PHP 5.3.x 'open_basedir'安全限制绕过漏洞

BUGTRAQ ID: 54612 CVE ID: CVE-2012-3365 PHP 是一种 HTML 内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3.15之前版本在SQLite扩展中存在错误，可被利用绕过"openbasedir"功能。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

RedHat Update for glibc RHSA-2012:1098-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Debian DSA-2502-1 : python-crypto - programming error

It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute-force attacks on such keys...

Fujitsu cracks 278-digit crypto in 148 Days using 21 PCs

Fujitsu cracks 278-digit crypto in 148 Days using 21 PCs A team of researchers in Japan have successfully broken a 278-digit piece of crypto in less than 200 days. Fujitsu Laboratories Limited, National Institute of Information and Communications Technology NICT and Kyushu University jointly brok...

Microsoft Reveals Blue Hat Prize Finalists

Microsoft has announced the three finalists for its $200,000 Blue Hat Prize contest and all three of the researchers in the running for the win submitted technologies designed to defeat ROP return-oriented programming exploits. Each of the entrants takes a different tack with his ROP defense and ...

A lot of Taobao guest V7. 4 injection vulnerability-vulnerability warning-the black bar safety net

Penetration a station to engage the C-segment across a station. Since the app is open source program And download their app to see a lot. In fact, the programmer still has little Safety awareness: Anti-injection code: //To filter the illegal characters $ArrFiltrate =array...

Mandriva Linux Security Advisory : php (MDVSA-2012:093)

Multiple vulnerabilities has been identified and fixed in php : There is a programming error in the DES implementation used in crypt in ext/standard/cryptfreesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with...

FreeBSD Security Advisory FreeBSD-SA-12:02.crypt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:02.crypt Security Advisory The FreeBSD Project Topic: Incorrect crypt hashing Category: core Module: libcrypt Announced: 2012-05-30 Credits: Rubin Xu, Joseph...

FreeBSD-SA-12:02.crypt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:02.crypt Security Advisory The FreeBSD Project Topic: Incorrect crypt hashing Category: core Module: libcrypt Announced: 2012-05-30 Credits: Rubin Xu, Joseph...

FreeBSD -- Incorrect crypt() hashing

Problem description: There is a programming error in the DES implementation used in crypt when handling input which contains characters that cannot be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set 0x80, that character and all characters...

Dear Jailbreaker, Apple Wants to Have a Word with You

After banning the word “jailbreak” from its app store and music library, Apple today reversed course and again permits the term – slang for hacking into a device to download unauthorized content — to appear on iTunes and its App Store. On Thursday bloggers noticed Apple had censored the word, usi...

Fedora Update for python FEDORA-2012-5924

Check for the Version of python OpenVAS Vulnerability Test Fedora Update for python FEDORA-2012-5924 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 16 Update: python-docs-2.7.3-1.fc16

The python-docs package contains documentation on the Python programming language and interpreter. Install the python-docs package if you'd like to use the documentation for the Python language...

[SECURITY] Fedora 17 Update: python-docs-2.7.3-1.fc17

The python-docs package contains documentation on the Python programming language and interpreter. Install the python-docs package if you'd like to use the documentation for the Python language...

[SECURITY] Fedora 17 Update: python-2.7.3-3.fc17

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as t...

Developing and Sharing Tools for Professional Hackers

Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is...

shopEX商城后台，模板过滤不严，可成功上传木马

简要描述： shopx系列产品，可能是编程习惯问题，对上传的模板包，过滤不严，导致上传攻击文件，如果权限设置比较严，可能会失效，但是危害还是非常大的。形成这个漏洞的原因，可能是程序员的编程习惯造成的。本来想握在手里的，但是发现新的缺陷，会有更大的乐趣，就把这个缺陷扔给官方吧，希望后续修复，如果PR给的高，后续把其他2个安全缺陷也扔出来！ 详细说明：...

Fedora Update for kturtle FEDORA-2011-13417

Check for the Version of kturtle OpenVAS Vulnerability Test Fedora Update for kturtle FEDORA-2011-13417 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...