FreeBSD : shotwell -- not verifying certificates (448047e9-030e-4ce4-910b-f21a3ad5d9a0)

Michael Catanzaro reports : Shotwell has a serious security issue 'Shotwell does not verify TLS certificates'. Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it. What is the impact of the issue? If you ever use...

[SECURITY] Fedora 23 Update: prosody-0.9.10-1.fc23

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in...

[SECURITY] Fedora 23 Update: openstack-heat-2015.1.2-2.fc23

Heat provides AWS CloudFormation and CloudWatch functionality for OpenStack...

nrc.ac.uk XSS vulnerability

Vulnerable URL: http://www.nrc.ac.uk/search/?section===%22%3E%3Csvg/onload=confirm%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 570949 Google Pagerank| 0 VIP...

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

PV superpage functionality missing sanity checks

ISSUE DESCRIPTION The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier MFN passed to MMUEXTMARKSUPER and MMUEXTUNMARKSUPER sub-ops of the HYPERVISORmmuextop hypercall as well as for various forms of...

SUSE-SU-2016:0121-1 Security update for mariadb

MariaDB has been updated to version 10.0.22, which brings fixes for many security issues and other improvements. The following CVEs have been fixed: - 10.0.22: CVE-2015-4802, CVE-2015-4807, CVE-2015-4815, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870,...

Microsoft .NET Silverlight Manifest Resource File Information Disclosure (CVE-2015-6114)

An information disclosure vulnerability exists in Microsoft .NET Silverlight manifest resource parsing functionality. The vulnerability is due to an error while processing a corrupted manifest. An attacker can exploit this vulnerability by supplying a specially crafted resource through a .NET or...

[SECURITY] Fedora 23 Update: php-horde-Horde-Core-2.22.4-1.fc23

These classes provide the core functionality of the Horde Application Framework...

pornta.com XSS vulnerability

Vulnerable URL: http://www.pornta.com/search?searchquery=';alertString.fromCharCode88, 83, 83, 80, 79, 83, 69, 68//alertString.fromCharCode88, 83, 83, 80, 79, 83, 69, 68...

ros.ie XSS vulnerability

Vulnerable URL: https://www.ros.ie/FunctionalityServlet/acl/validCert.jsp?language=de Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 42299 Google Pagerank...

directnic.com XSS vulnerability

Vulnerable URL: https://directnic.com/search?query=0'"...

Symfony PHP Framework Session Fixation

Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the session ID value...

Pro PoS Malware Simple, But Less Sophisticated Than Initially Thought

A strain of point-of-sale malware that began making the rounds on underground markets late last month is easy to use, but less sophisticated than initial reports suggested. According to researchers at Talos, Cisco’s research division, Pro PoS is mostly built on Alina, another type of POS malware...

bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability

bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...

CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties

Overview CSL DualCom GPRS CS2300-R alarm signalling boards, firmware versions v1.25 to v3.53, contain multiple vulnerabilties. Description CSL DualCom GPRS CS2300-R alarm signalling boards are secure premises transmitters SPT that notify alarm receiving centers ARC when an alarm system is tripped...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the second regular update. Red Hat Product Security has rated this...

Moderate: Red Hat Bug Fix Advisory: pcre bug fix update

Updated pcre packages that fix several bugs are now available for Red Hat Enterprise Linux 7. PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by...