Alfresco Enterprise contains multiple cross-site scripting vulnerabilities

Overview Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting XSS vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Alfresco Enterprise is vulnerable to a stored cross-site...

IETF To Mitigate Pervasive Monitoring In Future Protocols

The Internet Engineering Task Force IETF has defined pervasive monitoring, otherwise known as unwarranted surveillance and analysis of Internet traffic and even the subversion of cryptographic keys, as an attack and wants future versions of IETF-sponsored protocols to be designed to mitigate it...

MS14-025: An Update for Group Policy Preferences

Today, we released an update to address a vulnerability in Group Policy Preferences MS14-025. Group Policy Preferences was an addition made to Group Policy to extend its capabilities. Among other things, Group Policy Preferences allows an administrator to configure: Local administrator accounts...

[SECURITY] Fedora 19 Update: ansible-1.5.5-1.fc19

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 20 Update: ansible-1.5.5-1.fc20

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

kernel security, bug fix, and enhancement update

kernel 2.6.18-371.8.1 - virt HID: memory corruption flaw drivers/usb/input/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - virt HID: memory corruption flaw in drivers/hv/hid-core.c Jacob Tanenbaum 1032996 1032999 CVE-2013-2888 - scsi lpfc: Fix task management commands having a fixed...

Tips for Advanced Scheduling

Purpose This article provides information about advanced scheduling techniques in Veeam Backup & Replication. Solution Scenario 1: Granular Scheduling This advanced scheduling technique allows for a job to be scheduled to run at different times each day. By configuring the job to run "Periodicall...

UBUNTU-CVE-2014-2673

The archduptaskstruct function in the Transactional Memory TM implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service Program...

Ubuntu 12.10 : linux vulnerabilities (USN-2138-1)

Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. CVE-2013-4579 Andrew Honig reported a flaw in the Linux Kernel's kvmvmioctlcreatevcpu function ...

New Apple vulnerability allows Malicious keylogger App to Record User Inputs

Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone, iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researcher...

Mandriva Linux Security Advisory : kernel (MDVSA-2014:038)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The compatsysrecvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIGX86X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter...

PT-2014-3366 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: vTiger CRM version 5.4.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the return url parameter to the "modulescom vtiger workflowsavetemplate.php"...

Updated kernel-vserver packages fix security vulnerability

This kernel update provides an update to the 3.10 longterm branch, currently 3.10.28 and fixes the following security issues: The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC...

CVE-2013-6881

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 sector size or 2 skip count fields for the forensic imaging task...

CVE-2013-6881

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 sector size or 2 skip count fields for the forensic imaging task...

Design/Logic Flaw

IBM Flex System Manager FSM 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account...

[SterJo Task Manager v.2.6] Advanced utility for process managing

SterJo Task Manager is a FREE an advanced utility for process managing which allows you to get details on everything that’s running on your computer. The program is divided in several sections covering the main parts of each system. “Processes” gives you more details about all processes and also...

Persistent Payload In Windows Volume Shadow Copy

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/exploit/exe' class...

Persistent Payload in Windows Volume Shadow Copy

This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user shoul...

CVE-2013-5137

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the 1 task-completion API or 2 VoIP API...