Red Hat Security Advisory 2016-1481-01 – MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
Monthly Archives: July 2016
Red Hat Security Advisory 2016-1480-01
Red Hat Security Advisory 2016-1480-01 – MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql. Security Fix: This update fixes several vulnerabilities in the MySQL database server.
MediaCoder 0.8.43.5852 SEH Overflow
MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.
CoolPlayer+ Portable 2.19.6 Stack Overflow
CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.
PornHub Hack Earns Researchers $22,000
Researchers found a serious vulnerability in PHP code that could have allowed hackers to gain access to porn site’s private user data.
Europol and IT Security Companies Team Up to Combat Ransomware Threat
No More Ransom, so is the Ransomware Threat.
The Dutch National law enforcement agency Europol has joined forces with police and cyber security companies to launch a worldwide initiative to combat and tackle together the exponential growth of Ransomware used by cyber criminals.
Europol announced today the initiative, dubbed NO More Ransom, that has been backed by technology giant Intel,
Auto industry publishes first ever cybersecurity best practices
The auto industry has published its first set of cybersecurity best practices, as it attempts to combat rising and future threats facing the connected car.
The post Auto industry publishes first ever cybersecurity best practices appeared first on We Live Security.
CVE-2016-6288
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
CVE-2016-6289
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive.
CVE-2016-6290
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.