jetlib.sec » Tags » patch

Feeds

259079 items (0 unread) in 27 feeds

• 0day.today (was: 1337day, Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

113 items tagged "patch"

Related tags: backdoor [+], solaris [+], vulnerability [+], oracle [+], integer overflow [+], vulnerabilities [+], update [+], symlink [+], linux [+], day [+], usernames and passwords [+], symantec [+], solaris 10 [+], sebastian krahmer [+], sebastian [+], root password [+], krahmer [+], kernel [+], java [+], exploits [+], critical patch [+], black hat [+], zero day [+], web security [+], train customers [+], symlink attack [+], stack overflow [+], security appliance [+], security [+], s codesys [+], read [+], overflow [+], oracle corporation [+], null pointers [+], null [+], kernel patch [+], explorations [+], cisco unified communications manager [+], cisco unified [+], cisco security advisory [+], cisco security [+], cisco callmanager [+], buffer overflow [+], apple mac os x [+], apple mac os [+], advisory [+], Software [+], Countermeasures [+], xss [+], version [+], usa [+], triton [+], traces [+], stefan frei [+], sql injection [+], skeleton key [+], security patches [+], product patches [+], privilege escalation vulnerability [+], planned [+], memory corruption [+], magic [+], logs [+], local privilege escalation [+], linux kernel [+], lightweight version [+], hacks [+], full [+], fix [+], escalation [+], emergency patch [+], emergency [+], darknet [+], code execution [+], cms [+], cluster [+], capabilities [+], bulletins [+], bugtraq [+], bernard tellenbach [+], analysis [+], adobe [+], Bugs [+], ngs [+], notification [+], year [+], x lion [+], x imageio [+], x image [+], windows security [+], windows [+], will [+], vulnerabilty [+], vpn implementation [+], unpatched [+], txt [+], trojans [+], trend micro [+], tool [+], tokens [+], system backup [+], ssh [+], ssa [+], sp3 [+], sophos [+], sony [+], solderless breadboard [+], slides [+], skirts [+], sge [+], session hijacking [+], session fixation [+], session [+], security patch [+], security firms [+], security bugs [+], security advisory [+], safeguard [+], report management [+], releases [+], quirk [+], privilege [+], preparing [+], playstation [+], planning [+], php [+], patch management [+], paper [+], overwrite [+], old computer [+], november [+], no doubt [+], network monitor [+], multiple [+], minor bugs [+], microsoft patch [+], microsoft office [+], microsoft issues [+], message filter [+], mandriva linux [+], mandriva [+], management [+], mac os x [+], livingroom [+], linux source [+], linux security [+], linux image [+], leaves [+], lan crypt [+], kills [+], key value [+], key [+], kernel image [+], kernel 2 [+], java vulnerability [+], java patch [+], java bug [+], issue patch [+], issue [+], ios [+], installation [+], injecting [+], implementation group [+], hub [+], holes [+], haunt [+], hackers [+], geohot [+], fixe [+], fichier [+], farrow [+], exposing [+], execution [+], evil deeds [+], draws [+], downloader [+], disclosure [+], directory traversal [+], desktop memory [+], dell inspiron [+], dell [+], debutant [+], debian [+], database server [+], cyber attacks [+], csrf [+], crypt [+], crucial [+], critical flaws [+], critical database [+], computer bug [+], command execution [+], codesys [+], cisco ipsec [+], cisco [+], chris farrow [+], chip usb [+], bumper crop [+], bumper [+], bug [+], board [+], black [+], bite [+], beast [+], batch [+], back porch [+], back [+], array [+], arbitrary code execution [+], apple java [+], apple [+], apache [+], amp [+], ahci [+], acrobat [+], accordance [+], access to data [+], Newbie [+], General [+], Fixes [+], Espace [+], Discussion [+], BackTrack [+], Area [+], openssh [+], tuesday [+], microsoft [+]

• November 12, 2012
• 13:16

  [remote exploits] - Apache downloader patch auto Execution Vulnerability

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - Apache downloader patch auto Execution Vulnerability

  Tags:  patch downloader apache exploits vulnerability execution  

• November 02, 2012
• 2:48

  [remote exploits] - OpenSSH 6.0p1 Backdoor Patch 1.2 Vulnerability 0day

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [remote exploits] - OpenSSH 6.0p1 Backdoor Patch 1.2 Vulnerability 0day

  Tags:  backdoor patch openssh exploits vulnerability  

• November 01, 2012
• 10:22

  OpenSSH 6.0p1 Backdoor Patch 1.2

   » ‎ Packet Storm Security Recent Files
  This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities. Telnet to target openssh server and issue udc_gamai_magic string for getting reverse openssh connection.

  Tags:  backdoor patch openssh sebastian-krahmer krahmer sebastian  

• 10:22

  OpenSSH 6.0p1 Backdoor Patch 1.2

   » ‎ Packet Storm Security Misc. Files
  This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities. Telnet to target openssh server and issue udc_gamai_magic string for getting reverse openssh connection.

  Tags:  backdoor patch openssh sebastian-krahmer krahmer sebastian  

• October 22, 2012
• 16:44

  Java SE Critical Patch Update

   » ‎ Packet Storm Security Advisories
  On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.

  Tags:  java update patch critical-patch oracle-corporation explorations  

• 16:44

  Java SE Critical Patch Update

   » ‎ Packet Storm Security Recent Files
  On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.

  Tags:  java update patch critical-patch oracle-corporation explorations  

• 16:44

  Java SE Critical Patch Update

   » ‎ Packet Storm Security Misc. Files
  On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.

  Tags:  java update patch critical-patch oracle-corporation explorations  

• October 19, 2012
• 11:22

  OpenSSH 6.0p1 Backdoor Patch

   » ‎ Packet Storm Security Recent Files
  This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities.

  Tags:  backdoor patch openssh sebastian-krahmer krahmer sebastian capabilities  

• 11:22

  OpenSSH 6.0p1 Backdoor Patch

   » ‎ Packet Storm Security Misc. Files
  This patch is for openssh-6.0p1 source which combines a known openssh backdoor and Sebastian Krahmer's openssh.reverse capabilities.

  Tags:  backdoor patch openssh sebastian-krahmer krahmer sebastian capabilities  

• September 27, 2012
• 8:00

  Bugtraq: NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution

   » ‎ SecurityFocus Vulnerabilities
  NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution

  Tags:  ngs patch hub apple-mac-os x-lion arbitrary-code-execution apple-mac-os-x  

• September 18, 2012
• 11:00

  Bugtraq: NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator

   » ‎ SecurityFocus Vulnerabilities
  NGS00263 Patch Notification: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator

  Tags:  notification ngs patch csrf symantec  

• 11:00

  Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure

   » ‎ SecurityFocus Vulnerabilities
  NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure

  Tags:  notification ngs patch disclosure symantec  

• 10:00

  Bugtraq: NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account

   » ‎ SecurityFocus Vulnerabilities
  NGS00267 Patch Notification: Symantec Messaging Gateway SSH with backdoor user account

  Tags:  notification ngs patch ssh symantec  

• 10:00

  Bugtraq: NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email

   » ‎ SecurityFocus Vulnerabilities
  NGS00268 Patch Notification: Symantec Messaging Gateway Out-of-band stored XSS - delivered by email

  Tags:  notification ngs patch symantec  

• September 17, 2012
• 9:00

  Bugtraq: [slackware-security] patch (SSA:2012-257-02)

   » ‎ SecurityFocus Vulnerabilities
  [slackware-security] patch (SSA:2012-257-02)

  Tags:  bugtraq patch ssa security-patch  

• August 23, 2012
• 14:00

  Bugtraq: This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

   » ‎ SecurityFocus Vulnerabilities
  This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline.

  Tags:  patch vulnerability accordance  

• August 20, 2012
• 13:00

  Bugtraq: NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection

   » ‎ SecurityFocus Vulnerabilities
  NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection

  Tags:  notification ngs patch sql-injection  

• 12:00

  Bugtraq: NGS00330 Patch Notification: Squiz CMS Directory Traversal

   » ‎ SecurityFocus Vulnerabilities
  NGS00330 Patch Notification: Squiz CMS Directory Traversal

  Tags:  notification ngs patch directory-traversal cms  

• 12:00

  Bugtraq: NGS00208 Patch Notification: Moodle CMS stored XSS

   » ‎ SecurityFocus Vulnerabilities
  NGS00208 Patch Notification: Moodle CMS stored XSS

  Tags:  notification ngs patch cms  

• 12:00

  Bugtraq: NGS00242 Patch Notification: SysAid Helpdesk stored XSS

   » ‎ SecurityFocus Vulnerabilities
  NGS00242 Patch Notification: SysAid Helpdesk stored XSS

  Tags:  notification ngs patch  

• August 18, 2012
• 17:00

  Debian 'php_crypt_revamped.patch' Patch Security Bypass Vulnerability

   » ‎ SecuriTeam
  The Debian patch for PHP is prone to a security-bypass vulnerability.

  Tags:  patch php debian crypt vulnerability  

• August 17, 2012
• 8:00

  Bugtraq: NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3

   » ‎ SecurityFocus Vulnerabilities
  NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3

  Tags:  notification ngs patch memory-corruption desktop-memory sp3  

• August 12, 2012
• 17:00

  Solaris 10 Patch 137097-01 Symlink Attack Local Privilege Escalation Vulnerability

   » ‎ SecuriTeam
  Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability.

  Tags:  solaris vulnerability patch privilege-escalation-vulnerability symlink-attack local-privilege-escalation  

• August 10, 2012
• 8:00

  Bugtraq: Another Solaris 10 Patch Cluster Symlink Attack

   » ‎ SecurityFocus Vulnerabilities
  Another Solaris 10 Patch Cluster Symlink Attack

  Tags:  cluster solaris patch solaris-10  

• 0:00

  Vuln: Solaris 10 Patch 137097-01 Symlink Attack Local Privilege Escalation Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Solaris 10 Patch 137097-01 Symlink Attack Local Privilege Escalation Vulnerability

  Tags:  solaris symlink patch privilege-escalation-vulnerability symlink-attack local-privilege-escalation  

• August 08, 2012
• 19:53

  Solaris 10 Patch Cluster Symlink Attack

   » ‎ Packet Storm Security Exploits
  The Solaris 10 137097-01 patch suffers from a symlink attack that will let a user clobber a root owned file.

  Tags:  solaris symlink patch solaris-10  

• 19:53

  Solaris 10 Patch Cluster Symlink Attack

   » ‎ Packet Storm Security Recent Files
  The Solaris 10 137097-01 patch suffers from a symlink attack that will let a user clobber a root owned file.

  Tags:  solaris symlink patch solaris-10  

• 19:53

  Solaris 10 Patch Cluster Symlink Attack

   » ‎ Packet Storm Security Misc. Files
  The Solaris 10 137097-01 patch suffers from a symlink attack that will let a user clobber a root owned file.

  Tags:  solaris symlink patch solaris-10  

• 14:00

  [local exploits] - Solaris 10 Patch Cluster Symlink Attack

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [local exploits] - Solaris 10 Patch Cluster Symlink Attack

  Tags:  cluster solaris patch exploits  

• 14:00

  [local exploits] - Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation

   » ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)
  [local exploits] - Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation

  Tags:  solaris symlink patch symlink-attack escalation exploits  

• July 19, 2012
• 13:59

  Oracle Won't Patch Zero-Day Hole In Database

   » ‎ Packet Storm Security Headlines
  Oracle Won't Patch Zero-Day Hole In Database

  Tags:  day oracle patch zero-day  

• July 05, 2012
• 21:34

  Three Critical Fixes Planned For Patch Tuesday

   » ‎ Packet Storm Security Headlines
  Three Critical Fixes Planned For Patch Tuesday

  Tags:  planned Fixes patch  

• July 02, 2012
• 12:00

  Bugtraq: NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation

   » ‎ SecurityFocus Vulnerabilities
  NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation

  Tags:  ngs session patch session-hijacking message-filter session-fixation  

• 11:00

  Bugtraq: NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection

   » ‎ SecurityFocus Vulnerabilities
  NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection

  Tags:  notification ngs patch network-monitor  

• 11:00

  Bugtraq: NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

   » ‎ SecurityFocus Vulnerabilities
  NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

  Tags:  notification ngs patch sql-injection  

• 11:00

  Bugtraq: NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS

   » ‎ SecurityFocus Vulnerabilities
  NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS

  Tags:  notification ngs patch  

• June 28, 2012
• 8:20

  OpenSSH 6.0p1 Full Backdoor Patch

   » ‎ Packet Storm Security Recent Files
  This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

  Tags:  full patch openssh usernames-and-passwords skeleton-key traces  

• 8:20

  OpenSSH 6.0p1 Full Backdoor Patch

   » ‎ Packet Storm Security Misc. Files
  This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

  Tags:  full patch openssh usernames-and-passwords skeleton-key traces  

• 8:13

  OpenSSH 6.0p1 Magic Password Patch

   » ‎ Packet Storm Security Recent Files
  This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

  Tags:  version patch openssh lightweight-version magic  

• 8:13

  OpenSSH 6.0p1 Magic Password Patch

   » ‎ Packet Storm Security Misc. Files
  This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

  Tags:  version patch openssh lightweight-version magic  

• June 13, 2012
• 11:00

  Bugtraq: [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE

   » ‎ SecurityFocus Vulnerabilities
  [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE

  Tags:  oracle update patch critical-patch bugtraq  

• March 29, 2012
• 8:11

  Bugtraq: NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

   » ‎ SecurityFocus Vulnerabilities
  NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

  Tags:  notification ngs patch security-appliance web-security tokens  

• 8:10

  Bugtraq: NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

   » ‎ SecurityFocus Vulnerabilities
  NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

  Tags:  notification ngs patch security-appliance system-backup web-security  

• 7:00

  Bugtraq: NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

   » ‎ SecurityFocus Vulnerabilities
  NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

  Tags:  notification ngs patch security-appliance xss web-security  

• March 09, 2012
• 7:24

  Just One Critical Fix Planned For Patch Tuesday

   » ‎ Packet Storm Security Headlines
  Just One Critical Fix Planned For Patch Tuesday

  Tags:  fix planned patch  

• February 10, 2012
• 21:47

  OpenSSH 5.9p1 Backdoor

   » ‎ Packet Storm Security Recent Files
  This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.

  Tags:  patch backdoor openssh usernames-and-passwords root-password logs  

• 21:47

  OpenSSH 5.9p1 Backdoor

   » ‎ Packet Storm Security Misc. Files
  This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.

  Tags:  patch backdoor openssh usernames-and-passwords root-password logs  

• January 27, 2012
• 21:52

  [Slides] 0-Day Patch -Exposing Vendors (In)Security Performance

   » ‎ SecDocs
  Authors: Bernard Tellenbach Stefan Frei
  Tags: vulnerability
  Event: Black Hat EU 2008
  

  Tags:  day exposing patch bernard-tellenbach stefan-frei black-hat vulnerability slides  

• January 26, 2012
• 21:49

  [Paper] 0-Day Patch -Exposing Vendors (In)Security Performance

   » ‎ SecDocs
  Authors: Bernard Tellenbach Stefan Frei
  Tags: vulnerability
  Event: Black Hat EU 2008
  

  Tags:  day patch paper bernard-tellenbach stefan-frei black-hat vulnerability  

• January 24, 2012
• 11:00

  Bugtraq: NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

   » ‎ SecurityFocus Vulnerabilities
  NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

  Tags:  notification ngs patch escalation trend-micro privilege  

• December 26, 2011
• 21:34

  [Slides] Injecting Trojans via Patch Management Software & Other Evil Deeds

   » ‎ SecDocs
  Authors: Chris Farrow
  Tags: exploiting trojan
  Event: Black Hat EU 2005
  

  Tags:  trojans injecting patch chris-farrow evil-deeds black-hat farrow  

• December 16, 2011
• 7:31

  Adobe Promises Patch For Critical Acrobat And Reader Flaw On Friday

   » ‎ Packet Storm Security Headlines
  Adobe Promises Patch For Critical Acrobat And Reader Flaw On Friday

  Tags:  acrobat adobe patch  

• December 15, 2011
• 12:00

  Bugtraq: NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM

   » ‎ SecurityFocus Vulnerabilities
  NGS00140 Patch Notification: Websense Triton 7.6 - Unauthenticated remote command execution as SYSTEM

  Tags:  notification ngs patch command-execution triton  

• 12:00

  Bugtraq: NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

   » ‎ SecurityFocus Vulnerabilities
  NGS00141 Patch Notification: Websense Triton 7.6 - Stored XSS in report management UI

  Tags:  notification ngs patch report-management xss triton  

• 0:41

  No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug

   » ‎ Darknet
  It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  patch microsoft beast read bumper-crop zero-day darknet Countermeasures  

• November 29, 2011
• 16:51

  3S CoDeSys 3.4 SP4 Patch 2 Overflows / NULL Pointers

   » ‎ Packet Storm Security Exploits
  3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.

  Tags:  null overflow patch s-codesys stack-overflow null-pointers integer-overflow  

• 16:51

  3S CoDeSys 3.4 SP4 Patch 2 Overflows / NULL Pointers

   » ‎ Packet Storm Security Recent Files
  3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.

  Tags:  null overflow patch s-codesys stack-overflow null-pointers integer-overflow  

• 16:51

  3S CoDeSys 3.4 SP4 Patch 2 Overflows / NULL Pointers

   » ‎ Packet Storm Security Misc. Files
  3S CoDeSys versions 3.4 SP4 Patch 2 and below suffer from integer overflow, stack overflow, folder creation and multiple NULL pointer vulnerabilities.

  Tags:  null overflow patch s-codesys stack-overflow null-pointers integer-overflow  

• 12:00

  Bugtraq: Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2

   » ‎ SecurityFocus Vulnerabilities
  Vulnerabilities in 3S CoDeSys 3.4 SP4 Patch 2

  Tags:  vulnerabilities codesys patch  

• November 23, 2011
• 9:03

  Bugtraq: NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution

   » ‎ SecurityFocus Vulnerabilities
  NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution

  Tags:  notification ngs patch code-execution buffer-overflow  

• 9:01

  Bugtraq: NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution

   » ‎ SecurityFocus Vulnerabilities
  NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution

  Tags:  notification ngs patch code-execution  

• November 13, 2011
• 10:56

  OpenSSH 5.5p1 Backdoor

   » ‎ Packet Storm Security Recent Files
  This is a patch for OpenSSH version 5.5p1 that adds a magic root password backdoor that also keylogs.

  Tags:  patch backdoor openssh root-password  

• 10:56

  OpenSSH 5.5p1 Backdoor

   » ‎ Packet Storm Security Misc. Files
  This is a patch for OpenSSH version 5.5p1 that adds a magic root password backdoor that also keylogs.

  Tags:  patch backdoor openssh root-password  

• November 05, 2011
• 17:40

  Light November Patch Tuesday, But No Place For Duqu Fix

   » ‎ Packet Storm Security Headlines
  Light November Patch Tuesday, But No Place For Duqu Fix

  Tags:  tuesday november patch  

• September 23, 2011
• 10:00

  Bugtraq: Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux

   » ‎ SecurityFocus Vulnerabilities
  Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux

  Tags:  linux patch  

• September 21, 2011
• 9:00

  Bugtraq: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux

   » ‎ SecurityFocus Vulnerabilities
  NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux

  Tags:  notification ngs patch linux  

• September 19, 2011
• 11:18

  [Paper] ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically

   » ‎ SecDocs
  Authors: Jeongwook Oh
  Tags: reverse engineering exploiting bug hunting
  Event: Black Hat USA 2010
  Abstract: We already have many kinds of binary patching systems available. There are commercial ones and free ones. But the current implementations only concentrate on finding the difference between binaries. But what the security researchers really want from the patch analysis is security patches. Sometimes it's very hard to locate security patches because they are buried inside normal feature updates. The time for locating the security patches will increase drastically as more feature updates are included in the released patches. This is especially true with all the Adobe and Sun product patches. They tend to mix security patches and feature updates. In that case, we need another way to boost the speed of the analysis. The automatic way to locate the security patches! This can be done by analyzing the patched parts and see if it has some specific patterns that the usual security patches have. Some integer overflow will have some comparison against the boundary integer values. And buffer overflow will involve the vulnerable "strcpy" or "memcpy" replaced with safer functions. Even free-after-use type bug has their own patch patterns. We will present all the common patterns that we saw and also present way to locate them using pattern matching. But there can be more thing to be done in addition to this simple approach. You can introduce static taint analysis to binary diffing world. You can trace back all the suspicious variables(expressed as register value or memory location) found in the patch by using binary diffing. And you can see if they are controllable or taint-able from the user controllable input like network packets or user supplied file input. This automatic security patch locating ability will be beneficial to the IPS rule writers. They can spend more time in concentrating on what really matters instead of spending time to find the actual parts to analyze. To achieve all these, I upgraded the current implementation of "DarunGrim(http://www.darungrim.org)" binary diffing system to support pattern matching and static taint analysis. It will become DarunGrim v3. DarunGrim is the most featured opensource binary diffing implementation. I will show how fast we can locate the vendor patches that, otherwise, will take few hours using other tools. All the updated source code will be released at the presentation.

  Tags:  patch analysis security usa product-patches integer-overflow security-patches  

• 11:17

  [Slides] ExploitSpotting: Locating Vulnerabilities Out Of Vendor Patches Automatically

   » ‎ SecDocs
  Authors: Jeongwook Oh
  Tags: reverse engineering exploiting bug hunting
  Event: Black Hat USA 2010
  Abstract: We already have many kinds of binary patching systems available. There are commercial ones and free ones. But the current implementations only concentrate on finding the difference between binaries. But what the security researchers really want from the patch analysis is security patches. Sometimes it's very hard to locate security patches because they are buried inside normal feature updates. The time for locating the security patches will increase drastically as more feature updates are included in the released patches. This is especially true with all the Adobe and Sun product patches. They tend to mix security patches and feature updates. In that case, we need another way to boost the speed of the analysis. The automatic way to locate the security patches! This can be done by analyzing the patched parts and see if it has some specific patterns that the usual security patches have. Some integer overflow will have some comparison against the boundary integer values. And buffer overflow will involve the vulnerable "strcpy" or "memcpy" replaced with safer functions. Even free-after-use type bug has their own patch patterns. We will present all the common patterns that we saw and also present way to locate them using pattern matching. But there can be more thing to be done in addition to this simple approach. You can introduce static taint analysis to binary diffing world. You can trace back all the suspicious variables(expressed as register value or memory location) found in the patch by using binary diffing. And you can see if they are controllable or taint-able from the user controllable input like network packets or user supplied file input. This automatic security patch locating ability will be beneficial to the IPS rule writers. They can spend more time in concentrating on what really matters instead of spending time to find the actual parts to analyze. To achieve all these, I upgraded the current implementation of "DarunGrim(http://www.darungrim.org)" binary diffing system to support pattern matching and static taint analysis. It will become DarunGrim v3. DarunGrim is the most featured opensource binary diffing implementation. I will show how fast we can locate the vendor patches that, otherwise, will take few hours using other tools. All the updated source code will be released at the presentation.

  Tags:  patch analysis security usa product-patches integer-overflow security-patches  

• August 24, 2011
• 17:16

  Cisco Security Advisory 20110824-cucm-cups

   » ‎ Packet Storm Security Advisories
  Cisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.

  Tags:  patch advisory Software cisco-unified cisco-callmanager cisco-security cisco-security-advisory cisco-unified-communications-manager train-customers  

• 17:16

  Cisco Security Advisory 20110824-cucm-cups

   » ‎ Packet Storm Security Recent Files
  Cisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.

  Tags:  patch advisory Software cisco-unified cisco-callmanager cisco-security cisco-security-advisory cisco-unified-communications-manager train-customers  

• 17:16

  Cisco Security Advisory 20110824-cucm-cups

   » ‎ Packet Storm Security Misc. Files
  Cisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.

  Tags:  patch advisory Software cisco-unified cisco-callmanager cisco-security cisco-security-advisory cisco-unified-communications-manager train-customers  

• August 04, 2011
• 18:51

  Microsoft To Fix 22 Flaws In Patch Tuesday This August

   » ‎ Packet Storm Security Headlines
  Microsoft To Fix 22 Flaws In Patch Tuesday This August

  Tags:  fix microsoft patch  

• July 20, 2011
• 18:19

  Oracle Patch Day: 78 Critical Database Server Flaws

   » ‎ Packet Storm Security Headlines
  Oracle Patch Day: 78 Critical Database Server Flaws

  Tags:  day oracle patch critical-database database-server  

• June 27, 2011
• 23:59

  Accidental overwrite of a SafeGuard LAN Crypt key can occur under specific circumstances, preventing access to data. Patch now available.

   » ‎ Sophos product advisories
  Under certain specific circumstances, it is possible to accidentally overwrite the key value of an existing LAN Crypt key when you are making changes to the key. This will mean that the key will no longer be able to decrypt files. We have released a patch which you should install in order to avoid the possibility of this occurring

  Tags:  patch key overwrite lan-crypt key-value access-to-data  

• June 14, 2011
• 14:51

  Patch Tuesday Fixes Dangerous Flaws

   » ‎ Packet Storm Security Headlines
  Patch Tuesday Fixes Dangerous Flaws

  Tags:  tuesday fixe patch  

• June 04, 2011
• 9:15

  Oracle Preparing To Patch 17 Flaws In Java SE

   » ‎ Packet Storm Security Headlines
  Oracle Preparing To Patch 17 Flaws In Java SE

  Tags:  preparing oracle patch  

• April 27, 2011
• 9:00

  Bugtraq: NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write

   » ‎ SecurityFocus Vulnerabilities
  NGS00068 Patch Notification: LibAVCodec AMV Out of Array Write

  Tags:  notification ngs patch array  

• April 13, 2011
• 6:55

  Patch Management Crucial To Defend Against Cyber Attacks

   » ‎ Packet Storm Security Headlines
  Patch Management Crucial To Defend Against Cyber Attacks

  Tags:  management patch crucial cyber-attacks patch-management  

• 3:19

  Microsoft Unleashes Record Breaking Patch Tuesday – April 2011

   » ‎ Darknet
  We all love Patch Tuesday – no doubt about that right? Well Microsoft has blessed us this month with the biggest Patch Tuesday in the history of the program. That’s a good thing because it’s had some horribly effective vulnerabilities revealed lately. It managed to package up a massive bundle of patches for 64 vulnerabilities...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  microsoft tuesday patch read darknet no-doubt vulnerabilities Countermeasures  

• March 22, 2011
• 10:00

  Bugtraq: NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow

   » ‎ SecurityFocus Vulnerabilities
  NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow

  Tags:  notification ngs patch x-imageio apple-mac-os apple-mac-os-x integer-overflow  

• 10:00

  Bugtraq: NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows

   » ‎ SecurityFocus Vulnerabilities
  NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows

  Tags:  notification ngs patch apple-mac-os x-image apple-mac-os-x mac-os-x  

• March 09, 2011
• 19:12

  Apple Java Patch Kills 27 Bugs, Some Critical

   » ‎ Packet Storm Security Headlines
  Apple Java Patch Kills 27 Bugs, Some Critical

  Tags:  Bugs patch kills apple-java java-patch apple  

• March 04, 2011
• 7:25

  March Patch Tuesday Leaves IE Unpatched For Pwn2Own Hackers

   » ‎ Packet Storm Security Headlines
  March Patch Tuesday Leaves IE Unpatched For Pwn2Own Hackers

  Tags:  leaves tuesday patch unpatched hackers  

• January 15, 2011
• 16:15

  Oracle To Patch 66 Vulnerabilities

   » ‎ Packet Storm Security Headlines
  Oracle To Patch 66 Vulnerabilities

  Tags:  vulnerabilities oracle patch  

• January 06, 2011
• 20:01

  Microsoft To Patch 3 Windows Security Bugs Next Week

   » ‎ Packet Storm Security Headlines
  Microsoft To Patch 3 Windows Security Bugs Next Week

  Tags:  microsoft patch windows security-bugs windows-security  

• December 15, 2010
• 8:37

  Critical IE Update In Biggest Ever Patch Tuesday

   » ‎ Packet Storm Security Headlines
  Critical IE Update In Biggest Ever Patch Tuesday

  Tags:  tuesday update patch  

• December 06, 2010
• 4:22

  SafeGuard Enterprise - Sophos releases patch for potential vulnerabilty in SGN 5.x and SGE/SDE 5.5x

   » ‎ Sophos product advisories
  Sophos has released a patch for a potential vulnerabilty. It is recommended that you apply this patch as soon as possible.

  Tags:  vulnerabilty patch sophos sge safeguard  

• December 02, 2010
• 8:00

  Bugtraq: NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration

   » ‎ SecurityFocus Vulnerabilities
  NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration

  Tags:  notification ngs patch cisco-ipsec vpn-implementation implementation-group cisco  

• November 22, 2010
• 12:00

  Bugtraq: NGS00015 Patch Notification: ImageIO Memory Corruption

   » ‎ SecurityFocus Vulnerabilities
  NGS00015 Patch Notification: ImageIO Memory Corruption

  Tags:  notification ngs patch memory-corruption  

• November 10, 2010
• 18:01

  MDVSA-2010-225-1.txt

   » ‎ Packet Storm Security Advisories
  Mandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php). The updated packages have been patched to correct these issues. The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.

  Tags:  txt patch mandriva linux-security mandriva-linux security-advisory  

• October 12, 2010
• 0:00

  Patch Tuesday - Critical Flaws Haunt Microsoft Office, IE Browser

   » ‎ Packet Storm Security Headlines
  Patch Tuesday - Critical Flaws Haunt Microsoft Office, IE Browser

  Tags:  tuesday haunt patch critical-flaws microsoft-office microsoft  

• October 07, 2010
• 0:00

  MS Planning Patch Tuesday Whopper - 16 Bulletins, 49 Vulnerabilities

   » ‎ Packet Storm Security Headlines
  MS Planning Patch Tuesday Whopper - 16 Bulletins, 49 Vulnerabilities

  Tags:  tuesday planning patch vulnerabilities bulletins  

• August 18, 2010
• 0:00

  Adobe To Patch Black Hat Bugs On Thursday

   » ‎ Packet Storm Security Headlines
  Adobe To Patch Black Hat Bugs On Thursday

  Tags:  adobe black patch black-hat Bugs  

• August 13, 2010
• 0:00

  iOS Patch Draws Fast Action From Jailbreakers

   » ‎ Packet Storm Security Headlines
  iOS Patch Draws Fast Action From Jailbreakers

  Tags:  ios draws patch  

• August 10, 2010
• 0:00

  Microsoft Releases Massive Patch Tuesday Security Update

   » ‎ Packet Storm Security Headlines
  Microsoft Releases Massive Patch Tuesday Security Update

  Tags:  microsoft patch releases  

• July 13, 2010
• 0:00

  Oracle Patch Batch To Fix 59 Flaws

   » ‎ Packet Storm Security Headlines
  Oracle Patch Batch To Fix 59 Flaws

  Tags:  oracle patch batch  

• July 09, 2010
• 0:00

  Microsoft To Patch Zero-Day Help Center Flaw

   » ‎ Packet Storm Security Headlines
  Microsoft To Patch Zero-Day Help Center Flaw

  Tags:  day microsoft patch zero-day  

• June 02, 2010
• 0:00

  Minor Bugs Bite Patch Security Checking Tool

   » ‎ Packet Storm Security Headlines
  Minor Bugs Bite Patch Security Checking Tool

  Tags:  bite bug patch minor-bugs  

• May 12, 2010
• 0:00

  Security Firms Issue Patch Tuesday Warnings

   » ‎ Packet Storm Security Headlines
  Security Firms Issue Patch Tuesday Warnings

  Tags:  patch issue security security-firms issue-patch  

• May 11, 2010
• 10:00

  PS3 patch allows Linux installation

   » ‎ Hack a Day
  [Geohot] came up with a patch that allows OtherOS on 3.21 PS3 firmware. You’ll remember that Sony released version 3.21 specifically to prohibit OtherOS which allows the installation of Linux for which they were subsequently sued. Well, now their “fix” doesn’t work on people willing to flash patched firmware which means they’re only punishing those [...]

  Tags:  patch installation linux sony geohot playstation hacks  

• May 07, 2010
• 14:00

  5×2 patch board

   » ‎ Hack a Day
  Sometimes we want to sit on the back porch, crack a beer, and do some prototyping. Other times we’d like to do the same but on the couch in the livingroom. To that end we added a 5×2 pin to 10×1 pin patch board to our solderless breadboard. The 5×2 pin form factor is pretty [...]

  Tags:  patch board back solderless-breadboard back-porch livingroom tool hacks  

• April 16, 2010
• 2:35

  Oracle Releases Emergency Patch for Java Vulnerability

   » ‎ Darknet
  After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  java patch emergency read java-vulnerability emergency-patch java-bug Countermeasures  

• 0:00

  MS Kernel Patch Skirts Infected Machines

   » ‎ Packet Storm Security Headlines
  MS Kernel Patch Skirts Infected Machines

  Tags:  skirts kernel patch kernel-patch  

• March 30, 2010
• 0:00

  Microsoft Issues Emergency Patch For 10 IE Holes

   » ‎ Packet Storm Security Headlines
  Microsoft Issues Emergency Patch For 10 IE Holes

  Tags:  microsoft patch emergency emergency-patch microsoft-issues holes  

• March 05, 2010
• 0:00

  Patch Tuesday Will Leave F1 Hole Unpatched

   » ‎ Packet Storm Security Headlines
  Patch Tuesday Will Leave F1 Hole Unpatched

  Tags:  tuesday will patch  

• March 04, 2010
• 0:00

  Microsoft Patch Tuesday Heads-Up - 2 Bulletins, 8 Vulnerabilities

   » ‎ Packet Storm Security Headlines
  Microsoft Patch Tuesday Heads-Up - 2 Bulletins, 8 Vulnerabilities

  Tags:  microsoft tuesday patch microsoft-patch vulnerabilities bulletins  

• February 25, 2010
• 13:17

  AHCI patch

   » ‎ remote-exploit & backtrack
  I want to apply a patch to enable AHCI on my Dell inspiron.
  I apply quirk-ich-force-ahci.patch patch to /usr/src/linux-source-2.6.30.9/drivers/pci/quirks.c
  But now what to do next?

  Tags:  patch dell ahci linux-source dell-inspiron quirk General Discussion  

• February 20, 2010
• 12:00

  linux-2.4.37.9-ow1.tar.gz

   » ‎ Packet Storm Security Misc. Files
  The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

  Tags:  patch kernel linux kernel-patch buffer-overflow linux-kernel  

• 12:00

  linux-2.4.37.9-ow1.tar.gz

   » ‎ Packet Storm Security Recent Files
  The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

  Tags:  patch kernel linux kernel-patch buffer-overflow linux-kernel  

• February 10, 2010
• 0:00

  Bumper Patch Tuesday Tackles Multiple Windows Flaws

   » ‎ Packet Storm Security Headlines
  Bumper Patch Tuesday Tackles Multiple Windows Flaws

  Tags:  multiple tuesday patch bumper  

• February 05, 2010
• 0:00

  Microsoft To Patch 17-Year-Old Computer Bug

   » ‎ Packet Storm Security Headlines
  Microsoft To Patch 17-Year-Old Computer Bug

  Tags:  microsoft patch year computer-bug old-computer  

• February 02, 2010
• 4:37

  How to use zd1211rw on backtrack4 final ?

   » ‎ remote-exploit & backtrack
  hi all
  I have zd1211rw chip USB Wirelss adapter.
  
  but Backtrack 4 final is not working zd1211rw.
  
  Quote:

  I try compat-wireless 1 download by compat-wireless and extract. 2 patched zd1211rw-inject+dbi-fix-2.6.26.patch and mac80211-2.6.29-fix-tx-ctl-no-ack-retry-count.patch. 3 make && make install 4 make unload && modprobe zd1211rw

  but run to
  airmon-ng start wlan0
  freeze...
  
  thanks

  Tags:  patch amp BackTrack chip-usb Newbie Area  

• January 31, 2010
• 23:56

  kernel

   » ‎ remote-exploit & backtrack
  Salut tous,
  
  J'ai compilé le kernel 2.6.32.7 et j'ai inclus grseurity, il y a aussi un patch pour cette version kernel 2.6.32.7, dois-je appliquer ce patch avant la compilation? avant d'installer grsecurity au kernel?
  Voici ma commande que j'ai utilisé pour la compilation:
  
  make-kpkg --initrd kernel_image kernel_headers
  
  J'obtiens donc 1 fichier linux-headers et 1 fichier linux-image en .deb, donc je suppose que c'est le fichier image que je dois lancer avec dkpg -i, est-ce correct?
  Aussi puis-je appliquer ce noyau a BT?
  Merci de votre aide.

  Tags:  patch fichier kernel kernel-image kernel-2 linux-image Espace debutant