XnView 1.99.1 - .JLS File Decompression Heap Overflow

XnView 1.99.1 - .JLS File Decompression Heap Overflow SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a...

VM Loses Connection During Snapshot Removal

Challenge During the snapshot removal step of a Veeam Backup & Replication task, the source vSphere VM loses connectivity temporarily. Cause Veeam does not remove the snapshot itself; Veeam sends an API call to the vSphere environment to have the action performed. The snapshot removal process...

XnView 1.99.1 - '.JLS' File Decompression Heap Overflow

SUMMARY XnView Formats PlugIn is prone to an overflow condition. The JLS Plugin xjpegls.dll library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute...

Soapbox 0.3.1 Local Root

----------------------------------- soapbox 0.3.1 Description: "Soapbox allows to restrict processes to write only to those places you want. Read-access however is still based on file-permissions. By preloading the Soapbox library, you can run programs as root and monitor which writes/changes are...

soapbox 0.3.1 - Local Privilege Escalation

soapbox 0.3.1 - Local Privilege Escalation ----------------------------------- soapbox 0.3.1 Description: "Soapbox allows to restrict processes to write only to those places you want. Read-access however is still based on file-permissions. By preloading the Soapbox library, you can run programs a...

soapbox 0.3.1 - Local Privilege Escalation

----------------------------------- soapbox 0.3.1 Description: "Soapbox allows to restrict processes to write only to those places you want. Read-access however is still based on file-permissions. By preloading the Soapbox library, you can run programs as root and monitor which writes/changes are...

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

[SECURITY] [DSA 2552-1] tiff security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2552-1 [email protected] http://www.debian.org/security/ Luciano Bello September 26, 2012 http://www.debian.org/security/faq -...

Scientific Linux Security Update : yum-autoupdate update on SL5.x, SL6.x i386/x86_64 (20120925)

The Scientific Linux team was made aware of a problem with the use of temp files in the yum-autoupdate script by Elias Persson. The problem should be corrected in these packages. These packages also include some minor feature updates for each release. For SL5, the script now includes the 'PRERUN'...

SAP NetWeaver HTTP - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1986725 Author: Alexey Tyurin ERPScan...

DSA-2551-1 isc-dhcp - denial of service

Bulletin has no description...

Disconnect Between Application Development and Security Getting Wider

There is a widening gulf between application developers and security decision makers inside the enterprise, and it’s starting to cost companies serious money. Sure there’s been lots of talk about the need for better static and dynamic web application testing tools and the need for a formalized...

SAP NetWeaver HTTPd - Partial HTTP POST requests DoS

Application: SAP Versions Affected: SAP Netweaver 7.02/7.3, probably others Vendor URL: http://www.sap.com Bugs: Denial of Service Exploits: YES Reported: 19.09.2012 Vendor response: 20.09.2012 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 1966655 Author: Alexey Tyurin ERPScan...

Debian: Security Advisory (DSA-2544-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

My DEFCON social engineering talk and DerbyCon

This year has been a year of firsts for me and for Coalfire. I was recently hired to my first Information security job as a penetration tester for Coalfire Labs, the forensic and app/network testing side of Coalfire. Many of the Coalfire Labs team attended DEFCON in Las Vegas in early August.. No...

The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side inpu...

The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter

We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side input validation where applicable. Special characters should be stripped out during the validation process. The following special characters should be stripped out if...

The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side input...

[SECURITY] [DSA 2542-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2542-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 08, 2012 http://www.debian.org/security/faq -...

Ektron CMS 8.5.0 - Multiple Vulnerabilities

Ektron CMS 8.5.0 - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High...