HackerOne: Ability to enumerate private programs using SAML

@ayoubfathi found a strong indicator of the existence of some private programs which were using SAML. Although it was not definitive, and we also warn teams using SAML that doing so removes their reasonable expectation of not being discoverable, we made some changes to help teams more easily...

Updated postgresql packages fix security vulnerability

It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution CVE-2016-5423. It was found that PostgreSQL client programs mishandle database and role names...

[SECURITY] Fedora 25 Update: postgresql-9.5.4-1.fc25

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 24 Update: postgresql-9.5.4-1.fc24

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Tomcat: CGI sets environmental variable based on user supplied Proxy request header

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

Microsoft Graphics Component Multiple Remote Code Execution Vulnerabilities (3177393)

This host is missing an important security update according to Microsoft Bulletin MS16-097. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

mysql: unspecified vulnerability related to Client programs (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs...

nawakaya.lk XSS vulnerability

Vulnerable URL: http://nawakaya.lk/lankan-tv-programs/search/?q=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

gnutls: arbitrary file overwrite

Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...

gnutls -- file overwrite by setuid programs

gnutls.org reports: Setuid programs using GnuTLS 3.4.12 could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem...

Russia arrests 50 hackers who stole $25 million from Banks

Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles over US$25 Million from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment...

mysql: unspecified vulnerability related to Client programs (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs...

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access etcshadow)

Linux Kernel Ubuntu 14.04.3 - perfeventopen Can Race with execve Access etcshadow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as...

Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/

Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. perfeventopen associates with a task as follows:...

CVE-2015-1350

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service capability stripping via a failed invocation of a system call, as...

Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty

Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...

CVE-2016-3672

The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDRNORANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid...

Katie Moussouris on Free ISO 29147

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katie Moussouris @k8em0. Today marks an exciting development in the often monotonous rehashing of vulnerability disclosure. The ISO standard tha...

mysql: unspecified vulnerability related to Client programs (CPU October 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs...