RHEL 6 : MRG (RHSA-2016:1532)

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Debian DLA-574-1 : qemu-kvm security update

Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-5239 Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC...

The vulnerability of the Windows operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for increased privileges exists in the Windows task scheduler due to incorrect checks for the integrity of tasks. If this vulnerability is exploited successfully, a malicious individual will be able to execute arbitrary code within the context of local system security...

XpoLog Center 6 Cross Site Request Forgery

XpoLog Center V6 CSRF Remote Command Execution Vendor: XpoLog LTD Product web page: http://www.xpolog.com Affected version: 6.4469 6.4254 6.4252 6.4250 6.4237 6.4235 5.4018 Summary: Applications Log Analysis and Management Platform. Desc: XpoLog suffers from arbitrary command execution. Attackers...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3607-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3607-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 28, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3607-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg o...

Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt63

3:11-alt63 built June 27, 2016 Sergey V Turchin in task 166414 June 27, 2016 Sergey V Turchin - new version - security fixes: CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133,...

Debian DLA-516-1 : linux security update

This update fixes the CVEs described below. CVE-2016-0821 Solar Designer noted that the list 'poisoning' feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes...

Regsvr32.exe (.sct) Command Delivery Server

This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a way to run a command on a target system. The major advantage of this technique is that you can execute a static command on the target system and dynamically and remotely change the command that will actually run by...

AutoNessus - Script to Communicate with Nessus API

This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan. It may be helpful to create a cron job/scheduled task for automating the start ...

DEBIAN-CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

Session fixation

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

Phpwind GET型CSRF任意代码执行 漏洞

来源链接：http://www.wooyun.org/bugs/wooyun-2016-01758150-tsina-1-93389-397232819ff9a47a7b7e80a40613cfe1 这个洞其实很有意思，最可惜的地方就是其触发位置在后台，否则它将是一个绝无仅有的好洞。 0x01 后台反序列化位置 首先纵览整个phpwindv9，反序列化的位置很多，但基本都是从数据库里取出的，很难完全控制序列化字符串。 最后，找到三处： 可恶的是，三处都在后台的Task模块下。Task模块是『任务中心』功能，只有能进入后台的用户才可以访问： 随便打开一个，...

Ubuntu 14.04 LTS / 16.04 LTS : QEMU vulnerabilities (USN-2974-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2974-1 advisory. Zuozhi Fzz discovered that QEMU incorrectly handled USB OHCI emulation support. A privileged attacker inside the guest could use this issue t...

[SECURITY] Fedora 24 Update: ansible-2.0.2.0-1.fc24

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 23 Update: ansible-2.0.2.0-1.fc23

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 22 Update: ansible-2.0.2.0-1.fc22

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...