Microsoft Mitigation Bypass Bug Bounty Winner Yang Yu

Yang Yu is no stranger to writing mitigation bypasses for Microsoft Windows products. A year ago at the CanSecWest conference in Vancouver, the 35-year-old security researcher from Beijing did an extensive presentation on bypassing Address Space Layout Randomization ASLR and Data Execution...

CentOS Update for kernel CESA-2014:0159 centos6

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2014:0159 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Facebook Fixes CSRF Vulnerability in Instagram

Until last week, some parts of the API that Instagram uses were vulnerable to a cross-site request forgery CSRF attack, something that could have put photos users thought were private, out in the open. It took almost six months but Facebook, the photo sharing application’s parent company, patched...

Wikipedia Remote Execution Vulnerability Patched

A serious remote code execution vulnerability was recently patched by the Wikimedia Foundation. The flaw could have put at risk any of the foundation’s sites running MediaWiki software, including Wikipedia. Researchers within Check Point Software Technologies’ Vulnerability Research Group...

vTiger CRM AddEmailAttachment arbitrary file upload

Added: 01/10/2014 CVE: CVE-2013-3214 BID: 61558 OSVDB: 95902 Background vTiger CRM is a customer relationship management application written in PHP. Problem An arbitrary file upload vulnerability when handling SOAP AddEmailAttachment requests allows remote attackers to execute arbitrary commands ...

SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)

IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ Also the following bug has been fixed : - mark files in jre/bin and bin/ as executable bnc823034 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

CVE-2013-1879

Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...

Oracle July 2013 Critical Patch Update patches 89 Flaws

It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...

CentOS Update for httpd CESA-2013:0815 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zendesk security breach, "We've been hacked"

Customer service software provider Zendesk announced a security breach, that affected three major Zendesk clients i.e Tumblr, Pinterest and Twitter and allowed hackers into their systems. The hacks come just days after Apple ,Twitter and Facebook revealed that their employees computers fell victi...

CentOS Update for tcl CESA-2013:0122 centos5

Check for the Version of tcl OpenVAS Vulnerability Test CentOS Update for tcl CESA-2013:0122 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CentOS Update for ruby CESA-2013:0129 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

91736cms cookie injection vulnerability-vulnerability warning-the black bar safety net

Re-read under 9 1 7 3 6 before that getip vulnerability has been patch on. 漏洞 文件 :system/modules/member/index.php public function edit ifempty$COOKIE'memberuser'||empty$COOKIE'memberuserid' showmsgC"adminnotexist","index. php? m=member&f=login"; $userid=$COOKIE'memberuserid';...

Microsoft XML Core Services远程代码执行漏洞

CVE ID: CVE-2012-1889 Microsoft XML Core Services MSXML是一组服务，可用JScript、VBScript、Microsoft开发工具编写的应用构建基于XML的Windows-native应用。 Microsoft XML Core Services 3.0、4.0、5.0、6.0在实现上存在漏洞，可能导致访问未初始化内存对象进而发生内存破坏，远程攻击者可利用该漏洞在用户通过IE查看恶意网页时执行任意代码。 0 Microsoft XML Core Services 6.0 Microsoft XML Core Services 5.0...

Ubuntu 8.04 LTS : samba vulnerability (USN-1374-1)

Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block...

Cloupia End-To-End FlexPod Management Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...

Cogent DataHub Vulnerabilities

Overview This Advisory is a follow-up to the Alert, “ICS-ALERT-11-256-03—COGENT DATAHUB VULNERABILITIES,” that was published September 13, 2011, on the Industrial Control Systems Cyber Emergency Response Team ICS-CERT web page. ICS-CERT is aware of a public report of multiple vulnerabilities in...

RedHat Update for cyrus-imapd RHSA-2011:0859-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Internet System Consortium releases BIND patches

The Internet System Consortium has released updates for BIND to address a vulnerability in BIND versions 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, and 9.8.0 and later. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition...

[Bkis] sNews 1.7.1 XSS vulnerability

General Information sNews is a free content management system CMS written in PHP and MySQL. It is available at http://snewscms.com/. In April 2011, Bkis Security discovered an XSS Cross-site Scripting vulnerability in sNews CMS version 1.7.1 Taking advantage of this vulnerability, hacker might...