[ MDVSA-2014:150 ] tor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:150 http://www.mandriva.com/en/support/security/

nullcon CFP is open

Dear Security Gurus, 6th year | CFP opens on 6th Aug 2014 | conference on 6th Feb 2015. Welcome to nullcon 666! Bring out the beast in you. http://en.wikipedia.org/wiki/666_(number) we are happy to open the CFP. Time to tickle your gray cells and submit your research. Training: 4th-5th Feb 2015

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - -- Title: TomatoCart v1.x (latest-stable) Remote SQL Injection

Re: ownCloud Unencrypted Private Key Exposure

Hi, thanks to everyone for the input. Agreed, some clarification would be nice. I have verified that ownCloud 7.0.1 on Debian Wheezy is vulnerable, happily exposing unencrypted 4096 bit RSA private keys in PHP session files upon user login. But it seems that an attacker needs three things

RE: ownCloud Unencrypted Private Key Exposure

Hello, Cloud providers are always assuring about unbeatable security, but try to get any clause in SLA that they will pay for data losses. That shows how they trust their services. Concerning encryption, what is in the manual is ridiculous. The only one way to keep your data secure is to

RE: ownCloud Unencrypted Private Key Exposure

What is said below actually does not matter. Having encrypted USER data files and USER encryption key under the same VENDOR administrative control denies encryption as means of securing data. Unless you really trust the VENDOR. But then it is about TRUST, which is not SECURITY. If the VENDOR of

Cisco Security Advisory: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20140806-energywise Revision 1.0 For Public Release 2014 August 6 16:00 UTC (GMT)

[ MDVSA-2014:151 ] cups

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:151 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:153 ] mediawiki

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:153 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:154 ] readline

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:154 http://www.mandriva.com/en/support/security/

[ MDVSA-2014:152 ] glibc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:152 http://www.mandriva.com/en/support/security/

[SECURITY] [DSA 2998-1] openssl security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2998-1 secur...@debian.org http://www.debian.org/security/ Raphael Geissert August 07, 2014

(CVE-2014-3501/2/3) Apache Cordova for Android - Multiple Vulnerabilities

Hi, We have recently discovered a severe Cross-Application Scripting (XAS) vulnerability in Apache Cordova for Android. This vulnerability enables theft of sensitive information from Crodova-based apps both locally by malware and also remotely by using drive-by exploitation techniques. In

[ MDVSA-2014:155 ] kernel

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:155 http://www.mandriva.com/en/support/security/

(kind of) new tool: american fuzzy lop

Hey all, Since I haven't really ever properly done it, i wanted to officially announce american fuzzy lop, a novel instrumentation-driven fuzzer that, among other things, had some luck finding a bunch of fairly interesting image parsing security issues (e.g., CVE-2013-6629, CVE-2013-6630).