到来的MySQL 5.4 InnoDB性能。 1），当处理某些编写有子查询的SELECT语句时的空指针引用错误，可以被利用来导致系统崩溃。 成功利用此漏洞，需要在"materialization"和"semijoin"优化切换到打开时。 2） 处理有某些并发的SQL查询的KILL查询语句时的错误，可被利用来导致系统崩溃。 3）分析NAMECONST表达式时包含AND/OR表达式，可以被利用来导致系统崩溃。...

MyBB 1.6.12 SQL Injection

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

VMware Security Updates for vCenter Server (VMSA-2013-0006)

VMware has updated vCenter Server to address multiple security vulnerabilities. OpenVAS Vulnerability Test $Id: gbvcenterVMSA-2013-0006.nasl 6637 2017-07-10 09:58:13Z teissa $ VMware Security Updates for vCenter Server VMSA-2013-0006 Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone...

Debian DSA-2804-1 : drupal7 - several vulnerabilities

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. In order to avoid the remote code execution...

DARPA Cyber Grand Challenge Offers $2M to Winners

The bug bounty continues to be turned on its ear. Microsoft began the wave of paying premium money for mitigation technologies via its Blue Hat prizes, and now DARPA has gone all-in to the tune of $2 million for the development of an automated network defense system that not only scans for and...

Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability

Title: ====== Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability Date: ===== 2013-09-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1081 VL-ID: ===== 1081 Common Vulnerability Scoring System: ==================================== 8.7 Introduction: =============...

Cisco IOS Update Patches Eight Vulnerabilities

Telecommunications company Cisco this week is warning customers and those running their software of eight separate vulnerabilities it has patched in its internetwork operating system IOS infrastructure product. Cisco’s Product Security Incident Response Team PSIRT released the advisories yesterda...

Ubuntu: Security Advisory (USN-1940-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : gksu-polkit-0.0.3-8.gitf8ce834c.fc19 (2013-13620)

Recreate tarball from proper sources; previous package was shipping an unknown code tarball. - Add proper patching for CVE-2012-5617/CVE-2013-4161, the previous fix was creating a patch file and not patching the code. - Use proper bus name in service file to fix service timeout. Note that Tenable...

Fedora 18 : gksu-polkit-0.0.3-8.gitf8ce834c.fc18 (2013-13616)

Recreate tarball from proper sources; previous package was shipping an unknown code tarball. - Add proper patching for CVE-2012-5617/CVE-2013-4161, the previous fix was creating a patch file and not patching the code. - Use proper bus name in service file to fix service timeout. Note that Tenable...

Parsing of external XML entities can be exploited to retrieve files or make HTTP requests on the target network

h3. Description This issue has been assigned CVE-2013-3925 by Mitre Corporation. Previously reported issue CVE-2012-2926 August 2012, CVSS score 6.4 was patched by introducing a new XFire servlet component into Crowd. The new component disables external entity resolution during XML parsing. The n...

Exploit for CVE-2013-2094

CVE-2013-2094 Linux...