UBUNTU-CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...

CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service crash via a crafted petite packer file, related to an "incorrect compiler optimization."...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.246.2 - net: sctp: fix NULL pointer dereference in af-fromaddrparam on malformed packet Daniel Borkmann Orabug: 20425333 CVE-2014-7841 2.6.39-400.246.1 - sched: Fix possible divide by zero in avgatom calculation Mateusz Guzik Orabug: 20148169 - include/linux/math64.h: add div64ul Alex...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1581-1)

This MozillaFirefox update fixes several security and non security issues. Changes in MozillaFirefox : - update to Firefox 34.0.5 bnc908009 - Default search engine changed to Yahoo! for North America - Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales - Improved...

F5 Networks BIG-IP : GNU C Library vulnerability (SOL15885)

The GNU C Library aka glibc or libc6 before 2.12.2 and Embedded GLIBC EGLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service memory consumption via a long UTF8 string that is used in an fnmatch call, aka a 'stack extension attack,' a related issue to...

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems CMS that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor...

CVE-2011-2702

CVE-2011-2702 is a signedness error in Glibc before 2.13 and eglibc before 2.13. When SSSE3 optimization is enabled, a negative length parameter to memcpy-ssse3-rep.S, memcpy-ssse3.S, or memset-sse2.S in sysdeps/i386/i686/multiarch/ can trigger an out-of-bounds read, allowing context-dependent at...

PT-2014-2127 · Gnu · Glibc +1

Name of the Vulnerable Software and Affected Versions: Glibc versions prior to 2.13 eglibc versions prior to 2.13 Description: The issue is related to an integer signedness error when using Supplemental Streaming SIMD Extensions 3 SSSE3 optimization. This error allows context-dependent attackers ...

SUSE-SU-2015:0792-1 Recommended update for coreutils

This update for coreutils provides the following fixes and enhancements: cp1 could read from freed memory and could even make corrupt copies. This could happen with a very fragmented and sparse input file, on file systems supporting filemap extent scanning. bnc892862 Improve ls1 efficiency on lar...

F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)

The gnutlsciphertext2compressed function in lib/gnutlscipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service buffer over-read and crash via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. C Tenable Network Security, Inc. The...

CVE-2014-7158

Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...

CVE-2014-7157

Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...

Cross site scripting

Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...

CVE-2014-7157

Cross-site scripting XSS vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch...

CVE-2014-7157

The CVE-2014-7157 entry concerns Exinda WAN Optimization Suite 7.0.0 (2160) with a Cross-site scripting (XSS) vulnerability exposed via the tabsel parameter to /admin/launch. The affected component is the web interface; the root cause is lack of input validation for the tabsel parameter, enabling...

CVE-2014-7158

The CVE-2014-7158 entry concerns Exinda WAN Optimization Suite 7.0.0 (2160) and is a Cross-site request forgery (CSRF) vulnerability that could allow remote attackers to hijack an administrator’s session to perform actions such as changing the admin password via a request to /admin/launch. Public...

CVE-2014-7158

Cross-site request forgery CSRF vulnerability in Exinda WAN Optimization Suite 7.0.0 2160 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to admin/launch...

CloudFlare Rolls Out Free SSL

In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available...

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS Vulnerabilities

Exinda WAN Optimization Suite version 7.0.0 2160 suffers from cross site request forgery and cross site scripting vulnerabilities. I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN...