4160 matches found
BrainTest Malicious Android Apps Removed From Google Play
Update The Brain Test mobile malware family has once again been evicted from Google Play. Known for piggy-backing on fully functioning mobile applications, the malware’s various iterations try to root Android devices, download malicious APKs and inflate the Google Play ratings of other apps writt...
Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2617 advisory. - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - rac...
FreeBSD : openssl -- multiple vulnerabilities (4c8d1d72-9b38-11e5-aece-d050996490d0)
OpenSSL project reports : - BNmodexp may produce incorrect results on x8664 CVE-2015-3193 - Certificate verify crash with missing PSS parameter CVE-2015-3194 - X509ATTRIBUTE memory leak CVE-2015-3195 - Race condition handling PSK identify hint CVE-2015-3196 - Anon DH ServerKeyExchange with 0 p...
Vulnerability in OpenSSL - Certificate verify crash with missing PSS parameter
The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any...
openssl -- multiple vulnerabilities
OpenSSL project reports: BNmodexp may produce incorrect results on x8664 CVE-2015-3193 Certificate verify crash with missing PSS parameter CVE-2015-3194 X509ATTRIBUTE memory leak CVE-2015-3195 Race condition handling PSK identify hint CVE-2015-3196 Anon DH ServerKeyExchange with 0 p parameter...
wireshark security, bug fix, and enhancement update
1.10.14-7.0.1 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.10.14-7 - Rebase some tvbuff API from upstream to 1.10.14 - Fixes crash when tvblengthremaining is used - Related: CVE-2015-6244 1.10.14-6 - Security patch - Resolves: CVE-2015-3182 1.10.14-5 - Fix crash...
Nexus Security Bulletin - October 2015Stay organized with collectionsSave and categorize content based on your preferences.
We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48T or later such as LMY48W and Android M with Securit...
MassVet Android Malicious App Scanner
Most Android malware samples can be found clinging to some sort of knockoff to a legitimate application. Hiding in plain sight like that, sometimes they find their way into Google Play or any one of the dozens of less-patrolled Android markets. Researchers at Indiana University believe they’ve co...
Nexus Security Bulletin—August 2015Stay organized with collectionsSave and categorize content based on your preferences.
We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY48I or later address these issues. Partners were...
ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
minecraft-servera.su XSS vulnerability
Vulnerable URL:...
OpenSSL: PKCS7 crash with missing EnvelopedContent
A NULL pointer dereference was found in the way OpenSSL handled certain PKCS7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected ...
SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:1143-1) (Logjam)
This update of openssl fixes the following security issues : - CVE-2015-4000 bsc931698 - The Logjam Attack / weakdh.org - reject connections with DH parameters shorter than 1024 bits - generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 - Malformed ECParameters causes infinite...
Security update for openssl (important)
openssl was updated to fix six security issues. The following vulnerabilities were fixed: CVE-2015-4000: The Logjam Attack / weakdh.org. Rject connections with DH parameters shorter than 768 bits, generates 2048-bit DH parameters by default. boo931698 CVE-2015-1788: Malformed ECParameters causes...
SUSE-SU-2015:1143-1 Security update for openssl
This update of openssl fixes the following security issues: - CVE-2015-4000 bsc931698 The Logjam Attack / weakdh.org reject connections with DH parameters shorter than 1024 bits generates 2048-bit DH parameters by default - CVE-2015-1788 bsc934487 Malformed ECParameters causes infinite loop -...
Security Advisory 0011
Security Advisory 0011 PDF Date: June 17th 2015 Revision| Date| Changes ---|---|--- 1.0 | June 17th, 2015 | Initial release 1.1 | November 4th, 2015 | Updated to reflect versions with the fix for tracked bugs. Change in vulnerability status for CVE-2014-8176 Arista Products Vulnerability report f...
VK.com: Able to intercept app Traffic after choosing up the Secured Connection using SSL (HTTPS)
Install the app Login with Valid credentials Settings - Choose Secured connection HTTPS Close the app Set the proxy and Open the app verify that Connection isn't Secured and able to intercept PFA POC Expected Result : Secured layer & SSL PINING should be applied successfully...
ThinkPHP 默认配置导致验证码暴力破解
简要描述: ThinkPHP 默认配置导致验证码暴力破解 详细说明: 最近用Thinkphp时发现,验证码类默认的check函数在检查完验证码是否正确后,并未重置session,导致可被暴力破解。 写这样的代码,再看看Verify类的check函数, public function check$code, $id = '' $key = $this-authcode$this-seKey.$id; // 验证码不能为空 $secode = session$key; ifempty$code || empty$secode return false; // session 过期...
Shopify: XSS in experts.shopify.com
Hi, XSS vulnerability in experts.shopify.com, Steps to verify: 1. Go to https://experts.shopify.com 2. Sign up for an expert. Please do note that you must create a new account if you already have, do not use existing account or an account that did not yet apply for an expert then you will ask to...
Google Report Lauds Android Security Enhancements
Google has put some hard numbers behind the effectiveness of the security enhancements it has dropped into Android in the past year, and results show that things such as SE Linux SE Android, Verify Apps and Safety Net have cut down on successful attacks against the Android operating system,...