PVS XDSW retain template disks

AllowXendesktop Setup Wizard XDSW created targets, to be created with disks as configured in the template. Background: PVS 7.x XDSW introduced new functionality to allow setting write cache size for the new target devices about to be created. XDSW will create the cache disk, and it will be...

Sensio Labs Symfony Security Component CSRF Vulnerability

Sensio Labs Symfony is the French company Sensio Labs a set of free , MVC-based PHP development framework , which provides commonly used functional components and tools , can be used to quickly create complex WEB program . Security is one of the security components . A security vulnerability exis...

CPP-Ethereum JSON-RPC admin_peers improper authorization Vulnerability

Summary An exploitable improper authorization vulnerability exists in adminpeers API of cpp-ethereum’s JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigg...

wig - WebApp Information Gatherer

wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being...

UBUNTU-CVE-2017-3204

The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

DEBIAN-CVE-2017-3204

The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...

How to Configure Default Device Access Behavior of Workspace app for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149for more information. Citrix Virtual Apps and Desktops, formerly XenDesktop, fits the enterprise need to bring both VDI and...

DLA-382-1 sudo - security update

Bulletin has no description...

Fedora 21 : perl-Module-Signature-0.78-1.fc21 / perl-Test-Signature-1.11-1.fc21 (2015-5833)

This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...

Debian DLA-80-1 : libxml2 security update

Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service...

Fedora 13 : ghostscript-8.71-16.fc13 (2010-14640)

This package fixes a security problem CVE-2010-2055 in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour. Additionally, several other bugs have been fixed: scripts defining GSEXECUTABLE have be...

Fedora Core 5 : gnupg-1.4.7-1 (2007-316)

This updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenab...

Fedora Core 6 : gnupg-1.4.7-2 (2007-315)

This updates GnuPG to version 1.4.7, changing the default behavior so that gnupg now flags message streams which contain multiple plaintexts as an error. This prevents errors which would occur when applications which called gnupg assumed that this was already the default behavior. Note that Tenab...

Debian DSA-1075-1 : awstats - programming error

Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet. The new default behaviour is not to acce...

Standalone applications can run arbitrary code through the browser — Mozilla

Several media players, for example Flash and QuickTime, support scripted content with the ability to open URLs in the default browser. The default behavior for Firefox was to replace the currently open browser window's content with the externally opened content. If the external URL was a...