Privacy Proponents In Favor of Tracking Protection for Firefox

Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser. The functionality has existed in the browser for months but the idea of making ...

Schneider Electric OPC Factory Server DLL Load Arbitrary Code Execution Vulnerability

Schneider Electric OPC Factory Server OFS is a set of data communication editing software. The software supports access to important information, open page design, transparent architecture and interoperability to enable good processes and communication. A security vulnerability exists in the...

So, you wanna crypto (in AEM)

So another year passed by and I will talk again , ... at the Connect WE conference. This year with Damien Antipa we will have a speech entitled So, you wanna crypto in AEM . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al : N...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

Debian DSA-3253-1 : pound - security update (POODLE)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

DSA-3253-1 pound - security update

Bulletin has no description...

Debian Security Advisory DSA 3253-1 (pound - security update)

Pound, a HTTP reverse proxy and load balancer, had several issues related to vulnerabilities in the Secure Sockets Layer SSL protocol. For Debian 7 wheezy this update adds a missing part to make it actually possible to disable client-initiated renegotiation and disables it by default CVE-2009-355...

Debian: Security Advisory (DSA-3253-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel Netfilter Connection Tracking Extension Load Denial of Service Vulnerability

Linux kernel is an open source operating system. A security vulnerability in the Linux kernel Netfilter Connection Tracking Extension loading feature allows an attacker to exploit the vulnerability to submit a special request to crash the system...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

Kemp Load Master 7.1-16 CSRF / XSS / DoS / Code Execution

Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...

PT-2018-4213 · Python · Rope +1

Name of the Vulnerable Software and Affected Versions: CPython affected versions not specified Description: The issue allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load in the Rope library. This is due to a problem in the base/oi/doa.py file...

CentOS 7 : kernel (CESA-2015:0726)

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Drupal Core XML-RPC Endpoint xmlrpc.php Internal Entity Expansion Denial of Service - Ver2 (CVE-2014-5265)

A denial of service vulnerability has been reported in Drupal Core. This can cause a very high CPU load and memory exhaustion. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service on the vulnerable system...

Debian DSA-3203-1 : tor - security update

Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system. - Jowr discovered that very high DNS query load on a relay could trigger an assertion error. - A relay could crash with an assertion error if a buffer of exactly the wrong...

[SECURITY] [DLA 178-1] tor security update

Package : tor Version : 0.2.4.26-1deb6u1 Several issues have been discovered and fixed in Tor, a connection-based low-latency anonymous communication system. o Jowr discovered that very high DNS query load on a relay could trigger an assertion error. o A relay could crash with an assertion error ...

MGASA-2015-0110 Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.9, by modifying URL a logged in user can view the list of another user's contacts, number of unread messages and list of their courses CVE-2015-2266. In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It i...