FreeBSD : xen-kernel -- leak of per-domain profiling-related vcpu pointer array (e3792855-881f-11e5-ab94-002590263bf5)

The Xen Project reports : A domain's xenoprofile state contains an array of per-vcpu information... This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. The following parties can mount a denial of service attack affecting the whole system : - ...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1853-1)

xen was updated to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirpsmb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files befo...

CVE-2015-7971

Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted 1 HYPERCALLxenoprofop hypercalls, which are not properly handled in the doxenoprofop...

x86: some pmu and profiling hypercalls log without rate limiting

ISSUE DESCRIPTION HYPERCALLxenoprofop and HYPERVISORxenpmuop log some errors and attempts at invalid operations. These log messages are not rate-limited, even though they can be triggered by guests. IMPACT A malicious guest could cause repeated logging to the hypervisor console, leading to a Deni...

xen-kernel -- leak of per-domain profiling-related vcpu pointer array

The Xen Project reports: A domain's xenoprofile state contains an array of per-vcpu information... This array is leaked on domain teardown. This memory leak could -- over time -- exhaust the host's memory. The following parties can mount a denial of service attack affecting the whole system: A...

Bad performance noticed on issues with long history

Performing some testing with JIRA 6.4.5, I've noticed that there is a huge difference when logging work on an issue with no history and on an issue with a long history. I enabled Profiling on JIRA to check the difference: Example 1: Issue with 858 entries on history: noformat 2015-10-21...

New Chrome Extension Helps Combat Keyboard Biometrics

Two security researchers released a new Chrome extension this week that thwarts attempts to profile users based on a biometric. Researchers Per Thorsheim and Paul Moore collaborated on KeyboardPrivacy, an add-on that injects random delays between presses on a keyboard, Moore said. Those delays, t...

Cupp - Common User Passwords Profiler

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the passwo...

HP WebInspect 10.4 - XML External Entity Injection

HP WebInspect 10.4 - XML External Entity Injection Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits...

Webgrind 1.1 Cross Site Scripting

Exploit Title: Webgrind XSS Exploit Google Dork: intitle: XSS Date: May 20, 2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: github.com/jokkedk/webgrind Software Link: github.com/jokkedk/webgrind Version: Current release Tested on: Windows 7 Firefox, IE...

[SECURITY] Fedora 21 Update: mongodb-2.4.13-1.fc21

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

Parse Various Log Files: Plaso

Plaso is the Python based back-end engine used by tools such as log2timeline for automatic creation of a super timelines. The goal of log2timeline and thus plaso is to provide a single tool that can parse various log files and forensic artifacts from computers and related systems, such as network...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

Oracle Data Quality FileChooserDlg onChangeDirectory Untrusted Pointer Dereference (CVE-2014-2418)

A remote code execution vulnerability exists in Oracle Data Profiling and Data Quality for Data Integrator. The vulnerability is due to dereferencing an arbitrary pointer within the TSS12.DscTools.FileChooserDlg ActiveX control. A remote attacker can exploit this vulnerability by enticing a user ...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)

MozillaFirefox was updated to version 8 bnc728520 to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...

Oracle Data Quality and Profiling Client Multiple Vulnerabilities (April 2014 CPU)

According to the version of the Oracle Data Quality and Profiling client installed on the remote host, it is affected by multiple unspecified ActiveX control vulnerabilities. By tricking a user into opening a specially crafted document, an attacker may be able to execute arbitrary code...

Oracle Data Quality and Profiling Client Detection

Binary data oracledataqualityandprofilingclientinstalled.nbin...

[Introspy] Security profiling for blackbox iOS

Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues. The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records...

Snoopy Project mobile tracking and intelligence grows up

A year ago, the Snoopy Project was a neat research initiative that packaged a number of existing technologies into a framework to profile and track mobile devices. After a summer of Snowden revelations, something like Snoopy takes on a whole new meaning. Snoopy devices, called drones by researche...