Updated webmin packages fix security vulnerabilities

Updated webmin package fixes security vulnerability: The webmin package has been updated to version 1.730 to fix possible security issues that could be caused by malicious symlinks when reading mail. The updated version also has various bug fixes, translation updates, and functionality...

Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1

Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Advisory ID: SROEADV-2014-02 Author: Steffen Rцsemann Affected Software: CMS Serendipity v.2.0-rc1 Release: 20th Dec 2014 Vendor URL: http://www.s9y.org/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

OracleVM 3.3 : bind (OVMSA-2014-0084)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 1171973 - Use /dev/urandom when generating rndc.key file 951255 - Remove bogus file from /usr/share/doc, introduced by fix for bug 1092035 - Add support for TLSA resource records...

Windows Command Shell, Hidden Bind TCP Stager

Spawn a piped command shell staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 343...

Reflective DLL Injection, Hidden Bind TCP Stager

Inject a DLL via a reflective loader. Listen for a connection from a hidden port and spawn a command shell to the allowed host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 343...

Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rцsemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

CVE-2014-2026

Cross-site scripting XSS vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter...

CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update

Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service assertion failure and named exit via vectors related to 1 the lack of GeoIP databases for both IPv4 and IPv6, or 2 IPv6 support with certain options...

VMware vCloud Automation Center privilege escalation

Privilege escalation via "Connect by Using VMRC" functionality...

Cross site scripting

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

CVE-2014-8488

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

CVE-2014-8488

Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...

gollum-grit_adapter Search Functionality Allows Arbitrary Command Execution

The gollum-gritadapter gem contains a flaw that can allow arbitrary command execution. Grit implements its search functionality by shelling out to git grep. In turn, git grep takes a -O or --open-files-in-pages option that will pipe the results of grep to an arbitrary process. By failing to...

Updated sddm packages fix security vulnerabilities

Sddm may in some cases allow unauthenticated logins as the sddm user CVE-2014-7271. Sddm is vulnerable to a race condition in XAUTHORITY file generation CVE-2014-7272. Sddm has been updated to version 0.10.0, fixing these issues and several other bugs, and adding new functionality. libxcb package...

X (Formerly Twitter): Abuse of "Remember Me" functionality.

Steps to Reproduce:- 1. Navigate to https://twitter.com/login, Fill up the required details and click on the "Log in" button. Make sure you have checked "Remember Me" check-box. 2. Login Successfully, Analyze the cookie using FireBug, specially "authtoken" and "remembercheckedon". These cookies...

OracleVM 2.1 : xen (OVMSA-2009-0001)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix permissions problem with VM.GuestMetrics bugz 7265 - Disable ovs-disabled-create-netif-if-vif-type-set-ioemu.patch - Include proper patch for bugz 7807 - Implement VM.GuestMetrics to communicate...

CSRF in "bookmarks" application - ownCloud

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.0 update

Red Hat JBoss Operations Network 3.2.3, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...