Debian DSA-2336-1 : ffmpeg - several vulnerabilities

Multiple vulnerabilities were found in FFmpeg, a multimedia player, server and encoder : - CVE-2011-3362 An integer signedness error in decoderesidualblock function of the Chinese AVS video CAVS decoder in libavcodec can lead to denial of service memory corruption and application crash or possibl...

Chi youdao professional travel system v1. 6. 5 vulnerability-vulnerability warning-the black bar safety net

Title: wisdom and the Word of the professional tour system v1. 6. 5 vulnerability Time: 2011-10-30 Team:makebugs Author: fate Injection article: http://t.qq.com/MakeBug http://hi.baidu.com/micropoor '\inc\incsql. asp % dim sqlleach,sqlleach0,SqlDATA,SQLGet,SqlPost sqlleach =...

Like Enterprises, Government Agencies Are Struggling With Security

WASHINGTON–The U.S. government has a lot of money. Not as much as it used to have, of course, but still, it has a lot. It also has a lot of computers and servers and routers and other things that move and store data. In fact, they have so many that they don’t really know what all of them are doin...

SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7723)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...

FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)

Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability : The login form is also vulnerable to XSS Cross Site Scripting attacks. This may be used to launch phising attacks by sending HTML e-mails i.e.: saying that you need to...

Linux pkexec / polkitd 0.96 Race Condition

!/bin/sh pid; if stat procbuf, &statbuf != 0 gseterror error, POLKITERROR, POLKITERRORFAILED, "stat failed for /proc/%d: %s", process-pid, gstrerror errno; goto out; where the code only rely on stat of the pseudo filesystem src/polkit/polkitsubject.c --------- there's not enough validation to run...

[SECURITY] [DSA 2309-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2309-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 13, 2011 http://www.debian.org/security/faq -...

Hotmail, MSN, Office 365, live.com sites down (now up)

Hotmail , MSN , Office 365 , live.com sites down now up A number of Microsoft online services, including Hotmail, MSN, Office 365, and seemingly most if not all of .live.com addresses are currently "experiencing an outage". MSN and Office 365 have already tweeted about it: The downtime, which...

libvirt security and bug fix update

0.8.7-18.0.1.el61.1 - Replace docs/et.png in tarball with blank image libvirt-0.8.7-18.el61.1 - debug: Avoid null dereference on uuid lookup api rhbz728546 - Fix auditing of disk hotunplug operations rhbz728516 - storage: Fix regression with backing format rhbz726617 - Fix performance problem of...

Serious Crypto Bug Found in PHP 5.3.7

The maintainers of the PHP scripting language are warning users about a serious crypto problem in the latest release and advising them not to upgrade to PHP 5.3.7 until the bug is resolved. PHP 5.3.7 was just released last week and that version contained fixes for a slew of security...

HKEx - Hong Kong stock exchange Hacked

HKEx - Hong Kong stock exchange Hacked Trading in Hong Kong was disrupted on Wednesday by a hacking incident on the Hong Kong Exchange website. "Our current assessment that this is a result of a malicious attack by outside hacking ," Charlies Li, chief executive of Hong Kong Exchanges & Clearing,...

HKEx - Hong Kong stock exchange Hacked

HKEx - Hong Kong stock exchange Hacked Trading in Hong Kong was disrupted on Wednesday by a hacking incident on the Hong Kong Exchange website. "Our current assessment that this is a result of a malicious attack by outside hacking," Charlies Li, chief executive of Hong Kong Exchanges & Clearing,...

UK Vodafone Phone Hacking method exposed

UK Vodafone Phone Hacking method exposed The Hacker's Choice announced a security problem with Vodafone's Mobile Phone Network today. An attacker can listen to any UK Vodafone customer's phone call. An attacker can exploit a vulnerability in 3G/UMTS/WCDMA - the latest and most secure mobile phone...

Fedora 15 : apr-1.4.5-1.fc15 (2011-6750)

Various bug fixes since 1.4.2. Security: CVE-2011-0419 Reimplement aprfnmatch from scratch using a non-recursive algorithm; now has improved compliance with the fnmatch spec. Note: 1.4.3 was never officially released. Release -2 should fix topbuilddir problem from -1. Fix CVE-2011-1928 introduced...

Slackware 10.2 / 11.0 : bind 10.2/11.0 recompile (SSA:2009-015-01)

Updated bind packages are available for Slackware 10.2 and 11.0 to address a load problem. It was reported that the initial build of these updates complained that the Linux capability module was not present and would refuse to load. It was determined that the packages which were compiled on 10.2...

ZabetAgahi SQL injection vulnerability-vulnerability warning-the black bar safety net

From abroad website. Can understand place generally sent to everyone The security problem in the file "ZabetAgahiCategory.php" has been created. Appear security file in"ZabetAgahiCategory.php" Injected statement: http://localhost.com/ZabetAgahiCategory.php?cid=SQL -44 UNION SELECT...

The Banker Trojan Epidemic

Banking Trojans have become a major security problem in many regions, particularly South America and Europe. In this video, Kaspersky Lab malware researcher Vicente Diaz discusses the epidemic and what can be done to mitigate it...

Spirit news enterprise website system v1. 1 SQL injection exploit-vulnerability warning-the black bar safety net

Spirit news Business Site System 1. 1 version fixes search single box of the parameter assignment problem. Rewrite the product display page in the parameters passed, now don't pass parameters you can also directly open the product display page, by default shows all products. productview. the asp...

Vatican magazine says hackers do God's work !

Computer hackers embody classic Christian virtues, a Vatican publication says, and shouldn't be perceived negatively. In their passionate commitment to creating, and their openness to sharing ideas, hackers see their online exploits as "a form of participation in the 'work' of God in creation,"...

MDVA-2011:011 : mono-tools

A dependency problem was discovered with mono-tools in that it required a much older version of libxulrunner than the current latest one, this advisory addresses this problem. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:...