Oracle to Kill Java Plugin

It’s the end of an era. Oracle has announced its intent to nail the coffin shut on the Java browser plugin. The company confirmed Wednesday that it expects to deprecate the plugin in JDK 9, slated for release in September, and JRE, in a future Java SE release. Dalibor Topic, a member of Oracle’s...

UBUNTU-CVE-2015-8932

The compressbidderinit function in archivereadsupportfiltercompress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service crash via a crafted tar file, which triggers an invalid left shift...

SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)

This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available...

UBUNTU-CVE-2015-1593

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related ...

UBUNTU-CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service invalid read operation via a crafted keyring file, related to sign extensions and "memcpy with overlappi...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird2)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via...

Expert Warns of Chip-and-PIN Pitfalls

LAS VEGAS – The inevitable changeover from magnetic strip-based payment cards to EMV, or chip-and-PIN, is coming for consumers and merchants in the United States. And coming along with it are a raft of weaknesses and real-world attacks that shoot holes in the presumption that EMV will remedy cred...

NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses

No description provided by source. source: http://www.securityfocus.com/bid/31853/info MIFARE Classic is prone to multiple security weaknesses: 1. A security weakness may allow attackers to recover the internal state of the linear feedback shift register. 2. A security weakness may allow attacker...

MySQL 3.x/4.0.x Weak Password Encryption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7500/info MySQL has been reported to implement a weak password encryption algorithm. It has been reported that the MySQL function used to encrypt MySQL passwords makes just one pass over the password and employs a weak le...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2011:1243-1)

MozillaFirefox was updated to version 8 bnc728520 to fix the following security issues : dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS dbg114-MozillaFirefox-5399 MozillaFirefox-5399 newupdateinfo MFSA...

openSUSE Security Update : firefox / thunderbird (openSUSE-2011-9)

Mozilla Firefox and Thunderbird were updated to version 8.0 which fixes several security vulnerabilities : - MFSA 2011-52 - Code execution via NoWaiverWrapper CVE-2011-3655 - MFSA 2011-51 - Cross-origin image theft on Mac with integrated Intel GPU CVE-2011-3653 - MFSA 2011-50 - Cross-origin data...

Chip and PIN EMV Protocol security vulnerabilities found

Chip-and-PIN payment cards are coming to the United States after a long head start as a standard card-present payment method in Europe and Asia. Already, retailer Target accelerated its plan to move its branded debit and credit cards to chip-and-PIN, also known as EMV Europay, MasterCard and Visa...

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding...

CVE-2013-3166

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding...

CVE-2013-3166

CVE-2013-3166 is an XSS vulnerability in Microsoft Internet Explorer (IE6–IE10) that arises from incorrect auto‑selection of the Shift JIS encoding, enabling remote script/HTML execution via cross‑domain scrolling events. The issue is documented as the Shift JIS Character Encoding Vulnerability a...

Microsoft Internet Explorer Shift JIS Encoded Characters Cross-Site Scripting Vulnerability

Description Microsoft Internet Explorer is prone to a cross-site scripting vulnerability. An attacker can exploit this issue to gain access to information in another domain or Internet Explorer zone. This may allow the attacker to obtain sensitive information that may aid in further attacks...

shift_out_in_between_dots

This evasion plugin insert between dots shift-in and shift-out control characters which are cancelled each other when they are below so some ".." filters are bypassed Example: Input: ../../etc/passwd Output: .%0E%0F./.%0E%0F./etc/passwd Plugin type Evasion Options This plugin doesnt have any user...

Microsoft Internet Explorer Shift JIS字符信息泄露漏洞(CVE-2013-0015) (ms13-009)

BUGTRAQ ID: 57822 CVECAN ID: CVE-2013-0015 Microsoft Internet Explorer是微软公司推出的一款网页浏览器。 Shift JIS是日本语的字符编码。Internet Explorer 6, 7, 8, 9没有正确执行Shift JIS编码的自动选择，通过构造触发跨域滚动事件的特制网站，远程攻击者可从不同的域或区域读取内容，造成信息泄露。 0 Microsoft Internet Explorer 6 - 9 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 将互联网和局域网安全区域设置为“高”...

CVE-2013-0015

Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding...

CVE-2013-0015

Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different 1 domain or 2 zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding...