RHEL 5 : kvm (RHSA-2014:0163)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0163 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module bui...

Important: Red Hat Security Advisory: kvm security update

Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availab...

最新版通达OA几处存储型XSS

简要描述： 最新版通达OA几处存储型XSS 详细说明： 测试版本：下载 通达OA 2013增强版125MB 下载地址：http://www.tongda2000.com/download/2013adv.php 更新于 2013-12-26 13:30 1、讨论区发帖处发帖内容存储型XSS 2、回答“OA知道”问题时以源码方式编辑存在存储型XSS： 漏洞证明： img src="https://images.seebug.org/upload...

Metadata Program 'Not Uniquely Valuable'

In a mostly friendly and non-confrontational hearing on Tuesday, members of the Senate Judiciary Committee spent a couple of hours talking to members of the White House-appointed NSA review board about the extent of the agency’s surveillance and the panel’s recommendations for reform. The hearing...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 32.0.1700.95 Platform version: 4920.71.0 for all Chrome OS devices except Chromebook Pixel, which is expected in the upcoming days. This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over t...

NSA Metadata Program Likely Not Cost-Effective, Researchers Say

While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost...

CVE-2013-6224

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...

CVE-2013-6224

LiveZilla before 5.1.1.0 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary scripts via (1) a name in the call administrator feature, (2) unspecified vectors in the admins visitor information panel, or (3) a chat message saved in the...

CVE-2013-6224

Multiple cross-site scripting XSS vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a name in the call administrator feature, 2 unspecified vectors to the admins visitor information panel, or 3 a text message in a chat session, which i...

LiveZilla Cross Site Scripting

Security Advisory - Curesec Research Team ========================================= 1. Introduction ---------------- Advisory ID: Cure-2013-1006 Advisory URL: https://www.curesec.com/ Affected Product: Prior 5.1.1.0 Fixed Version: 5.1.1.0 Vendor Contact: [email protected] Vulnerability Type:...

Apple Says It Has 'Never Received an Order Under Section 215'

In a new report detailing the number and kind of requests for user information it’s gotten from various governments, Apple said it has never received a request for information under Section 215 of the USA PATROT Act and would likely fight one if it ever came. The company also disclosed that it ha...

Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterpri...

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery 1 Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is ...

Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

Zabbix < 1.8.18rc1 / 2.0.9rc1 / 2.1.7 Multiple SQL Injections

According to its self-reported version number, the instance of Zabbix listening on the remote host is a version prior to 1.8.18rc1 / 2.0.9rc1 / 2.1.7. It is, therefore, potentially affected by multiple SQL injection vulnerabilities. The following API methods and parameters are reportedly affected...

NSA Director Alexander Asked About Cell Location Collection

Did we hear the next shoe to drop in the NSA surveillance saga? Yesterday before a hearing of the Senate Intelligence Committee, Sen. Ron Wyden, D-Oregon, asked some pointed questions of NSA director Gen. Keith Alexander regarding whether the agency collects cell tower location data in addition t...

Alexander: 'FISA is the Key to Connecting the Dots'

WASHINGTON–Faced with trying to accomplish its mission in an environment that suddenly has become quite hostile and inquisitive about its methods, the National Security Agency is becoming more and more public about the challenges that lie ahead and how the agency plans to address them. One of the...

FISC: No Phone Company Ever Challenged Metadata Collection Orders

A newly declassified opinion from the Foreign Intelligence Surveillance Court from this summer shows the court’s interpretation of the controversial Section 215 of the USA PATRIOT Act that’s used to justify the National Security Agency’s bulk telephone metadata collections, and reveals that none ...

CVE-2013-4307

Multiple cross-site scripting XSS vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow 1 remote attackers to inject arbitrary web script or HTML via a label in the "In other languages"...