cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

HackerOne: External programs revealing info

A bug in an authorization check was found by @1337coder on an endpoint that was showing the members of a team, as well as the team member groups that were set up. Example output: "id":1, "username":"dirk", "name":"dirk", "bio":"", "url":"https://hackerone.com/dirk" , "id":2, "name":"Admin",...

HackerOne: Disclosure of private programs that have an "external" page on HackerOne

Hay again , We know that there are some companies have "external" page on HackerOne : https://hackerone.com/directory?query=type%3Aexternal&sort=name%3Aascending&page=1 Some of those companies are hosting private programs as well , with the same handles We can pick up any program from the externa...

[SECURITY] Fedora 22 Update: mariadb-10.0.23-1.fc22

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

HackerOne: Distinguish EP+Private vs Private programs in HackerOne

Hi! I would like to provide the following matrix in order to distinguish between EP+Private vs Private programs in HackerOne, without the need to login. I am using two endpoints. These are: 1. https://hackerone.com/ENTITY/thanks/2012.json and 2. https://hackerone.com/ENTITY/thanks/2013.json If...

Ubuntu Wily 'programs/pt_chown.c' Security Bypass Vulnerability

Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation, with Wily being a development code name for Ubuntu. A security bypass vulnerability exists in Ubuntu Wily. A local attacker could use this vulnerability to bypass security restrictions and...

[SECURITY] Fedora 23 Update: postgresql-9.4.6-1.fc23

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 22 Update: nghttp2-1.7.1-1.fc22

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 23 Update: nghttp2-1.7.1-1.fc23

This package contains the HTTP/2 client, server and proxy programs...

Russia Wants to Kick Foreign Tech Companies Out Of The Nation

Someone wants to kick Microsoft, Google and Apple off from his land, but himself uses Gmail and Mac. The newly appointed Internet Tsar German Klemenko, who is the first internet advisor of Vladimir Putin, wants to kick off American Giants from Russia. In a 90-minute interview conducted by...

British Intelligence is Legally Allowed to Hack Anyone, Court Says

Hacking of computers, smartphones and networks in the United Kingdom or abroad by the Government Communications Headquarters GCHQ is LEGAL, the UK's Investigatory Powers Tribunal IPT ruled. So, the UK is giving clean chit to its intelligence agency to spy on its people as well as people living...

RPISEC: Malware Analysis

This material was developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015. This was a university course developed and run solely by students, primarily using the Practical Malware Analysis book by Michael Sikorski and Andrew Honig, to teach skills i...

[SECURITY] Fedora 22 Update: nghttp2-1.6.0-1.fc22

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] Fedora 23 Update: nghttp2-1.6.0-1.fc23

This package contains the HTTP/2 client, server and proxy programs...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08115)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

Microsoft Windows PGM UAF Elevation of Privilege Vulnerability (3116130)

This host is missing an important security update according to Microsoft Bulletin MS15-133 SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Blocking Potentially Unwanted Programs

Microsoft has taken steps to address deceptive software, otherwise known as potentially unwanted programs or applications, with new opt-in protections for Windows users in the enterprise. The new protection blocks behaviors such as ad-injection, or the bundling of nuisance programs with software...

Samsung Android 5. 0 device WifiCredService remote code execution-vulnerability warning-the black bar safety net

The vulnerability is in a few months ago is Google Project Zero and the Quarkslab team found, has only recently been disclosed. The vulnerability only requires the user to browse a website or download a mail attachment or by the basic will not have any rights of a third party malicious programs c...

[SECURITY] Fedora 21 Update: community-mysql-5.6.27-1.fc21

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...