The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Google to bounty fixing bugs in non-Google open source code software

Google to bounty fixing bugs in non-Google open source code software

Google will expand its bounty program by adding awards for fixing vulnerabilities in open source code software, not necessarily in its own product.

The company started rewarding developers for providing fixes for flaws in Google’s software in 2010, when introducing Bounty Program for Chrome web browser. Today Google is reported to be ready to pay for other vendors products.

Trying to explain the scope and requirements for fixes, an IT-specialist Michal Zalewskiwrotein a blog: “We decided to try something new: provide financial incentives for down-to-earth, proactive improvements that go beyond merely fixing a known security bug. Whether you want to switch to a more secure allocator, to add privilege separation, to clean up a bunch of sketchy calls to strcat(), or even just to enable ASLR - we want to help!”

Initially, the program will only be active for certain open-source projects, such as the OpenSSL and OpenSSH secure communications libraries, the BIND DNS software, and security-critical components of the Linux kernel. Then Google will expand the scope of the projects and include Apache web server, email servers Sendmail, Postfix and Exim, as well as tools for software development GNU.

According to Zalewski, the company chose a selective approach, as it believes that it will be more productive than rewarding for detecting flaws in old open source codes.

The expert recommends reviewing the documents that provide additional information on eligibility, requirements, and other important stuff.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015