SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.
606d093c7f297e8dcf9f6d5a4a84f0829cf946d7ae2b6f0b83243271175d7298Secunia Security Advisory - A vulnerability has been discovered in EmailArchitect Email Server, which can be exploited by malicious people to conduct script insertion attacks.
4e11e7a9ac1ac880cbf8adb48cf09c3e89639b5fc8d50a0d4565969456e92630EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.
1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5fUbuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
d9174e9a4ed57d8cbb518a50151cad98d40855786e4a1d98cef9256e2cf24668WordPress Top Quark Architecture plugin version 2.10 suffers from a remote shell upload vulnerability.
7704ff1b8ea27774b6a9e5baa5618e930a226c296984990a89e25e8c009d9f3dAlphanumeric shellcode is similar to ascii shellcode in that it is used to bypass character filters and evade intrusion-detection during buffer overflow exploitation. This article documents alphanumeric code on multiple architectures, but primarily the 64 bit x86 architecture. Alphanumeric shellcode requires a basic understanding of bitwise math, assembly and shellcode.
58bd7026c178df13e32741aeefd385da0fd61df0dd758c8fe3d294c3c7f8be08Secunia Security Advisory - A vulnerability has been discovered in the Top Quark Architecture plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
3c9b10deaf9f535372190db3f221805a61f5dfcdbe3a5cbb796a521609c84973Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added.
66fb5636308651b4c30914ee68b3d1dd0bb8281f93ba0f3b8d86229d271ee731Access Road is a universal simulator of access controls that is intended to improve design and auditing of IT security. It provides simulations of GNU/Linux (components and rights on the file system), MySQL Server (components and privileges), and a generic Role-Based-Access-Control application. It is designed for database, system, and application administrators, IT architects and developers, and auditors. Reliability and the ability to explain the results are the main objectives. A 50 page tutorial is provided, and a powerful framework allows new simulations to be added. This is the source release.
4887943b5dfe0cd8a8727842cf0bd736b62983162e36e137d3fa1390c6741a9bRed Hat Security Advisory 2012-0531-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
3ddbb5cdb4ed9bf2a1fdb71d362befb26520ec4f608d2488633e73fd436ff5eeRed Hat Security Advisory 2012-0422-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest.
e7c086b0a89043ce5cf76161bb765ad57ed42473aa9dd693872c06322bb113dcSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in DVD Architect Pro and DVD Architect Studio, which can be exploited by malicious people to compromise a user's system.
b3b20f2046dd5c79266c24171e9201a4e3aff69f944373293a6e3183622f71faUbuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
d63f63cce13067e86594d7b41cc4fcfc48a0a4fe97f8a49fdbb9d9b6da4a1a42Whitepaper called Wi-Fi Security with Wi-Fi Protection Plus. Wi-Fi P+ is a new security architecture proposed by the authors.
a1796ef5991f37e305255cca3db5c7cb382fdf8cc9c174e0f73caebf4c6d9270Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
05c0dd91dd29762f5e296d14459621c31954abd49ee245eed81ed44d3cf305aeCisco Security Advisory - Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to an architectural change that was made in the way the system maintains administrative accounts. During the process of upgrading a Cisco IP Video Phone E20 device to TE 4.1.0, an unsecured default account may be introduced. An attacker who is able to take advantage of this vulnerability could log in to the device as the root user and perform arbitrary actions with elevated privileges. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
ffb1d743fb5b8c8144fab300e2c6dac3949900703a0d6ed2e8f35f376fc930c6Whitepaper called Browser Security Comparison: A Quantitative Approach. The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer – to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.
e054bd896f56e8be803b55bc04ad540e6247fb7a0bbcf3094c27a9a421226a18Whitepaper called Creating Your Own Abstract Processor. The author discusses creating a theoretical processor architecture that one can develop at the software level.
3377a9e7607686a8415eb224532b12bc436eda19656f6192d4f244d9c631a003Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.
fa7153f409e721608f962300415cd744516afae4772594ad9b060ca5a0cf7718Red Hat Security Advisory 2011-0871-01 - Virtual Network Computing is a remote display system which allows you to view a computer's desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. It was discovered that vncviewer could prompt for and send authentication credentials to a remote server without first properly validating the server's X.509 certificate. As vncviewer did not indicate that the certificate was bad or missing, a man-in-the-middle attacker could use this flaw to trick a vncviewer client into connecting to a spoofed VNC server, allowing the attacker to obtain the client's credentials. Various other issues were also addressed.
0ebbb13913b75c5c0015754ed42e37e40caef343daeab3ccb5e802275bd2ce8aDFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
0dab2e10f9c2cb2d1363b51284e9616725f85e84aea58719848f41626fa894d1Secunia Security Advisory - Multiple vulnerabilities have been discovered in IBM Rational System Architect, which can be exploited by malicious people to compromise a user's system.
a39bd48fa7d80911c03f85ef1bc6600a5caa4aae19ba1bfe4dd7d3c6e501edbfUbuntu Security Notice 1079-3 - USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor.
c33a79c9cbb271d022cc60d25b2598bc554e7e817f3e003bca02dabf306d9ac9Ubuntu Security Notice 1079-2 - USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.
c5c18368e20b050d150d2c53891f0010937af3d0d826c64263852fc25e700d30Whitepaper called Understanding the ARM Architecture. Written in Portuguese.
cf0eaadb289df97ca53ecb2bb43210d339f7a1c7c7d590641192f41d631c74a7CBTArchitects.com suffers from a remote SQL injection vulnerability.
ca9a49eebee71c476041cbf434b4fc95088fbef23fddb14c26cc3b96c5f96699
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed