Omeka 2.2 - CSRF And Stored XSS Vulnerability

Omeka version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. !-- Omeka 2.2 CSRF And Stored XSS Vulnerability Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2 Summary: Omeka is a free, flexible, and open source...

Fedora 20 : php-5.5.14-1.fc20 (2014-7765)

26 Jun 2014, PHP 5.5.14 Core : - Fixed BC break introduced by patch for bug 67072. Anatol, Stas - Fixed bug 66622 Closures do not correctly capture the late bound class static:: in some cases. Levi Morrison - Fixed bug 67390 insecure temporary file use in the configure script. CVE-2014-3981 Remi ...

SSL/TLS Certificate Validity Dates Detection

Binary data 7126.pasl...

All instances of storage metadata are corrupted

Challenge A task in Veeam Backup & Replication fails with the error: All instances of storage metadata are corrupted. Copy Cause It's important first to understand what the "storage metadata" is. The storage metadata is akin to an MFT master file table for the Veeam Backup & Replication backup...

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

New Zeus Variant Comes Complete With a Signed Certificate

Yet another variant of the Zeus banking Trojan has surfaced; this one comes disguised as an Internet Explorer document and uses an authentic digital certificate to download a rootkit onto infected machines. According to researchers at the SSL firm Comodo, more than 200 examples of the Trojan have...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

Apple products SSL validation vulnerability

Certificate validity is not checked due to software error...

Dahan-pass version of the jcms arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Brief description: Dahan-pass version of the jcms arbitrary file upload vulnerability Detailed description: The problem is in the import the xml file, just using a local js validation, no server-side validation, and access to the file without any control, the server also not upload the file...

CVE-2013-3898

Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service host OS crash, via a guest-to-host hypercall with a...

CVE-2013-3898

CVE-2013-3898 concerns a memory-address validity issue in Microsoft Hyper-V on Windows 8/Windows Server 2012. The vulnerability allows guest OS users to execute arbitrary code in all guest OS instances or to cause a denial-of-service by crashing the host, via a guest-to-host hypercall with a craf...

Practico 13.9 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applicatio...

Practico 13.9 Multiple Vulnerabilities

Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...

GlobalSign Commits to Certificate Transparency Framework

If you were going to try and determine who has had a worse go of it recently, the NSA or certificate authorities, you’d likely have to just flip a coin. And the coin would probably end up balanced on its edge. While the National Security Agency is scrambling to respond to and recover from the...

Google, Mozilla Considering Limiting Certificate Validity to 60 Months

In the wake of a parade of problems with certificate authorities and attackers using stolen digital certificates, both Google and Mozilla are poised to enforce new rules in their browsers for how long end-entity certificates should be trusted. The changes will begin taking effect at the beginning...

FluxBB 1.5.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-si...

Windu CMS 2.2 - Multiple Vulnerabilities

Windu CMS 2.2 CSRF Add Admin Exploit input type="hidden" name="type" value="...

CentOS Update for pki-ca CESA-2013:0511 centos6

Check for the Version of pki-ca OpenVAS Vulnerability Test CentOS Update for pki-ca CESA-2013:0511 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

pki security update

CentOS Errata and Security Advisory CESA-2013:0511 Updated pki-core packages that fix multiple security issues, two bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A...