Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat...

Important: Red Hat Security Advisory: openssl097a and openssl098e security update

Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

tomcat: incomplete fix for CVE-2012-3544

It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by...

CVE-2013-1407

Multiple cross-site scripting XSS vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 scope parameter to index.php; 2 username, 3 dbemphone, 4 useremail, or 5...

PT-2014-4539 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A denial of service issue exists, allowing remote attackers to cause a device reload via a crafted DHCPv6 packet when DHCPv6 replay is configured. Thi...

Important: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server...

RHEL 6 : openssl (RHSA-2014:0376)

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

openstack-keystone: trustee token revocation does not work with memcache backend

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

CVE-2014-1893

Multiple integer overflows in the 1 FLASKGETBOOL and 2 FLASKSETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, a different vulnerability than...

Data Breaches Show Difficulty of Defenders' Task

When attackers broke into the network of the University of Maryland last month, the university’s wasn’t sure how to react. The organization had never had a major security incident before, and this one qualified as major: 310,000 Social Security numbers and other information was gone. And then thr...

ClipSharePro 4.1 Local File Inclusion

Exploit Title : ClipSharePro 0 $configfile = $GET'configfile'; else showAlertMessage"ERROR: Failed to find configfile parameter", 1; else $configfile = $DEFAULTCONFIG; // Load config file require $configfile; //including arbitrary file $GET'configfile' echo $configfile; The vulnerability can be...

ClipSharePro 4.1 - Local File Inclusion

Exploit Title : ClipSharePro 0 $configfile = $GET'configfile'; else showAlertMessage"ERROR: Failed to find configfile parameter", 1; else $configfile = $DEFAULTCONFIG; // Load config file require $configfile; //including arbitrary file $GET'configfile' echo $configfile; The vulnerability can be...

HTTPS can leak your Personal details to Attackers

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by...

PT-2014-2155 · Debian · Apt

Name of the Vulnerable Software and Affected Versions: apt versions prior to 0.8.11 Description: The issue allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors when the certificate host name fails validation and Verify-Host is enabled. Recommendations: For...

MGASA-2014-0103 Updated kernel fixes security vulnerabilities

This kernel update provides an update to the upstream stable 3.12.13 maintenance release and fixes the following security issues: A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev during uncached writes. An unprivileged local user with access to...

MGASA-2014-0083 Updated mongodb package fixes security vulnerability

A possible DoS issue was discovered in MongoDB CVE-2012-6619. The --objcheck command line switch has now been enabled by default in the mongod service as a protective measure...

Printer Job Language Abuse Tool

!/usr/bin/python2 """ printit.py - sends postscript files to printers. Never pay extortionate prices for printing again! Author: Darren "infodox" Martyn Twitter: @infodox Licence: WTFPL - wtfpl.net Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku Version: 20140109.1 Changes: Added ReadyMessage...

CVE-2010-4777

The Perlregnumberedbufffetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service assertion failure and application exit via crafted input that is not properly handled when using certain...

CVE-2010-4777

The Perlregnumberedbufffetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service assertion failure and application exit via crafted input that is not properly handled when using certain...