[SECURITY] Fedora 21 Update: squid-3.4.7-1.fc21

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

kernel: sctp: sk_ack_backlog wrap-around problem

An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation processed certain COOKIEECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP...

SA-CONTRIB-2014-076 - Fasttoggle - Access bypass

This module enables you to quickly toggle various user, node and field related settings via ajax links. The recent 7.x-1.3 and 1.4 releases of the module include a rewrite of the access control which doesn't correctly implement support for the user status allow/block link. This vulnerability is...

Mozilla Improves Malware Blocking in Firefox 31

Attackers have any number of methods for getting their malware onto users’ machines, but one of the easier and more effective ones is through drive-by downloads. Browser vendors have been adding defenses to mitigate this threat for some time, and the newest version of Mozilla Firefox includes an...

Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability

No description provided by source. Document Title: =============== Barracuda Networks 35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1101 Barracuda Networks Security ID BNSEC:...

samba: nmbd denial of service

A denial of service flaw was found in the way the sysrecvfile function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of C...

samba: nmbd denial of service

A denial of service flaw was found in the way the sysrecvfile function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of C...

Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses th...

Router ONO Hitron CDE-30364 - CSRF Vulnerability

No description provided by source. Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability Date: 14-9-2013 Exploit Author: Matias Mingorance Svensson - matias.msatowasp.org Vendor Homepage: http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/ Tested on:...

Netgear FM114P ProSafe Wireless Router Rule Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7270/info The Netgear FM114P allows certain ports to be blocked, both for external users attempting to enter the local network and for local users connecting to the WAN. If Remote Access and Universal Plug and Play are bo...

SonicWall SOHO3 6.3 Content Blocking Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4755/info The Sonicwall SOHO3 is an Internet security appliance that provides firewall security solutions. Reportedly, a vulnerability exists in the product that allows for a script injection attack to be launched from a...

Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure

No description provided by source. - Title: Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Remote Administration Password Disclosure - Author: Alberto Ortega @a0rtega [email protected] - Version: Tested on firmware version v2.0.0.30BES. Laboratory subject:...

Tri-PLC Nano-10 r81 - Denial of Service

No description provided by source. Exploit Title: Tri-PLC Nano-10 DoS Date: 07/11/2013 Exploit Author: Sapling Vendor Homepage: www.tri-plc.com Version: Firmware Version r81 and prior CVE : CVE-2013-2784 ICSA: ICSA-13-189-02 / The vulnerability exists due to a flaw in the PLC's ability to handle ...

nginx 1.3.9/1.4.0 x86 - Brute Force Remote Exploit

No description provided by source. nginx 1.3.9/1.4.0 x86 brute force remote exploit copyright c 2013 kingcope ---------------------------- fix for internet exploitation, set MTU: ifconfig interface mtu 60000 up !!! WARNING !!! this exploit is unlikely to succeed when used against remote internet...

CVE-2014-4171

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service imutex hold by using the mmap system call to access a hole, as demonstrated by interfering with intended...

openstack-heat-templates: use of HTTPS url and sslverify=false

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Scientific Linux Security Update : curl on SL6.x i386/x86_64 (20140527)

It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTPS with NTLM authentication, LDAPS, SCP, or SFTP. If an application using the libcurl library connect...

CVE-2013-2125

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...

Open redirect

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service connection blocking by keeping a connection open...

curl security and bug fix update

7.19.7-37.el65.3 - fix re-use of wrong HTTP NTLM connection CVE-2014-0015 - fix connection re-use when using different log-in credentials CVE-2014-0138 7.19.7-37.el65.2 - fix authentication failure when server offers multiple auth options 1096797 7.19.7-37.el65.1 - refresh expired cookie in test1...