GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference

GStreamer gst-plugins-bad Plugin - NULL Pointer Dereference Source: https://bugzilla.gnome.org/showbug.cgi?id=775120 The attached file will cause a null pointer access and segfault in the mpegts parser. Current git code, found with afl. ASAN stack trace:...

Unintended Behaviours

ranger-plugins-common is vulnerable to unintended behaviors. It is possible because the policy resource matcher does not properly handle the policies with characters after a wildcard character, leading to unintended behaviors...

CVE-2015-6240

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...

Code injection

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...

DEBIAN-CVE-2015-6240

The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack...

CVE-2015-5175

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service...

DevOps: Vagrant with AWS EC2 & Digital Ocean

The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them and Vagrant with Chef-Server, we will take another step forward and look into provisioning our servers in the cloud. There are many cloud providers out there, most who provide...

XXE Vulnerability in Various TRS Products

WCM, Portal, infogate plug-ins, comment plug-ins, etc. developed by Topsy, widely used in the national government, enterprises and institutions portal system and plug-ins. TRS a variety of products mainly including: WCM, Portal, infogate plug-ins, comment plug-ins exist XXE entity injection...

Low Interaction Honeypot: honeytrap

Honeytrap is a low-interaction honeypot and network security tool written to catch attacks against TCP and UDP services. In its default configuration, it runs as a daemon and starts server processes on demand when a connection attempt to a port is made. Different modes of operation are available...

CVE-2017-2171

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior ...

Terror Exploit Kit Evolves Into Larger Threat

The relatively new Terror exploit kit is bucking the downward trend in the EK market, and is steadily evolving into more of a threat. Researchers at Cisco Talos said Terror has abandoned an early strategy that included “carpet-bombing” a target’s browser to one that now uses exploits that precise...

Apache CXF Fediz Cross-Site Request Forgery Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. Apache CXF Fediz is one of the subprojects , mainly used to provide authenticatio...

CVE-2017-7661

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting

Overview Multiple WordPress Plugins provided by BestWebSoft use a common function for displaying the BestWebSoft menu. This function contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

[SECURITY] Fedora 26 Update: gstreamer1-plugins-good-1.12.0-1.fc26

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 26 Update: gstreamer1-1.12.0-1.fc26

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] Fedora 26 Update: gstreamer1-vaapi-1.12.0-1.fc26

A collection of GStreamer plugins to let you make use of VA API video acceleration from GStreamer applications. Includes elements for video decoding, display, encoding and post-processing using VA API subject to hardware limitations...

FFmpeg: Multiple vulnerabilities

Background FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Description Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. gst-plugins-libav is affected because this package is bundli...

Security fix for the ALT Linux 10 package firefox-esr version 52.1.1-alt1

May 8, 2017 Andrey Cherepanov 52.1.1-alt1 - New ESR version 52.1.1 - Set plugin.loadflashonly setting to false to allow use all NPAPI plugins - Security fixes since 52.0: + CVE-2016-10196: Vulnerabilities in Libevent library + CVE-2017-5031: Use after free in ANGLE + CVE-2017-5428: integer overfl...

Lynis 2.5.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...