Google Patches Shared Links Vulnerability in Drive

Google has fixed a vulnerability in its Drive cloud storage service that could have exposed certain information about shared links under a particular set of circumstances. Users will need to delete and re-upload relevant files shared on Google Drive in the past in order to limit exposure. The...

New Banking Malware with Network Sniffer Spreading Rapidly Worldwide

The hike in the banking malware this year is no doubt almost double compared to the previous one, and so in the techniques of malware authors. Until now, we have seen banking Trojans affecting devices and steal users’ financial credentials in order to run them out of their money. But nowadays,...

OpenSSL Heartbleed Patch Progress Slowing Two Months Later

It’s been more than two months since news broke of the Heartbleed vulnerability in OpenSSL one of the Internet’s most widely deployed cryptographic libraries. In the days and weeks that followed the emergence of the bug, which affected an unknown but arguably vast swath of the Web, vendors were...

Uzbey: Cross-site scripting vulnerability detected

It was possible to identify a XSS vuln. at this address: https://staging.uzbey.com parameter: ?q=user...

McAfee ePolicy Orchestrator Remote Code Execution (CVE-2013-0140; CVE-2013-0141)

A remote code execution vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an error in the ePO server that fails to properly sanitize user supplied data. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted http...

Millions of LinkedIn Users at Risk of Man-in-the-Middle Attack

Two year back in 2012, one of the most popular online social networking sites Linkedin spent between $500,000 and $1 million on forensic work after millions of its users’ account passwords were compromised in a major security data breach. But, it seems that the company hasn't learned any lesson...

Medium: squid

Issue Overview: A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. CVE-2014-0128 Affected Packages: squid Issue Correction: Run yum...

[ MDVSA-2014:114 ] squid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:114 http://www.mandriva.com/en/support/security/ Package : squid Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated squid packages fix security vulnerability: Due to incorrect...

openSUSE Security Update : filezilla (openSUSE-SU-2013:1347-1)

FileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client. Full changelog: https://filezilla-project.org/changelog.php - Noteworthy changes : - Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4202)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.18 to fix the following security issue : MFSA 2011-11 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

VLC was updated to version 2.1.3 bnc864422 : + Core : - Fix broken behaviour with SOCKSv5 proxies - Fix integer overflow on error when using vlcreaddir + Access : - Fix DVB-T2 tuning on Linux. - Fix encrypted DVD playback. - Fix v4l2 frequency conversion. + Decoders : - Fix numerous issues M2TS,...

openSUSE Security Update : seamonkey (seamonkey-4204)

Mozilla SeaMonkey was updated to version 2.0.13 to fix the following security issue : MFSA 2011-11 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

openSUSE Security Update : perl-LWP-Protocol-https (openSUSE-SU-2014:0710-1)

perl-LWP-Protocol-https was updated to prevent a possible MITM if the environment variables HTTPSCADIR or HTTPSCAFILE were set CVE-2014-3230. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-4201)

MozillaFirefox was updated to version 3.6.16 to fix the following security issue : MFSA 2011-11 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

openSUSE Security Update : seamonkey (seamonkey-4204)

Mozilla SeaMonkey was updated to version 2.0.13 to fix the following security issue : MFSA 2011-11 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

openSUSE Security Update : mozilla-js192 (mozilla-js192-4203)

Mozilla XULRunner 1.9.2 was updated to version 1.9.2.16 to fix the following security issue : MFSA 2011-11 Several invalid HTTPS certificates were placed on the certificate blacklist to prevent their misuse. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

apt security update

Package : apt Version : 0.8.10.3+squeeze2 CVE ID : CVE-2011-3634 CVE-2014-0478 Debian Bug : 749795 Jakub Wilk discovered that APT, the high level package manager, did not properly perform authentication checks for source packages downloaded via "apt-get source". This only affects use cases where...

DLA-0005-1 apt - security update

Bulletin has no description...

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the...

Mandriva Linux Security Advisory : squid (MDVSA-2014:114)

Updated squid packages fix security vulnerability : Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled CVE-2014-0128. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...