Debian: Security Advisory (DSA-3231-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Report Recommends Series of Cybersecurity Changes at FAA

The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by th...

Cisco Secure Access Control System SQLi Vulnerability (cisco-sa-20150211-csacs)

The version of Cisco Secure Access Control System ACS running on the remote host is prior to 5.5 patch 7. It is, therefore, affected by a SQL injection vulnerability due to not properly sanitizing user input to the ACS View reporting interface pages. An authenticated, remote attacker, using craft...

Cisco Secure Access Control System SQL injection

SQL injection via Web interface...

CVE-2015-0580

Summary: CVE-2015-0580 affects Cisco Secure Access Control System (ACS) prior to 5.5 patch 7, via multiple SQL injection flaws in the ACS View reporting interface. An authenticated remote attacker can craft HTTPS requests to disclose or modify data in ACS View databases due to improper input sani...

Cisco Secure Access Control System SQL Injection Vulnerability

Cisco Secure Access Control System ACS prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one...

CentOS Update for mod_dav_svn CESA-2015:0166 centos7

Check the version of moddavsvn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882116";...

CVE-2014-8029

Open redirect vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150...

Open redirect

Open redirect vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150...

CVE-2014-8029

CVE-2014-8029 affects Cisco Secure Access Control Server (ACS) web interface. It is a open redirect vulnerability due to insufficient input validation of a specific parameter, enabling an unauthenticated, remote attacker to lure users to arbitrary sites and conduct phishing via a crafted link. Ci...

CVE-2014-8028

Cisco Secure ACS (Access Control Server) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web framework. The issue stems from insufficient input validation of several parameters passed to the web server, allowing remote attackers to craft links that persuade users to exec...

CVE-2014-8028

Multiple cross-site scripting XSS vulnerabilities in the web framework in Cisco Secure Access Control System ACS allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019...

[SECURITY] Fedora 20 Update: subversion-1.8.11-1.fc20

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

CoolReaper Backdoor Found On CoolPad Android Mobile Devices

A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent. The Coolpad devices, however, are ripe for much more malicious abuse,...

VulnCheck KEV: CVE-2014-0751

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This...

Elipse SCADA Denial of Service Patch

Brazilian process management software developer Elipse has patched a serious denial-of-service vulnerability in its web-based Elipse SCADA application. The software is used in a number of critical industries worldwide, including manufacturing, energy, water and wastewater plants. The vulnerabilit...

BlackEnergy Malware Used in Attacks Against ICS HMI

Industrial control system operations running human-machine interface software from a handful of vendors are being targeted by a hacking campaign making use of the BlackEnergy malware. The United States Industrial Control System Cyber Emergency Response Team ICS-CERT published an advisory on Tuesd...

Ecava IntegraXor Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXo...

Arbiter Systems 1094B GPS Clock Spoofing Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 11, 2014, and is being released to the NCCIC/ICS-CERT web site. Arbiter Systems has identified a GPS clock spoofing vulnerability in its 1094B clock. Arbiter Systems has produced a new product that is no...

[SECURITY] Fedora 19 Update: subversion-1.7.18-1.fc19

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...