3943 matches found
Mozilla Network Security Services (NSS) Library Vulnerability
A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...
Bourne-Again Shell (Bash) Remote Code Execution Vulnerability
US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review TA14-268A, Vulnerability...
Apple Releases Security Updates for iOS, Apple TV, and Xcode
Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination. Updates available include: iOS 8 for iPhone 4s and later, iPod touch...
SA-CONTRIB-2014-091 - Survey Builder - Cross Site Scripting (XSS)
This module allows you to use the Form Builder module to provide an intuitive interface for building surveys, along with the back-end for storing surveys and their responses. Cross Site Scripting XSS When viewing surveys at "/surveys", the survey titles printed out are not sanitized. Any...
Adobe Releases Security Updates for Adobe Reader and Acrobat
Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and...
Cisco Integrated Management Controller Vulnerability
Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...
Google Releases Security Update for Chrome
Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the...
Microsoft Releases September 2014 Security Bulletin
Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service...
Adobe Releases Security Updates for Flash Player and Air
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to revi...
WordPress Releases Security Update
WordPress 3.9.2 has been released to address multiple vulnerabilities, one of which could allow a possible denial of service issue in PHP’s XML processing. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older, unsupported versions of WordPress are encouraged to...
Mozilla Releases Security Updates for Firefox and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause an exploitable crash or execute arbitrary code. The following updates are available: Firefox 32 Firefox ESR 24....
Google Releases Security Updates for Chrome
Google has released Chrome 37.0.2062.94 for Windows, Mac and Linux. This update includes 50 security fixes some of which could allow a remote attacker to obtain unauthorized access or cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome release blog a...
Backoff Point-of-Sale Malware Campaign
US-CERT is aware of Backoff malware compromising a significant number of major enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert to help determine if your network may be affected...
Breach of Patient Identification Information
US-CERT is aware of a breach of sensitive patient identification information affecting approximately 4.5 million patients and customers of Community Health Systems, Inc. As part of DHS, US-CERT is working together with the FBI and the Department of Health and Human Services to assist in sharing...
Apple Releases Security Update for Safari
Apple has released security updates for Safari to address vulnerabilities which could allow an attacker to execute arbitrary code or cause an unexpected application termination. Updates include Safari 6.1.6 and Safari 7.0.6 for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8...
Microsoft Releases August 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...
Facebook Survey Pro - timeline/index.php id Parameter SQL Injection
The timeline WordPress plugin was affected by a timeline/index.php id Parameter SQL Injection security vulnerability...
CPNI Releases Paper on Improving Defenses Against Targeted Attack
The United Kingdom's Centre for the Protection of National Infrastructure CPNI has released a report on its “Improving Defenses Against Targeted Attack" iDATA cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by natio...
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
Cross site scripting
Incomplete blacklist vulnerability in the autoEscape function in commonhelper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting XSS attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...