squid security update

CentOS Errata and Security Advisory CESA-2013:0505 Updated squid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring Syst...

Latest Kelihos Botnet Shut Down Live at RSA Conference 2013

SAN FRANCISCO – Down goes Kelihos—again. The third version of the prolific peer-to-peer botnet responsible for volumes of pharmaceutical spam, Bitcoin wallet theft and credential harvesting was shut down before a live audience today at RSA Conference 2013. With the execution of a few commands tha...

[SECURITY] Fedora 18 Update: curl-7.27.0-6.fc18

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Memory corruption

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy NFC protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of...

CVE-2013-1659

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy NFC protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of...

Debian DSA-2626-1 : lighttpd - several issues

Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. - CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an...

[SECURITY] [DSA 2626-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2626-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 17, 2013 http://www.debian.org/security/faq -...

DSA-2626-1 lighttpd - several issues

Bulletin has no description...

Debian Security Advisory DSA 2626-1 (lighttpd - several issues)

Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existin...

CVE-2013-0271

The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted 1 mxit or 2 mxit/imagestrips pathname...

DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability

DefenseCode Security Advisory http://www.defensecode.com/ Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory ID: DC-2013-01-003 Advisory Title: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability Advisory URL: http://www.defensecode.com/subcategory/advisories-28...

Fedora Update for axis FEDORA-2013-1194

Check for the Version of axis OpenVAS Vulnerability Test Fedora Update for axis FEDORA-2013-1194 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] Fedora 17 Update: tor-0.2.2.39-1700.fc17

Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the...

DSA-2614-1 libupnp - several

Bulletin has no description...

50 Million Potentially Vulnerable to UPnP Flaws

In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play UPnP discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper...

Ray Sharp DVR Password Retriever

This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port 9000. Other brands using this platform and exposing the same issue may include Swann, Lorex, Night Owl, Zmodo,...

AIX 6.1 TL 0 : bind (IZ56315)

AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...

AIX 6.1 TL 2 : bind (IZ56317)

AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...

CVE-2012-2372

CVE-2012-2372 affects the Linux kernel (3.7.4 and earlier). The vulnerability is in the rds_ib_xmit function (net/rds/ib_send.c) and can allow local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP equal to the IPoIB interface’s own...

Oracle MySQL Server 'MyISAM'子组件远程安全漏洞(CVE-2013-0371)

BUGTRAQ ID: 57415 CVECAN ID: CVE-2013-0371 Oracle MySQL Server是一个小型关系型数据库管理系统。 Oracle MySQL Server 5.5.28及更早版本存在远程安全漏洞，此漏洞可通过'MySQL Protocol'协议加以利用，'MyISAM'子组件受到影响。通过身份验证的远程攻击者可利用此漏洞造成影响可用性。 0 Oracle MySQL Server = 5.5.28 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（cpujan2013-1515902）以及相应补丁:...