Debian Security Advisory DSA 2738-1 (ruby1.9.1 - several vulnerabilities)

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1821 Ben Murphy discovered that unrestricted entity...

DSA-2738-1 ruby1.9.1 - several

Bulletin has no description...

Debian: Security Advisory (DSA-2738-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

flash-player for APSB13-17 (important)

This update fixes APSB13-17, several security problems in the Adobe Flash Player: CVE-2013-3344, CVE-2013-3345, CVE-2013-3347 For more see https://bugzilla.novell.com/showbug.cgi?id=828810...

[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE

Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can b...

It's Time to Abandon Java

As humans, we have a difficult time letting go of things. Whether it be a favorite pair of jeans, a beloved dog or an old friend who you know is just bringing you down, putting aside things we know well is hard to do. But sometimes things are just too broken to be useful any longer, and that’s th...

German Police eavesdropping Facebook, Gmail, Skype Conversations

An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club. The information was released as part of a move towards financial transparency. T...

Mandrake Linux Security Advisory : kernel (MDKSA-2001:037)

A number of security problems have been found in the Linux kernels prior to the latest 2.2.19 kernel. Following is a list of problems based on the 2.2.19 release notes as found on http://www.linux.org.uk/ - binfmtmisc used user pages directly - the CPIA driver had an off-by-one error in the buffe...

Mandrake Linux Security Advisory : inn (MDKSA-2001:010)

WireX discovered a potential temporary file race condition in the inn program. This condition is due partly to the way inn is compiled and configured on some Linux distributions, including Linux-Mandrake, and partly due to the lack of information in the inn package detailing potential security...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 2605)

This kernel update fixes the following security problems : - The ftdisio driver allowed local users to cause a denial of service memory consumption by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, whi...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5667)

This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems : - When creating a file, open/creat allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, th...

Lynx Message Server 7.11.10.2 Cross Site Scripting / SQL Injection

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

UPDATE: Wikileaks Dumps First of 5 Million Stratfor E-Mails

The whistle-blower Web site Wikileaks has published what it claims are the first of millions of internal e-mails taken from the Texas based strategic intelligence firm Stratfor. In a statement on the Web site of Wikileaks, the organization published links to 167 email messages – a first installme...

ThinkSAAS upload File Vulnerabilities-vulnerability warning-the black bar safety net

Author:Insight-D. Software Link: http://www.thinksaas.cn Useful to uploadify2. 1. 4 The program has this problem A lot of cms use this uploadify.php many programmers directly calling the swf file regardless of the uploadify. php has lead to security problems generated Download:...

The rlogin service is running

This remote host is running a rlogin service. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)

This update fixes a 1-byte uninitialized memory reference in pngformatbuffer. It allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this...

Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)

This update fixes a 1-byte uninitialized memory reference in pngformatbuffer. It allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this...

Android phones vulnerable to hackers !

Android phones vulnerable to hackers ! Handsets using Google's operating system can allow hackers to access calendars, contacts and private pictures, they claim. Only the latest phones have had the data leak plugged, meaning 99.7 per cent of Android handsets are vulnerable. 'We wanted to know if ...

New Adobe Under Zero-Day Attack !

Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Exce...

Microsoft to Fix IE 8 XSS Filter Security Problems

On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting XSS filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario. During the conference presentation, a pair of...