[SECURITY] [DSA 2795-1] lighttpd security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2795-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert November 13, 2013

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version(s): 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 [without technical details] Vendor Notification: October 16, 2013 Vendor

[SECURITY] [DSA 2796-1] torque security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2796-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 13, 2013

Android Superuser shell character escape vulnerability

Vulnerable releases of two common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root, either without prompting the user or after the user has denied the request: - CyanogenMod/ClockWorkMod/Koush Superuser (current releases, including

Superuser su --daemon vulnerability on Android = 4.3

Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of restricted profiles, created through the Settings - Users menu. A

Superuser unsanitized environment vulnerability on Android = 4.2.x

Vulnerable releases of several common Android Superuser packages may allow malicious Android applications to execute arbitrary commands as root without notifying the device owner: - ChainsDD Superuser (current releases, including v3.1.3) - CyanogenMod/ClockWorkMod/Koush Superuser (current

[SECURITY] [DSA 2797-1] icedove security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2797-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff November 13, 2013

Dahua DVR Authentication Bypass - CVE-2013-6117

Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. # Zhejiang Dahua Technology Co., Ltd. # http://www.dahuasecurity.com --Affects-- # Dahua web-enabled DVRs #

Re: DS3 Authentication Server - Multiple Issues

.: [ Summary }:. Fixes has been released and/or planned for reported issues. Please contact supp...@ds3global.com for more information. .: [ ISSUE #1 }:. Fix patch available. .: [ ISSUE #2 }:. Fix patch available. .: [ ISSUE #3 }:. Fix patch planned in Q4 2014.