Tony Zeoli, Tony Hayes Security Vulnerabilities

Oracle: Security Advisory (ELSA-2014-0108)

The remote host is missing an update for...

Oracle: Security Advisory (ELSA-2013-0847)

The remote host is missing an update for...

HTTPS Available as Opt-In for Blogspot

Google said on Wednesday it has made HTTPS available as an opt-in for its Blogspot publishing service. Google and other technology providers have been ramping up encryption rollouts in the two years since the publication of the Snowden documents began. To date, Google has encrypted Gmail, search,.....

Scan of Internet for Compromised Cisco Routers Finds Fewer Than 100

A day after researchers detailed a technique that attackers are using to upload malicious firmware images to Cisco routers, academic researchers say they have scanned the entire IPv4 address space and discovered a total of 79 likely compromised routers. The researchers at the University of...

Attackers Replacing Firmware on Cisco Routers

Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to...

Six U.K. Teens Arrested for using Lizard Squad's DDoS Tool

Six British teenagers arrested and released on bail on suspicion of launching cyber attacks on websites and services with the help of Lizard Squad DDoS attack tool, called Lizard Stresser. Lizard Squad is infamous for hacking and knocking down the largest online gaming networks – PlayStation...

British-born ISIS Hacker Killed in US Drone Strike in Syria

Remember Team Poison? The hackers group that was active in 2012, and was known for gaining access to the former Prime Minister Tony Blair's address book and then publishing information from it. The British hacker who actually obtained the Prime Minister's address book and was jailed for six...

Apple Pushing Developers Toward HTTPS Connections in Apps

Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever...

Federal Agencies to Move to HTTPS-Only Connections

Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all...

Threat Outbreak Alert RuleID15756: Email Messages Distributing Malicious Software on June 7, 2015

Medium Alert ID: 39237 First Published: 2015 June 8 17:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID15756) may contain the following...

The Triumphant Finale of CSI: Cyber

It’s been a couple of months since we left our heroes on CSI: Cyber, and boy, have they been busy. They have apparently solved many crimes using cyber-sleuthing, acquired some decidedly non-cyber firearms skills, and, in the case of our man Krumitz, taken up running. We wanted to check in and see.....

Threat Outbreak Alert RuleID15257: Email Messages Distributing Malicious Software on May 12, 2015

Medium Alert ID: 38810 First Published: 2015 May 13 13:09 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID15257) may contain the following...

CVE-2015-1855 Ruby OpenSSL Hostname Verification | Cloud Foundry

CVE-2015-1855 Ruby OpenSSL Hostname Verification Moderate Vendor N/A Versions Affected Ruby OpenSSL Hostname Verification Description Ruby’s OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames, which can lead to similar bugs such as CVE-2014-1492. This...

Threat Outbreak Alert RuleID14475: Email Messages Distributing Malicious Software on April 3, 2015

Medium Alert ID: 38214 First Published: 2015 April 3 13:04 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID14475) may contain the following...

Unbreakable Enterprise kernel security and bugfix update

kernel-uek [3.8.13-68] - ttusb-dec: buffer overflow in ioctl (Dan Carpenter) [Orabug: 20673373] {CVE-2014-8884} - mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support (Kirill A. Shutemov) [Orabug: 20673279] {CVE-2014-8173} - netfilter: conntrack: disable generic tracking for...

Google Blacklists Sites Peddling SoakSoak Malware

UPDATE Google blacklisted more than 10,000 different websites over the weekend that it spotted doling out SoakSoak malware, but experts claim the number of impacted sites may ultimately be ten times that figure. Up to 100,000 sites hosted on WordPress may be vulnerable to a campaign known as...

[SECURITY] [DLA 91-1] tomcat6 security update

Package : tomcat6 Version : 6.0.41-2+squeeze5 CVE ID : CVE-2012-3439 CVE-2013-1571 CVE-2013-4286 CVE-2013-4322 CVE-2013-4590 CVE-2014-0033 Debian Bugs : 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 682955 687818...

kernel security and bug fix update

[2.6.32-504.1.3] - Revert: [net] revert 'bridge: Set vlan_features to allow offloads on vlans' (Vlad Yasevich) [1144442 1121991] [2.6.32-504.1.2] - [x86] kvm: fix PIT timer race condition (mguzik) [1149592 1149593] {CVE-2014-3611} - [x86] kvm: vmx: handle invept and invvpid vm exits gracefull...

Multiple Android applications fail to properly validate SSL certificates

Overview Multiple Android applications fail to properly validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack. Description When communicating via HTTPS, an application should validate the SSL chain to be sure that the...

Threat Outbreak Alert RuleID11133: Email Messages Distributing Malicious Software on August 15, 2014

Medium Alert ID: 35306 First Published: 2014 August 15 19:35 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID11133) may contain the following...

CVE-2014-2595 - Authentication Bypass in Barracuda Web Application Firewall

Vulnerability title: Authentication Bypass in Barracuda Web Application Firewall CVE: CVE-2014-2595 Vendor: Barracuda Product: Web Application Firewall Affected version: Firmware v7.8.1.013 Fixed version: N/A Reported by: Nick Hayes Details: It is possible to re-use a link which includes a...

Barracuda Web Application Firewall - Authentication Bypass

Barracuda Web Application Firewall - Authentication...

Barracuda Web Application Firewall - Authentication Bypass

...

Barracuda WAF Authentication Bypass

...

AOL Instant Messenger AIM "Away" Message Remote Exploit

No description provided by...

VMware Server <= 2.0.1,ESXi Server <= 3.5 Directory Traversal Vulnerability

No description provided by...

Invision Power Board <= 2.0.3 Login.PHP SQL Injection Exploit

No description provided by...

Exim <= 4.41 dns_build_reverse Local Exploit

No description provided by...

Tony Cook Imager 0.4x JPEG and TGA Images Denial of Service Vulnerability

No description provided by...

Tony Greenwood WebWho+ 1.1 - Remote Command Execution Vulnerability

No description provided by...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2012:0899-1)

MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

openSUSE Security Update : xulrunner (openSUSE-SU-2012:0924-1)

Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues : Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

kernel security and bug fix update

kernel [2.6.18-371.4.1] - [char] ipmi: fix message handling during panics (Tony Camuso) [1049731 995293] - [net] igb: Use 32bit mask calculating the flow control watermarks (Stefan Assmann) [1041694 1036115] - [fs] NTLM auth and sign - Use appropriate server challenge (Sachin Prabhu) [1029865...

Threat Outbreak Alert: Fake Product Purchase Order Email Messages on January 8, 2014

Medium Alert ID: 31225 First Published: 2013 October 11 20:37 GMT Last Updated: 2014 January 9 16:18 GMT Version: 49 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the...

Oracle linux 5 kernel update

kernel [2.6.18-371] - [net] be2net: enable polling prior enabling interrupts globally (Ivan Vecera) [987539] [2.6.18-370] - [net] be2net: Fix to avoid hardware workaround when not needed (Ivan Vecera) [995961] - [kernel] signals: stop info leak via tkill and tgkill syscalls (Oleg Nesterov)...

SOL14712 - The BIG-IP APM access policy logout page may be vulnerable to XSS cookie tampering

Recommended action To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column in the previous table. To mitigate this vulnerability, you can modify the logout web page to null the specific code identified at issue. To do so, perform the...

SOL14700 - BIG-IP APM clickjacking vulnerability

Note: This issue has been addressed in BIG-IP APM 11.3.0 and later through the use of the x-frame-options header in the Access Policy pages. Modifying a BIG-IP APM 11.3.0 or later system dB variable settings for apm.xframeoptions or apm.xframeoptions.allowfrom from their defaults may open the...

Oracle Linux 5 : nfs-utils-lib (ELSA-2007-0951)

From Red Hat Security Advisory 2007:0951 : An updated nfs-utils-lib package to correct two security flaws is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The nfs-utils-lib package contains...

kernel security and bug fix update

kernel [2.6.18-348.12.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for...

kernel security and bug fix update

kernel [2.6.18-348.12.1] - Revert: [fs] afs: export a couple of core functions for AFS write support (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: drop ec_type from the ext4_ext_cache structure (Lukas Czerner) [960014 692071] - Revert: [fs] ext4: handle NULL p_ext in...

Threat Outbreak Alert: Fake Bank Payment Transfer Notification Email Messages on June 13, 2013

Low Alert ID: 29667 First Published: 2013 June 14 12:48 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank transfer notification for the recipient. The text in the email message attempts to convince the recipient...

Unbreakable Enterprise kernel Security update

[2.6.39-400.109.1] - while removing a non-empty directory, the kernel dumps a message: (rmdir,21743,1):ocfs2_unlink:953 ERROR: status = -39 (Xiaowei.Hu) [Orabug: 16790405] - stop mig handler when lockres in progress ,and return -EAGAIN (Xiaowei.Hu) [Orabug: 16876446] [2.6.39-400.108.1] -...

1

kernel [2.6.18-348.6.1.0.1] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for...

kernel security and bug fix update

kernel [2.6.18-348.6.1] - [char] ipmi: use a tasklet for handling received messages (Tony Camuso) [953435 947732] - [char] ipmi: do run_to_completion properly in deliver_recv_msg (Tony Camuso) [953435 947732] - [fs] nfs4: fix locking around cl_state_owners list (Dave Wysochanski) [954296 948317] -....

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL...

WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection

...

kernel security and bug fix update

[2.6.32-358.2.1] - [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871} [2.6.32-358.1.1] - [netdrv] mlx4: Set number of msix vectors under SRIOV mode to firmware defaults (Michal Schmidt) [911663 904726] - [netdrv] mlx4: Fix....

Oracle Linux 6 kernel security and bugfix update

[2.6.32-358.el6] - [fs] Fix sget() race with failing mount (Eric Sandeen) [883276] [2.6.32-357.el6] - [virt] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests (Andrew Jones) [896050] {CVE-2013-0190} - [block] sg_io: use different default filters for each device class...

SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6574)

Mozilla Firefox has been updated to the 10.0.6ESR security release fixing various bugs and several security issues, some critical. The following security issues have been fixed : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and ...

ProActive CMS XSS / CSRF / Open Redirect

...