Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

Elipse SCADA Denial of Service Patch

Brazilian process management software developer Elipse has patched a serious denial-of-service vulnerability in its web-based Elipse SCADA application. The software is used in a number of critical industries worldwide, including manufacturing, energy, water and wastewater plants. The vulnerabilit...

MGASA-2014-0447 Updated libreoffice packages fix security vulnerabilities

It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations CVE-2014-0247. A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the...

MGASA-2014-0440 Updated pulseaudio package fixes RTP remote crash vulnerability

PulseAudio versions shipped in Mageia 3 and 4 were vulnerable to a remote RTP attack which could crash the PulseAudio server simply by sending an empty UDP packet. Additionally, the version of PulseAudio shipped in Mageia 4 was a pre-release version of PulseAudio v5 and has been updated to the...

The latest Bash vulnerability patch Junior programme-vulnerability warning-the black bar safety net

Bash broke the remote parsing command execution vulnerability, CVE-2 0 1 4-6 2 7 1, the spread of major Linux distributions and MacOSX systems. Vulnerability can be directly in the Bash support the Web CGI environment remote execution of arbitrary commands. bash is injected after the public...

Updated bash packages fix CVE-2014-7169

Updated bash packages fix security vulnerability: It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or...

pornhub.com XSS vulnerability

Vulnerable URL: http://www.pornhub.com/video/search?search=%22%2Fonload=alert'xssposed' Details: Description| Value ---|--- Patched:| Yes, at 23.10.2014 Latest check for patch:| 23.10.2014 16:02 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 75 Google Pagerank|...

Google Drive Vulnerability Leaks Users' Private Data

Another privacy issue has been discovered in Google Drive which could have led sensitive and personal information stored on the cloud service exposed to unauthorized parties. The security flaw has now patched by Google, but its discovery indicates that the vulnerability of cloud data when accesse...

mysql55 security update

CentOS Errata and Security Advisory CESA-2014:0537 Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System...

SOL15282 - Apache Struts vulnerability CVE-2014-0114

F5 Product Development has determined that these specific product versions, while they use a version of Apache Struts that has not been patched specifically for CVE-2014-0114, the Configuration utility inputs are appropriately sanitized to ensure these versions are not vulnerable to the issue...

MGASA-2014-0180 Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should...

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞，允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

Innominate mGuard Unauthorized Leakage of System Data

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on July 8, 2014, and is being released to the NCCIC/ICS-CERT web site. The Applied Risk Research team has identified an unauthorized download of system information from Innominate mGuard devices. Innominate has...

Patch Available for Schneider Electric Serial Modbus Driver

Schneider Electric, a leading provider of industrial control systems, recently patched a remotely exploitable vulnerability in a driver found in 11 of its products. The Industrial Control Systems Computer Emergency Response Team ICS-CERT released an advisory yesterday alerting users to the...

Exploits for Two-Year-Old PHP Security Vulnerability Found

Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...

Microsoft Internet Explorer CVE-2014-0304 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Avaya Aura Conferencing 6...

Microsoft Mitigation Bypass Bug Bounty Winner Yang Yu

Yang Yu is no stranger to writing mitigation bypasses for Microsoft Windows products. A year ago at the CanSecWest conference in Vancouver, the 35-year-old security researcher from Beijing did an extensive presentation on bypassing Address Space Layout Randomization ASLR and Data Execution...

CentOS Update for kernel CESA-2014:0159 centos6

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2014:0159 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Facebook Fixes CSRF Vulnerability in Instagram

Until last week, some parts of the API that Instagram uses were vulnerable to a cross-site request forgery CSRF attack, something that could have put photos users thought were private, out in the open. It took almost six months but Facebook, the photo sharing application’s parent company, patched...

Wikipedia Remote Execution Vulnerability Patched

A serious remote code execution vulnerability was recently patched by the Wikimedia Foundation. The flaw could have put at risk any of the foundation’s sites running MediaWiki software, including Wikipedia. Researchers within Check Point Software Technologies’ Vulnerability Research Group...