HP Security Bulletin HPSBGN03286 1 – A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
Monthly Archives: May 2015
Debian Security Advisory 3264-1
Debian Linux Security Advisory 3264-1 – Multiple security issues have been found in Icedove, Debian’s version of buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
Debian Security Advisory 3263-1
Debian Linux Security Advisory 3263-1 – Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
Debian Security Advisory 3265-1
Debian Linux Security Advisory 3265-1 – Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.
HiDisk 2.4 Cross Site Scripting
HiDisk version 2.4 suffers from cross site scripting vulnerabilities.
Apple Security Advisory 2015-05-19-1
Apple Security Advisory 2015-05-19-1 – Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
hardwear.io – Hardware Security Conference Call for Papers
Posted by Hardwear Team on May 20
Dear Hackers and Security Gurus,
hardwear is seeking innovative research on hardware security. If you
have done interesting research on attacks or mitigation on any
Hardware and want to showcase it to the security community, just
submit your research paper. Please find all the relevant details for
the submission below.
About hardwear.io
—————————-
Somewhere in the mid of last year, amidst all the news and concerns
surrounding…
Linux/x86 execve "/bin/sh" Shellcode
26 bytes small Linux/x86 execve “/bin/sh” shellcode.
Fedora 22 Security Update: zeromq-4.0.5-3.fc22
Resolved Bugs
1221666 – zeromq: protocol downgrade attack on sockets using the ZMTP v3 protocol<br
Cherry-pick a fix for the protocol downgrade attack
Fedora 22 Security Update: libtiff-4.0.3-20.fc22
Resolved Bugs
1190710 – CVE-2015-1547 CVE-2014-9655 libtiff: various flaws [fedora-all]<br
CVE-2014-9655 and CVE-2015-1547 #1190710