-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:062
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:063
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:064
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:059
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:060
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:061
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:051
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:052
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:053
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:054
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:055
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:056
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:057
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:058
http://www.mandriva.com/en/support/security
by Spase Markovski.
References:
http://www.gopivotal.com/security/cve-2014-0054
https://jira.springsource.org/browse/SPR-11376
https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398#diff-1f3f1d5cdab9ac92d1ca5ec7def8f131
History:
2014-Mar-11: Initial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0097 Blank password may bypass user authentication
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring Security 3.2.0 to 3.2.1
- - Spring Security 3.1.0 to 3.1.5
Description:
The ActiveDirectoryLdapAuthenticator
to 3.2.8 or later
- - Users of 4.x should upgrade to 4.0.2 or later
Credit:
This issue was discovered and reported responsibly to the Pivotal security team
by Paul Wowk of CAaNES LLC.
References:
https://jira.springsource.org/browse/SPR-11426
https://github.com/spring-projects/spring-framework/commit
View online: https://drupal.org/node/2216269
* Advisory ID: DRUPAL-SA-CONTRIB-2014-030
* Project: SexyBookmarks [1] (third-party module)
* Version: 6.x
* Date: 2014-March-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information
View online: https://drupal.org/node/2216607
* Advisory ID: DRUPAL-SA-CONTRIB-2014-031
* Project: Webform Template [1] (third-party module)
* Version: 7.x
* Date: 2014-March-12
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access Bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2014-0002
Synopsis:VMware vSphere updates to third party libraries
Issue date: 2014-03-11
Updated on: 2014-03-11 (initial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:048
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:049
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:050
http://www.mandriva.com/en/support/security
Asterisk Project Security Advisory - AST-2014-001
ProductAsterisk
SummaryStack Overflow in HTTP Processing of Cookie Headers.
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2014-003
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-002
ProductAsterisk
SummaryDenial of Service Through File Descriptor Exhaustion
with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-004
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP Channel Driver
Subscription Handling
at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Small Business Router Password Disclosure
Vulnerability
Advisory ID: cisco-sa-20140305-rpd
Revision 1.0
For Public Release 2014 March 5 16:00 UTC (GMT
View online: https://drupal.org/node/2211419
* Advisory ID: DRUPAL-SA-CONTRIB-2014-029
* Project: Mime Mail [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2211401
* Advisory ID: DRUPAL-SA-CONTRIB-2014-028
* Project: Masquerade [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2211381
* Advisory ID: DRUPAL-SA-CONTRIB-2014-027
* Project: NewsFlash [1] (third-party theme)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
responsible reporting of security vulnerabilities via
secur...@gopivotal.com
The /META-INF aspects of this issue were identified by numerous
individuals and reported responsibly to either the Grails team or to
the Pivotal Security team.
The directory traversal aspects of this vulnerability were reported
are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
View online: https://drupal.org/node/2205767
* Advisory ID: DRUPAL-SA-CONTRIB-2014-023
* Project: Project Issue File Review [1] (third-party module)
* Version: 6.x
* Date: 2014-February-26
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2205877
* Advisory ID: DRUPAL-SA-CONTRIB-2014-025
* Project: Open Omega [1] (third-party theme)
* Version: 7.x
* Date: 2014-February-26
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2205807
* Advisory ID: DRUPAL-SA-CONTRIB-2014-024
* Project: Content locking (anti-concurrent editing) [1] (third-party
module)
* Version: 6.x, 7.x
* Date: 2014-February-26
* Security risk: Moderately critical [2]
* Exploitable from
View online: https://drupal.org/node/2205991
* Advisory ID: DRUPAL-SA-CONTRIB-2014-026
* Project: Mime Mail [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-26
* Security risk: Not critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:046
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:047
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:045
http://www.mandriva.com/en/support/security
It's detected now.
ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan
( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec -
WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219
Too bad they killed it already.
2014-02-19 21:17 GMT+01:00 ICSS Security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:041
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:042
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:043
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy
Denial of Service Vulnerability
Advisory ID: cisco-sa-20140219-fwsm
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
Advisory ID: cisco-sa-20140219-ips
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
Advisory ID: cisco-sa-20140219-ucsd
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP
Phone 3905
Advisory ID: cisco-sa-20140219-phone
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
View online: https://drupal.org/node/2200453
* Advisory ID: DRUPAL-SA-CONTRIB-2014-021
* Project: Maestro [1] (third-party module)
* Version: 7.x
* Date: 2014-February-19
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2200491
* Advisory ID: DRUPAL-SA-CONTRIB-2014-22
* Project: Slickgrid [1] (third-party module)
* Version: 7.x
* Date: 2014-February -22
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:044
http://www.mandriva.com/en/support/security
/**']
grails.resources.adhoc.excludes = ['/WEB-INF/**']
Credit:
This issue was identified by @Ramsharan065 but was reported publicly
to the Grails team via Twitter. Pivotal strongly encourages responsible
reporting of security vulnerabilities via secur...@gopivotal.com
References:
https://twitter.com
Hi,
Just releasing my new achievement.
What is?RC Trojan AKA Remote Control trojan which allow the control of
a computer remotely in the same network (Lan/Wan).
It's build in commercial software so it may take a while to get detected but
MD5 may be applied.
INFOBasicaly it's an http
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:039
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:040
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:035
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:036
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:037
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:038
http://www.mandriva.com/en/support/security
=
INTERNET SECURITY AUDITORS ALERT 2014-001
- Original release date: February 4, 2014
- Last revised: February 4, 2014
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:031
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:032
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:033
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:034
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:028
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:029
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:026
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2194621
* Advisory ID: DRUPAL-SA-CONTRIB-2014-014
* Project: Webform Validation [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2194589
* Advisory ID: DRUPAL-SA-CONTRIB-2014-013
* Project: Chaos tool suite (ctools) [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2194639
* Advisory ID: DRUPAL-SA-CONTRIB-2014-015
* Project: FileField [1] (third-party module)
* Version: 6.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2194135
* Advisory ID: DRUPAL-SA-CONTRIB-2014-016
* Project: MAYO [1] (third-party theme)
* Version: 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2194655
* Advisory ID: DRUPAL-SA-CONTRIB-2014-017
* Project: Image Resize Filter [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2194877
* Advisory ID: DRUPAL-SA-CONTRIB-2014-020
* Project: Drupal Commons [1] (third-party distribution)
* Version: 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: https://drupal.org/node/2194671
* Advisory ID: DRUPAL-SA-CONTRIB-2014-018
* Project: Webform [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2194809
* Advisory ID: DRUPAL-SA-CONTRIB-2014-019
* Project: Easy Social [1] (third-party module)
* Version: 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:025
http://www.mandriva.com/en/support/security
=
INTERNET SECURITY AUDITORS ALERT 2013-014
- Original release date: March 25th, 2013
- Last revised: March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-6229
: From: Mark Litchfield mark () securatary com
: As previously stated, I would post an update for Ektron CMS bypassing
: the security fix.
: A full step by step with the usual screen shots can be found at -
: http://www.securatary.com/vulnerabilities
Uh... you expect people to login
: : From: Mark Litchfield mark () securatary com
:
: : As previously stated, I would post an update for Ektron CMS bypassing :
: the security fix.
:
: : A full step by step with the usual screen shots can be found at - :
: http://www.securatary.com/vulnerabilities
:
: Uh... you expect
: This is not the behavior of the site as of 48 hours ago.
: Let me check. Normal registration should also be available ? Infact I
: will remove the registration.
:
: The purpose of this whole registration in the first place was to allow
: for future postings I am going to make later this
View online: https://drupal.org/node/2187453
* Advisory ID: DRUPAL-SA-CONTRIB-2014-009
* Project: Tagadelic [1] (third-party module)
* Version: 6.x
* Date: 2014-February-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
View online: https://drupal.org/node/2189509
* Advisory ID: DRUPAL-SA-CONTRIB-2014-010
* Project: Services [1] (third-party module)
* Version: 7.x
* Date: 2014-February-05
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2189643
* Advisory ID: DRUPAL-SA-CONTRIB-2014-011
* Project: Push Notifications [1] (third-party module)
* Version: 7.x
* Date: 2014-February-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information
View online: https://drupal.org/node/2189751
* Advisory ID: DRUPAL-SA-CONTRIB-2014-012
* Project: Modal Frame API [1] (third-party module)
* Version: 6.x
* Date: 2014-February-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
Hello All,
Those concerned about security of Java PaaS (Platform as a Service)
or cloud services in general might find the following information
interesting.
Security Explorations discovered multiple security vulnerabilities
in the environment of Oracle [1] Java Cloud Service [2].
Among
View online: https://drupal.org/node/2184843
* Advisory ID: DRUPAL-SA-CONTRIB-2014-007
* Project: Services [1] (third-party module)
* Version: 7.x
* Date: 2014-January-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple access bypass
View online: https://drupal.org/node/2184845
* Advisory ID: DRUPAL-SA-CONTRIB-2014-008
* Project: Tribune [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-January-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:021
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:022
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:023
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:024
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:015
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:016
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:017
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:018
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:019
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of
Service Vulnerability
Advisory ID: cisco-sa-20140122-isdngw
Revision 1.0
For Public Release 2014 January 22 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP
Denial of Service Vulnerability
Advisory ID: cisco-sa-20140122-vcs
Revision 1.0
For Public Release 2014 January 22 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence System Software Command Execution
Vulnerability
Advisory ID: cisco-sa-20140122-cts
Revision 1.0
For Public Release 2014 January 22 16:00 UTC (GMT
1 - 100 of 3960 matches
Mail list logo