-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2795-1 secur...@debian.org
http://www.debian.org/security/ Michael Gilbert
November 13, 2013
Advisory ID: HTB23178
Product: Zikula Application Framework
Vendor: Zikula Software Foundation
Vulnerable Version(s): 1.3.5 build 20 and probably prior
Tested Version: 1.3.5 build 20
Advisory Publication: October 16, 2013 [without technical details]
Vendor Notification: October 16, 2013
Vendor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2796-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
November 13, 2013
Vulnerable releases of two common Android Superuser packages may allow
malicious Android applications to execute arbitrary commands as root,
either without prompting the user or after the user has denied the
request:
- CyanogenMod/ClockWorkMod/Koush Superuser (current releases,
including
Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser
package may allow restricted local users to execute arbitrary commands
as root in certain, non-default device configurations.
Android 4.3 introduced the concept of restricted profiles, created
through the Settings - Users menu. A
Vulnerable releases of several common Android Superuser packages may
allow malicious Android applications to execute arbitrary commands as
root without notifying the device owner:
- ChainsDD Superuser (current releases, including v3.1.3)
- CyanogenMod/ClockWorkMod/Koush Superuser (current
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2797-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
November 13, 2013
Dahua DVR Authentication Bypass - CVE-2013-6117
--Summary--
Dahua web-enabled DVRs and rebranded versions do not enforce authentication on
their administrative services.
# Zhejiang Dahua Technology Co., Ltd.
# http://www.dahuasecurity.com
--Affects--
# Dahua web-enabled DVRs
#
.: [ Summary }:.
Fixes has been released and/or planned for reported issues. Please contact
supp...@ds3global.com for more information.
.: [ ISSUE #1 }:.
Fix patch available.
.: [ ISSUE #2 }:.
Fix patch available.
.: [ ISSUE #3 }:.
Fix patch planned in Q4 2014.