Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

Web Browsers Malicious Hidden iFrame Redirection

A compromised site may use an obfuscated hidden iFrame code in order to redirect traffic to a malicious website. The client would then be vulnerable to possible automatic download of malware...

2 5 2 9 net Union the use of the latest ie vulnerability mandatory installation of light micro-end-bug warning-the black bar safety net

I'm using Baidu browser ie compatible mode to browse http://www.dy2018.com this movie site, and found that somehow run the one called“Shine micro-end”of the game client, then I used smartsniff packet capture analysis, in the view source when the found a 2 5 2 9 net Union js advertising code, whic...

F5 Networks BIG-IP : pl_tree.php XSS vulnerability (SOL15939)

Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation. C Tenable Network Security, Inc. The...

CA ARCserve Backup DB Engine Denial of Service - Ver2 (CVE-2008-4399)

CA ARCserve Backup products offer data protection for distributed servers, clients,databases and applications. They provide centralized control over a series of distributed operationsincluding Backup and Restore, Data Migration, and Threat Management. There exists a denial of service vulnerabilit...

First Time Ever Apple Automatically Pushes Security Patch for Mac OS

First time ever in the History, Apple Inc. has pushed out an automatic security update for Macintosh OS X computers to address a critical security issue that, according to the company, was too risky to wait for users to patch after seeking their prior approval. Despite having the ability for year...

SA-CONTRIB-2014-122 - MoIP - Cross Site Scripting (XSS)

This module enables you to use Moip a Brazilian payment method with Drupal Commerce. The module doesn't sufficiently filter the data passed by the automatic notifications, leaving the possibility for a malicious user to insert Cross Site Scripting xss attacks. This vulnerability is mitigated by t...

Microsoft Releases 7 Security Updates

Last week Microsoft released its Advance Notification for the month of December 2014 Patch Tuesday Updates, and finally today released a total of seven security bulletins, which will address several vulnerabilities in its products, out of which three are marked 'critical' and rest are 'important'...

AutoScan-Network - Automatically scan your network

AutoScan-Network is a network scanner discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network. System Requirements : •Mac OS X 10.5 or later •Microsoft Windows XP, Vista •GNU/Linux •Maemo 4...

Cross site scripting

Cross-site scripting XSS vulnerability in the tree view pltree.php feature in Application Security Manager ASM in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation...

[SECURITY] Fedora 21 Update: clamav-0.98.5-1.fc21

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

Zenoss Core contains multiple vulnerabilities

Overview The Zenoss Core application, server, and network management platform software contains multiple vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code. Description The Zenoss Core application, server, and network management platform software...

CVE-2014-5284

host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed...

[SECURITY] Fedora 19 Update: clamav-0.98.5-1.fc19

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

[SECURITY] Fedora 20 Update: clamav-0.98.5-1.fc20

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

CentOS 6 : luci (CESA-2013:1603)

Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

Fedora 21 : fedup-0.9.0-2.fc21 (2014-14347)

This update works around a serious problem in Fedora 21 Beta which makes systems automatically shut down 15 minutes into the upgrade. Other improvements : - Adds --product=PRODUCT flag, required for upgrades to F21 - Uses host's config files in upgrade.img, which should fix various upgrade proble...

Microsoft to Issue 16 Security Patches and 60 Other Updates

Microsoft has this time quite a big pile of security patches in its November 2014 Patch Tuesday, which will address almost 60 non-security updates for its Windows OS along with 16 security updates. The software giant released Advance Notification for 16 security bulletins, the most in more than...

Threat Outbreak Alert RuleID12311: Email Messages Distributing Malicious Software on November 7, 2014

Medium Alert ID: 36364 First Published: 2014 November 7 21:33 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12311 may contain the following files: Name |...

Threat Outbreak Alert RuleID12250: Email Messages Distributing Malicious Software on November 4, 2014

Medium Alert ID: 36317 First Published: 2014 November 5 16:35 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12250 may contain the following files: Name |...