Adobe Begins Patching Third Flash Player Zero Day

Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player. Version 16.0.0.305 will be distributed to users who have enabled auto-update. Adobe said it expects to have a manual update available tomorrow. “We are working with...

CVE-2 0 1 5-0 2 3 5: Linux Glibc Ghost vulnerability allows hackers remote access to system permissions-bug warning-the black bar safety net

! t01a998ea950583688b. png Ghost vulnerability in Linux glibc library appeared on the a serious security issue, he can keep the attacker in ignorance of the system in any case remote accessoperating systemthe control authority. He is currently the CVE number for CVE-2 0 1 5-0 2 3 5 to. What is...

FreeBSD-SA-15:03.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:03.sctp Security Advisory The FreeBSD Project Topic: SCTP stream reset vulnerability Category: core Module: sctp Announced: 2015-01-27 Credits: Gerasimos...

Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication

A critical cross-site scripting XSS vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the domain. The Google Apps admin console allows administrators to manage their organization’s account...

Report Companies Still Not Patching Security Vulnerabilities

The Cisco 2015 Annual Security Report is out and the findings are troubling as always: for every positive finding in the report, it seems, there is a negative finding, neutralizing any gains in the network security struggle. Chief information security officers say their security postures are stro...

Fedora 21 : php-5.6.4-2.fc21 (2014-17241)

18 Dec 2014, PHP 5.6.4\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68104 Segfault while pre-evaluating a disabled function. Laruence\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug...

IBM Security AppScan Enterprise Arbitrary Code Execution Vulnerability

IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...

ThinkPHP补丁修复不当导致SQL注入

简要描述： 放学回寝室，发现大家都在吐槽这个补丁。 这补丁我也是看醉了。逻辑有问题啊。。 详细说明： 这是ThinkPHP对这次注入的补丁：https://github.com/liu21st/thinkphp/commit/23c6e130ce75f2132e5b48699363a75ed28e15b2 elseifisarray$val && isset$REQUEST$key && isarray$REQUEST$key $options'where'$key = string$val; 这逻辑…… 简单说一下他的逻辑：$key是数据库字段名字，$val是我传入的参数。...

Yahoo Plans to Disclose All New Bugs It Finds Within 90 Days

Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery. The new policy is the same one used by Google’s Project Zero, a team of researchers that looks for vulnerabilities in a variety of commonly used software...

FreeBSD Security Advisory FreeBSD-SA-14:28.file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:28.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file1 and libmagic3 Category: contrib Module: file Announced: 2014-12-10...

CCH Wolters Kluwer PFX Engagement 7.1 Privilege Escalation

Exploit Title: CCH Wolters Kluwer PFX Engagement Windows 8, 2003, 2008, 2012 CVE : 2014-9113 Product Affected: CCH Wolters Kluwer PFX Engagement = v7.1 This vulnerability has been reference checked this against multiple installs. This configuration was identical across all systems and each versio...

The Bash Vulnerability: How to Protect your Environment

A recently discovered hole in the security of the Bourne-Again Shell bash has the majority of Unix/Linux including OS X admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts...

Fixes for IE, Flash Player in October Patch Tuesday Release

Microsoft and Adobe issued their monthly patch Tuesday releases today, and Microsoft posted eight bulletins, three of which are considered critical including the now-monthly cumulative Internet Explorer update, addressing 24 vulnerabilities in various products. Adobe has fixes for three...

CA20141001-01: Security Notice for Bash Shellshock Vulnerability

CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

CVE-2014-6271 and CVE-2014-7169 - ShellShock | Cloud Foundry

CVE-2014-6271 and CVE-2014-7169 – ShellShock Important Vendor Canonical Ubuntu, CentOS Versions Affected Canonical Ubuntu 10.04 LTS that include bash CentOS 6.5 that include bash Description GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment...

Major Bash Shell Vulnerability Affects Linux, UNIX, Mac OS X

A critical vulnerability in the Bourne again shell, simply known as Bash and which is present in most Linux and UNIX distributions and Apple’s Mac OS X, has been discovered and administrators are being urged to patch immediately. The flaw allows an attacker to remotely attach a malicious executab...

SAP Afaria 7 XcListener - Missing authorization check

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Missing authorization check Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2134905 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: DoS...

SUSE-SU-2015:0253-1 Security update for glibc

This glibc update fixes a critical privilege escalation problem and two non-security issues: bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available. CVE-2014-5119 bnc892065:...