Moderate: Red Hat Security Advisory: python security and bug fix update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 26 Update: golang-1.8.3-2.fc26

The Go Programming Language...

4: ovirt-engine exposes cloud-init root password via REST API

It is reported that the RHV 4 REST API exposes data used in cloud-init which can include the root password used when creating a system...

dayrui FineCms Cross-Site Scripting Vulnerability

dayrui FineCms is China Tianrui dayrui program design team released a set of content management system CMS using MVC architecture and PDO database interface development. A cross-site scripting vulnerability exists in the controllers/api.php file in dayrui FineCms 5.0.10 and earlier versions. A...

Girls Who Code Week 2: Let the Coding Begin!!

The Akamai-sponsored Girls Who Code program is well under way! Week 2 featured lots of activity in the Girls Who Code classroom at Akamai's Cambridge, MA headquarters. The girls learned to use Scratch, a visual programming language that was developed at MIT to help people learn to code. They used...

[SECURITY] Fedora 25 Update: perl-DBD-MySQL-4.043-1.fc25

DBD::mysql is the Perl5 Database Interface driver for the MySQL database. In other words: DBD::mysql is an interface between the Perl programming langua ge and the MySQL programming API that comes with the MySQL relational database management system...

Researcher Claims Samsung's Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung's Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities. Tizen is a Linux-based open-source operating system backe...

CVE-2017-1322

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918...

Linux/x86 - Bind Shell Shellcode (75 bytes)

Linux/x86 - Bind Shell Shellcode 75 bytes. Shellcode exploit for Linx86 platform / Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes...

File upload vulnerability in finecms

FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. File upload vulnerability exists in FineCMS. A file upload vulnerability exists in the newajaxupload function in \dayrui\controllers\member\Api.php, which can be exploited by an attacker to construct da...

Why So Many Top Hackers Hail from Russia

Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and...

Linux/x86 - Reverse UDP Shellcode (668 bytes)

Linux/x86 - Reverse UDP Shellcode 668 bytes. Shellcode exploit for Linx86 platform ; SLAE-X ; thanks to writesup from previou students : ; assignment: 2. create a reverse shell ; originality: using UDP instead TCP ; usage : sudo ncat -lup 53 on the receiving end ; warning, this shellcode might...

Super Android Analyzer

Super Android Analyzer Secure, Unified, Powerful and Extensible Rust Android Analyzer SUPER is a command-line application that can be used in Windows, MacOS X and Linux, that analyzes .apk files in search for vulnerabilities. It does this by decompressing APKs and applying a series of rules to...

[SECURITY] Fedora 25 Update: golang-1.7.6-1.fc25

The Go Programming Language...

14-Year-Old Japanese Boy Arrested for Creating Ransomware

Japanese authorities have arrested a 14-year-old boy in Osaka, a prefecture and large port city, for allegedly creating and distributing a ransomware malware. This is the first such arrest in Japan which involves a Ransomware-related crime. Ransomware is a piece of malware that encrypts files on ...

WannaCry Development Errors Enable File Recovery

WannaCry may have caused worldwide havoc on May 12 when it rode the coattails of the NSA’s weaponized EternalBlue exploit to infect computers in 150 countries, but that doesn’t mean it was a quality piece of ransomware. A number of programming errors in the code are floating to the surface and...

CVE-2017-2801

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

CVE-2017-2801

A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to...

CVE-2017-2801

CVE-2017-2801 affects Randombit Botan 2.0.1. Multiple Linux distro advisories (Mageia MGASA-2017-0327; Debian DLA-915-1; Fedora updates) and OpenVAS plugins describe an x509/PKI handling flaw in Botan’s certificate parsing that can trigger a denial of service or information leakage when processin...

CVE-2017-2801

Removed by vendor...