Design/Logic Flaw

Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors that entice a user to resubmit...

Why Takedowns Don't Reduce Online Crime

The last year has seen a string of takedowns of botnet command-and-control servers, malware drop zones, spam operations and other pieces of the crimeware infrastructure, each of which made a dent in one way or another. But the question of whether the takedowns have had any lasting effect on the...

Romania police Arrest 42 Business VOIP Cyber Crime Hacker !

Police in Romania of late raided a hacking gang that was centered on hijacking Business VoIP information from illegally accessed servers. Police in Romania of late raided a hacking gang that was centered on hijacking Business VoIP information from illegally accessed servers. ThinkBright.net...

Mandriva Update for postgresql MDVA-2010:221 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVA-2010:221 postgresql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Mandriva Update for postgresql MDVA-2010:221 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVA-2010:221 postgresql Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Fedora 13 : ghostscript-8.71-16.fc13 (2010-14640)

This package fixes a security problem CVE-2010-2055 in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour. Additionally, several other bugs have been fixed: scripts defining GSEXECUTABLE have be...

Mandriva Update for gnupg2 MDVA-2010:204 (gnupg2)

Check for the Version of gnupg2 OpenVAS Vulnerability Test Mandriva Update for gnupg2 MDVA-2010:204 gnupg2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Fedora 12 : lvm2-2.02.72-4.fc12 (2010-12250)

This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details...

CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by ...

Fedora 13 : lvm2-2.02.73-2.fc13 / udisks-1.0.1-4.fc13 (2010-13708)

This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details...

Apple CoreGraphics (Preview) Memory Corruption Vulnerability - CVE-2010-1801

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Apple CoreGraphics Preview Memory Corruption when parsing PDF files...

Adobe Shockwave Player Memory Corruption Vulnerability - CVE-2010-2868

I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Memory corruption when Adobe Shockwave Player parses .dir media file CVE-2010-2868...

CVE-2008-7258

The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service application exit via an e-mail message containing a long line that begins with a . dot character. NOTE: CVE disputes this issue because it is solely a usability problem for...

CVE-2008-7258

The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service application exit via an e-mail message containing a long line that begins with a . dot character. NOTE: CVE disputes this issue because it is solely a usability problem for...

CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357...

CVE-2010-1386

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357...

Mandriva Linux Security Advisory : firefox (MDVSA-2010:147)

Security issues were identified and fixed in firefox : layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary co...

[Backports-security-announce] Security Update for git

Sebastian Harl uploaded new packages for git, a popular distributed revision control system, which fixed the following security problem: CVE-2010-2542, Debian BTS 590026 A buffer overrun was found in the way Git sanitized path of a git directory. If a local attacker would create a specially-craft...

pam_captcha username harvest vulnerability

pamcaptcha is visual text-based CAPTCHA challenge module for PAM that uses figlet to generate the CAPTCHAs. Project site: http://www.semicomplete.com/projects/pamcaptcha/ A site with a screen shot: http://www.michaelboman.org/how-to/securing-ssh-access-with-pam-captcha I found a security problem...

TornadoStore 1.4.3 XSS Vulnerability

Exploit for php platform in category web applications ==================================== TornadoStore 1.4.3 XSS Vulnerability ==================================== 1. Advisory Information Title: Multiple XSS in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0107 Advisory URL:...