The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Oracle Launches an Emergency Fix for 0-day Java Vulnerabilities

Oracle Launches an Emergency Fix for 0-day Java Vulnerabilities

On Monday, March 4, Oracle launched an unscheduled update Java 7 Update 17 and Java 6 Update 43 that fixes two critical vulnerabilities in Java, one of which is used by hackers to carry out targeted attacks.

Vulnerabilities CVE-2013-1493 and CVE-2013-0809, which exist because of the errors in 2D Java subcomponents, received from Oracle the highest level if concern – CVSS Score 10.0.

The company published a security report that stated: “These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system”.

The fact that vulnerability CVE-2013-1493 is being used revealed when researchers of the security firm FireEye discovered a number of attacks. Hackers used it to install a piece of malicious malware, a.k.a. McRAT, which allows cybercriminals to gain remote access to the victim’s machine.

This was not the first time when Oracle changed the update release schedule. Thus, the first update was to be launched on February 19, but the committed attacks induced the company to release it on February 1.

NakedSecurity advices users to install the patches as soon as possible.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015