More news whitepapers
Free Research and Reports
- App Developer Conference @ GDC Next - GDC Next
- iBeacons, BLE beacons and Everything in Between: Unpacking Proximity Sensing Technology @ Black Hat Europe - GDC Next
- Mobile Conversion is Broken: How To Fix It with Smart Mobile Design @ App Developers Conference - GDC Next
- Aligning emerging technology and ITSM - FUSION 14
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.