2152 matches found
Updated file packages fix security vulnerabilities
A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...
Malicious iOS Tor Browser in Apple App Store
An iOS Tor Browser hosted for download on Apple’s notoriously restrictive App Store is reportedly a fake. Worse yet, not only is the application said to be illegitimate, but also allegedly malicious. According to a support ticket opened by a Tor Project volunteer operating under the handle Phobos...
Cisco ISE Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...
Design/Logic Flaw
The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...
CVE-2014-0665
The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...
Tor Browser Bundle 3.5
The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
CVE-2013-6695
The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...
Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...
Tor Users Hit With Firefox Exploit, But No Large Compromise of Network Seen
The vulnerability in Firefox that was being used to exploit some users of Tor in recent days was fixed in a previous Firefox release and the exploit in circulation only works against people running Firefox 17. Over the weekend, word spread that the exploit was in the wild and that the Tor network...
Cross site scripting
Cross-site scripting XSS vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label...
CVE-2013-2177
Cross-site scripting XSS vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label...
[PenQ] The Security Testing Browser Bundle
PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured ...
SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8557)
This update of compat-curl2 fixes several security issues. - fixes for the cookie domain tailmatch vulnerability. bnc814655 - updated curl CA-Cert Bundle. bnc810010 - fixes for a potential BEAST attack bnc742306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...
SuSE 10 Security Update : curl, curl (ZYPP Patch Number 8550)
This update fixes the cookie domain tailmatch vulnerability in curl. CVE-2013-1944 has been assigned to this issue. Also the CA-Cert Bundle has been updated to the current state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Russian Underground Cybercrime market offering sophisticated services
Security firm Trend Micro recent analyses the Russian crimeware markets and has found that malware tools and services range from one-time packages which cost just pennies to sophisticated packages and services which cost purchasers thousands of dollars per month. If you want to buy a botnet it wi...
SA-CONTRIB-2012-046 - Bundle Copy - Arbitrary Code execution
CVE: CVE-2012-2073 Bundle copy is a replacement for the Content copy module which lives in the CCK project for Drupal 6. Besides the ability to import and export content types, taxonomy and user entities are also supported. Field groups can be exported easily as well. The module doesn't...
Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"
"There is an EVIL bug in at least the Linux 2.2.35-8 Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle." https://trac.torproject.org/projects/tor/ticket/5417 Ticket 5417 new defect RelativeLink.sh in Tor browser bundle ha...
ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle
Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...
DSA-2299-1 ca-certificates - untrusted root CA
Bulletin has no description...