MGASA-2013-0228 Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Updated squid packages fix security vulnerabilities

Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate HTTP requests to trigger a buffer overflow in Squid, resulting in a termination of the Squid...

Fedora 19 : python-bugzilla-0.9.0-1.fc19 (2013-11336)

Rebased to version 0.9.0 - bugzilla: modify: add --dependson Don Zickus - bugzilla: new: add --groups option Paul Frields - bugzilla: modify: Allow setting nearly every bug parameter - NovellBugzilla implementation removed, can't get it to work - Gracefully handle private bugs bz 963979 - Raise...

Oracle Linux 5 : sudo (ELSA-2009-0267)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-0267 advisory. 1.6.9p17-3.el53.1 - audit patch rediff one chunk failed to apply due to fuzz=0 - Fix for incorrect handling of groups in RunasUser 481720 Resolves: 481820 Tenab...

Researchers Uncover PinkStats APT Toolkit

The arsenal of tools that attack groups use to do their business is seemingly endless, and many of them remain unknown for years before they’re discovered. Often, it’s not until a tool has been compromised or sold on the open market that researchers get a close look at it, but that’s been changin...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This Metasploit module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system function for executing the system's htpasswd's command. Please note: In...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This module exploits a vulnerability found in ZPanel's htpasswd module. When creating .htaccess using the htpasswd module, the username field can be used to inject system commands, which is passed on to a system function for executing the system's htpasswd command. Please note: In order to use th...

Politics, Uncertainty Slowing Down U.S. Response to Cyber Threats

WASHINGTON–The shift in the last few years to cyberespionage and online attacks against the nation’s critical infrastructure have left the United States government lagging behind, and “a day late and a dollar short”, the former director of the National Security Agency said. The ongoing campaigns...

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...

CMS Cameron McKenna 2013 Cross Site Scripting Vunlerability

CMS Cameron McKenna 2013 suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information. Product: CMS Cameron McKenna Web:http://www.cms-cmck.com Versions: CMS 2013 Date: 25/04/2013 Vendor Notified: 24/04 - 25/0...

Malware More Globally Distributed, Still Made in China

In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines. This emerging trend is among the vast an...

CVE-2013-1194

The ISAKMP implementation on Cisco Adaptive Security Appliances ASA devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708...

CVE-2013-1194

The ISAKMP implementation on Cisco Adaptive Security Appliances ASA devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708...

Cisco ASA Software VPN Group Enumeration Vulnerability

A vulnerability in the Internet Security Association and Key Management Protocol ISAKMP implementation in Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to enumerate remote access VPN groups configured in a Cisco ASA device. The vulnerability is due...

Air Force Classifies Some Cybersecurity Tools as Weapons

The United States government for years has been developing and deploying offensive cyber capabilities, most of it done without much in the way of public notice. That’s been changing of late, as government and military officials have become more open in discussing these capabilities and under what...

Security Advisory - Huawei VSM Default User Groups’ Privilege Escalation

VSM Versatile Security Manager is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission...

Fedora 17 : puppet-2.7.21-2.fc17 (2013-4187)

Updates for the security announcements from Puppet Labs on 12-Mar-2013. https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c This update also provides backported fixes for a number of issues with ruby-1.9. Note that Tenable Network Security has extracted the preceding description...

ClipShare 4.1.1 - Multiples Vulnerabilities

ClipShare 4.1.1 - Multiples Vulnerabilities Exploit Title: ClipShare 4.1.1 - Multiples Vulnerabilites Exploit Author: Esac Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software License: Commercial. all versions are vulnerable: Last...

SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation

The Drupal Commons distribution is a tool for building social, group-based collaboration communities. The Commons Groups module is used by the distribution to provide specific Organic Groups customizations. Versions 3.0 and earlier of the Commons Groups module is vulnerable to an access bypass an...