PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs,...

Updated libcap-ng packages fix CVE-2014-3215

Updated libcap-ng packages fix security vulnerability: capnglock in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, as uid 0 but without...

[slackware-security] sendmail

New sendmail packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/sendmail-8.14.9-i486-1slack14.1.txz: Upgraded. This release fixes one security related bug by properly...

Don't Fall for Fake Instagram Desktop Applications Offering 'Image Viewer'

Today, the estimated number of known computer threats like viruses, worms, backdoors, exploits, Trojans, spyware, password stealers, and other variants of potentially unwanted software range into millions. It has ability to create several different forms of itself dynamically in order to thwart...

CVE-2014-0181

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...

PT-2014-3521 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.14.1 Description: The Netlink implementation in the Linux kernel does not provide a mechanism for authorizing socket operations based on the opener of a socket. This allows local users to bypass intended access...

Microsoft Office Excel SerAuxTrend Record Remote Code Execution (MS11-045) - Ver2 (CVE-2011-1274)

This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Successful exploitation of this vulnerabilit...

Microsoft Office Excel Scenario Record Buffer Overflow (MS11-045) - Ver2 (CVE-2011-1275)

Microsoft Excel is a popular spreadsheet application. This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute...

Unpatched Bugs, Windows XP End of Life and Public Disclosure

Windows XP security support ends Tuesday and until now, most of the public hand-wringing over XP’s end-of-life has been about the potential for malware outbreaks against unpatched vulnerabilities that have been stockpiled by hackers anxiously awaiting April 8, 2014. But what about vulnerabilities...

Updated xalan-j2 packages fix CVE-2014-0107

Updated xalan-j2 packages fix security vulnerability: Nicolas Gregoire discovered several vulnerabilities in libxalan2-java. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution CVE-2014-0107...

White House Proposal Would End NSA Metadata Program

Privacy advocates are cautiously applauding the reports that the Obama administration will unveil a legislative proposal to end the National Security Agency’s collection of Americans’ bulk phone records, but are concerned what the fine print on that proposal might hold. “Given all the various way...

[SECURITY] Fedora 19 Update: libssh-0.6.3-1.fc19

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Vupen Cashes in Four Times at Pwn2Own 2014

VANCOUVER – It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits ar...

The NSA, Snowden and the Internet's Offensive Future

Despite everything that has transpired in the last year, Edward Snowden sounded calm, reflective and in some ways wistful yesterday discussing the fallout and consequences of the multitude of NSA programs and methods he’s revealed. Snowden bemoaned the fact that the NSA specifically and the...

Edward Snowden at SXSW Conference: Would I do this again?, I Would!

The Whistleblower and Former National Security Agency NSA contractor Edward Snowden raised his voice and talked about citizen’s privacy once again. Yes, Snowden, whose leaks last year triggered debate on the massive surveillance conducted by the Government worldwide. In an interview, speaking via...

RSA Conference 2014 Art Coviello RSA keynote

SAN FRANCISCO – RSA Security executive chairman Art Coviello today at RSA Conference 2014 made his first public comments about the security company’s relationship with the National Security Agency, painting the landmark firm as a victim of the spy agency’s blurring of the lines between its...

Hardcoded credentials

An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click...

CVE-2014-1861

The client in Jetro COCKPIT Secure Browsing JCSB 4.3.1 and 4.3.3 does not validate the FileName element in an RDPFILETRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension...

Design/Logic Flaw

The client in Jetro COCKPIT Secure Browsing JCSB 4.3.1 and 4.3.3 does not validate the FileName element in an RDPFILETRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension...

CVE-2013-6486

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for...