WebCalendar 0.9.x colors.php color XSS

No description provided by source. source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, weekdetails.php,...

SuSE 11.3 Security Update : compat-wireless, compat-wireless-debuginfo, etc (SAT Patch Number 9414)

This update for the compat-wireless kernel modules provides many fixes and enhancements : - Fix potential crash problem in ath9k. CVE-2014-2672, bnc871148 - Fix improper updates of MAC addresses in ath9khtc. bnc851426, CVE-2013-4579 - Fix stability issues in iwlwifi. bnc865475 - Improve support f...

Versatility of Zeus Framework Encourages Criminal Innovation

A new report on the Zeus trojan’s evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today...

Mandriva Linux Security Advisory : python-django (MDVSA-2014:113)

Multiple vulnerabilities has been discovered and corrected in python-django : Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive...

kesako /modules/event.php SQL注入漏洞

No description provided by source...

FreeBSD-SA-14:13.pam

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:13.pam Security Advisory The FreeBSD Project Topic: Incorrect error handling in PAM policy parser Category: contrib Module: pam Announced: 2014-06-03 Credits...

[SECURITY] Fedora 19 Update: python-fedora-0.3.34-1.fc19

Python modules that help with building Fedora Services. The client module included here can be used to build programs that communicate with many of Fedora Infrastructure's Applications such as Bodhi, PackageDB, MirrorManage r, and FAS2...

Microsoft Giving .NET Users The Option to Shed RC4

Microsoft didn’t beat around the bush when it warned customers to stay away from the deprecated RC4 algorithm last fall. Now it’s giving those who use its .NET software framework an option to disable the cipher in Transport Layer Security TLS as well. In a security advisory issued on its Security...

MS KB2962824: Update Rollup of Revoked Non-Compliant UEFI Modules

The remote host is missing Microsoft KB2962824, an update that revokes the digital signatures of four third-party Unified Extensible Firmware Interface UEFI modules. This update prevents the modules from being loaded on systems where UEFI Secure Boot is enabled. C Tenable Network Security, Inc...

Fedora Update for python-fedora FEDORA-2014-5962

Check for the Version of python-fedora OpenVAS Vulnerability Test Fedora Update for python-fedora FEDORA-2014-5962 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

[SECURITY] Fedora 19 Update: ansible-1.5.5-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 20 Update: ansible-1.5.5-1.fc20

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

DEBIAN-CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

Path traversal

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

PYSEC-2014-1

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

OleumTech WIO Family Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-202-01 OleumTech WIO Family Vulnerabilities that was published July 21, 2014, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researchers Lucas Apa and Carlos Mario Penagos...