CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

UBUNTU-CVE-2015-2319

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...

McAfee Firewall Enterprise OpenSSL Multiple Vulnerabilities (SB10102) (FREAK)

The remote host has a version of McAfee Firewall Enterprise installed that is affected by multiple vulnerabilities in the OpenSSL library : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an...

WordPress Custom Field Suite Plugin <= 2.4 - Insufficient Authorisation

Because of this vulnerability, attacker can import and export custom fields. Solution Update the plugin...

Multiple Apple products are vulnerable to information leakage

Apple iOS is an operating system for handheld devices developed by Apple Inc. An information disclosure vulnerability exists in Apple iOS prior to 8.1.3, Apple OS X prior to 10.10.2,Apple TV prior to 7.0.3 that allows attackers to conduct a password downgrade attack via a crafted TLS traffic...

Unspecified Vulnerability in Secure Transport for Multiple Apple Products

Apple iOS, Apple TV, and Apple OS X are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition television set-top box; and Apple OS X is a specialized operating system developed for Mac computers. A security vulnerability exists in Secu...

MS15-031: Vulnerability in Schannel Could Allow Security Feature Bypass (3046049) (FREAK)

The remote Windows host is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS...

mono -- TLS bugs

The Mono project reports: Mono’s implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. Details of this vulnerability are discussed in SKIP-TLS post. Mono’s implementation of SSL/TLS also contained...

CRLF Injection Vulnerability in Multiple Sierra Wireless AirCard Products

The Sierra Wireless AirCard 760S, 762S and 763S are mobile broadband devices from Sierra Wireless Canada. A CRLF injection vulnerability exists in the export.cfg file in the web-based management console of multiple Sierra Wireless AirCard products. A remote attacker could exploit this vulnerabili...

ETouch Systems SamePage Enterprise Edition Directory Traversal Vulnerability

ETouch Systems SamePage Enterprise Edition is an enterprise version of the Wiki WiKi solution for wikis and blogs from ETouch Systems, USA. The solution supports team collaboration, role management and document management. A directory traversal vulnerability exists in the cm/newui/blog/export.jsp...

CVE-2 0 1 5-0 2 0 4 OpenSSL FREAK Attack vulnerability detection methods and repair recommendations-vulnerability warning-the black bar safety net

0×0 1 Introduction Near the Lantern Festival on the occasion, OpenSSL and because of the FREAK attack（also known as the Factoring Attack on RSA-EXPORT Keys vulnerability or CVE-2 0 1 5-0 2 0 4. the vulnerability fights uproar. Apple and Google are in on Tuesday indicated that they are fixing the...

Microsoft Schannel Vulnerable to FREAK

Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack. Disclosed this week, FREAK CVE-2015-1637 is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and...

Security Advisory 3046015 released

Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” Factoring attack on RSA-EXPORT Keys. Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team...

SSL/TLS Cryptographic Degradation Man-in-the-Middle Hijacking Vulnerability

SSL/TLS is a cryptographic application. SSL/TLS has a security vulnerability that can lead to an attack known as FREAK Factoring RSA Export Keys, which can be exploited by an attacker to reduce the level of encryption and decrypt communications through a man-in-the-middle attack...

PHP address book has multiple SQL injection and multiple cross-site scripting vulnerabilities

PHP Address Book Address Book is a PHP development of a simple Web-based address book , contact management applications , support groups , addresses , e-mail , telephone numbers and birthday information ; can be exported to vCard and CSV , integrated with Gmail, Google and Yahoo maps , the databa...

'FREAK' — New SSL/TLS Vulnerability Explained

Another new widespread and disastrous SSL/TLS vulnerability has been uncovered that for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly 'secured' websites, including the official websites o...

CVE-2015-2071

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. dot dot in the filepath parameter...

WP Ultimate CSV Importer <= 3.6.74 - Database Table Export

Due to lack of verification of a visitors permissions, it is possible to execute the ‘export.php’ script included in the default installation of this plugin, and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed...

[SECURITY] Fedora 20 Update: drupal7-path_breadcrumbs-3.2-1.fc20

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

WordPress Contact Form DB 2.8.26 Cross Site Scripting

Title: WordPress 'Contact Form DB' plugin - XSS Version: 2.8.26 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/contact-form-7-to-database-extension/ Contacted WordPress: 2015/01/26...