1227 matches found
CVE-2014-0472
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...
Safari < 6.1.3 / 7.0.3 Multiple Vulnerabilities
Binary data 8209.prm...
kernel: nfs: data leak during extended writes
The nfscanextendwrite function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by...
Ubuntu: Security Advisory (USN-2154-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : ca-certificates update (USN-2154-1)
The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20130906 package. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has...
EA Games Site Hacked to Steal Apple IDs
Hackers were able to compromise a server belonging to Electronic Arts Games this week and rig one of its websites to resemble an Apple log-in page to dole out phishing attacks. U.K.-based security firm Netcraft discovered the hacked site on Tuesday and informed EA, which blocked it on Wednesday...
[Lynis 1.4.6] Security and System Auditing Tool to Harden Linux Systems
Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...
[Lynis 1.4.2] Security and System Auditing Tool to Harden Linux Systems
Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...
[Lynis 1.4.0] Security and System Auditing Tool to Harden Linux Systems
Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs
In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities. After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational .EDU and Government .G...
SSL Cipher suites are not configurable
Allow SSL cipher suites to be configured, preferably in the administration panel but at a minimum by editing the config.xml. Currently we are relying on the default cipher suites for jetty which includes some outdated ones that are considered insecure these days. See configuring cipher...
Massive Database from Tango messenger server hacked by Syrian Electronic Army
Syrian Electronic Army SEA, hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango tango.me, that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a messag...
Leaked credentials of Congress members by Anonymous hacker are inaccurate
Anonymous claimed it had stolen and leaked over 2,000 usernames and passwords for Hill staffers in an anti-PRISM protest, calling the move a pivotal moment for Congress. The Twitter handle @OpLastResort which claims to be affiliated with the famous hacktivist group posted the data and also tweete...
Millions of Phonebook records stolen from Truecaller Database
TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version 3.5.1 of blogging software WordPress for its web interface and there are millions of Phonebook records...
PT-2013-3481 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.0 Description: The issue concerns a lack of checks in the KVM subsystem for kernel addresses during memory slot allocation for a guest's physical address space. This allows local users to potentially gain...
VMware vCenter Server Multiple Vulnerabilities (VMSA-2012-0005)
The version of VMware vCenter Server installed on the remote host is 4.0 before Update 4a, 4.1 before Update 3, or 5.0 before Update 1. As such it is potentially affected by multiple vulnerabilities in the embedded Apache Tomcat server and the Oracle Sun Java Runtime Environment. C Tenable Networ...
Microsoft Security Essentials outdated libraries
Outdated runtime libraries with known vulnerabilities are installed in Windows XP / 2003...
Vulnerable Microsoft VC++ 2005 RTM runtime libraries installed with "Microsoft Security Essentials" (and numerous other Microsoft products)
Hi @ll, this is part 2 of "Defense in depth -- the Microsoft way", see http://seclists.org/fulldisclosure/2013/May/107 On Windows NT 5.x the current "Microsoft Security Essentials" v4.2 available from http://www.microsoft.com/securityessentials, and offered as optional update KB2804527 via...
3CX Phone outdated libraries
Outdated versions of OpenSSL and FFmpeg/FFdshow are used...
VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
Hi @ll, the current 3CXPhone6.msi for Windows, available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: libeay32.dll and ssleay32.dll version 0.9.8h from 2008-05-28 of OpenSSL. The current version of...