[SECURITY] Fedora 15 Update: postgresql-9.0.7-1.fc15

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, sub-selects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL...

[SECURITY] Fedora 16 Update: postgresql-9.1.3-1.fc16

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 17 Update: postgresql-9.1.3-1.fc17

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

[SECURITY] Fedora 16 Update: nagios-3.3.1-3.fc16

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

[SECURITY] Fedora 15 Update: nagios-3.3.1-3.fc15

Nagios is a program that will monitor hosts and services on your network. It has the ability to send email or page alerts when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux and some other NIX variants as a background process,...

The Syrian spyware to target the opposition activists

The Syrian spyware to target the opposition activists CNN News reported about malicious programs used to target the Syrian opposition, Its a computer viruses that spy on them and according to report a Syrian opposition group and a former international aid worker whose computer was infected. They...

CVE-2011-5068

Multiple cross-site request forgery CSRF vulnerabilities in Support Incident Tracker aka SiT! 3.65 allow remote attackers to hijack the authentication of user for requests that delete a user via userdelete.php and other unspecified programs...

UniOFuzz 0.1.2-beta - Universal fuzzing tool Released

UniOFuzz 0.1.2-beta - Universal fuzzing tool Released UniOFuzz version 0.1.2-beta - the universal fuzzing tool for browsers, web services, files, programs and network services/ports released by nullsecurity team. Video Demonstration: pigtail23, Developer of UniOFuzz demonstrated the tool in above...

CVE-2011-4786

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...

IpTools 0.1.4 Overflow

Title: IpToolsTiny TCP/IP server - Rcmd Remote Overflow Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-01-07 Updated: Impact : High Bug...

CVE-2011-4837

Cross-site request forgery CSRF vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs...

Report: Computer Hacking, Theft Of Government Secrets Alleged In News International Probe

A report from The Guardian claims that detectives working for Rupert Murdoch’s News International may have siphoned off classified intelligence documents from MI5, Britain’s domestic intelligence agency. The report comes some six months after the first reports indicating that computer hacking,...

DreamBox DM800 1.5rc1 - File Disclosure

!/usr/bin/perl DreamBox DM800 :0:0:root:/home/root:/bin/sh daemon::1:1:daemon:/usr/sbin:/bin/sh bin::2:2:bin:/bin:/bin/sh sys::3:3:sys:/dev:/bin/sh sync::4:65534:sync:/bin:/bin/sync games::5:60:games:/usr/games:/bin/sh man::6:12:man:/var/cache/man:/bin/sh lp::7:7:lp:/var/spool/lpd:/bin/sh...

DHS Names Weatherford as Deputy Under Secretary for Cybersecurity

Department of Homeland Security DHS Secretary Janet Napolitano appointed Mark Weatherford today as the National Protection and Programs Directorate’s NPPD new Deputy Under Secretary for Cybersecurity, according to a press release on the DHS’ site. The role was created by the Directorate in...

The Mystery of Duqu

First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here at a minimum – the main module and a...

Linux pkexec / polkitd 0.96 Race Condition

!/bin/sh pid; if stat procbuf, &statbuf != 0 gseterror error, POLKITERROR, POLKITERRORFAILED, "stat failed for /proc/%d: %s", process-pid, gstrerror errno; goto out; where the code only rely on stat of the pseudo filesystem src/polkit/polkitsubject.c --------- there's not enough validation to run...

[SECURITY] Fedora 14 Update: mozvoikko-1.0-25.fc14.1

This is mozvoikko, an extension for Mozilla programs for using the Finnish spell-checker Voikko...

Code injection

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...

CVE-2011-3185

gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message...