Apple Security Advisory 2014-02-21-1 - iOS 6.1.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
5ff242039ba1164c5154f5b9eca7a76ae9b70fea05b0d0ef8d9136918a22e3f7
Red Hat Security Advisory 2014-0204-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security audit functionality, as provided by Red Hat JBoss Enterprise Application Platform 6, logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.
b67208dcdf210c09e5b4aed78b79095618e66ddc70d9229c3e0746396ac3abdb
Apple Security Advisory 2014-02-21-3 - Apple TV 6.0.2 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
dd231ddc63d5bd4e78ec35443cb800485be3539a4ef4d9b0848ea0b76b742225
Savsoft Quiz suffers from a cross site request forgery vulnerability.
2303cca1251931c791c673983e97fde38714e38eee850a8e9e07cfc1e5240d7e
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
2c23bb33ec405502f1cf2302380570aa95d9dac1c3250e2d5c6f07200862307d
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
f04f1ebc8b999854c18a799dd59b76c84c87c104a095d78d9f1473fdebb25989
Debian Linux Security Advisory 2867-1 - Several vulnerabilities were discovered in otrs2, the Open Ticket Request System.
add38397d641158072ed0535ee9bae0d24e191990da4d7231da74ebcb6e627d6
Ubuntu Security Notice 2120-1 - Noah Misch and Jonas Sundman discovered that PostgreSQL did not correctly enforce ADMIN OPTION restrictions. An authenticated attacker could use this issue to possibly revoke access from others, contrary to expected permissions. Andres Freund discovered that PostgreSQL incorrectly handled validator functions. An authenticated attacker could possibly use this issue to escalate their privileges. Various other issues were also addressed.
039ef81162af14d534e58d3e4c726daecdff46174ce77ce12a5dd6bd5a3dade4
Github suffered from a remote command execution vulnerability via variable injection.
9f7a407ba51e7296ee3742308b11d9a6e7b6f2bcb28af5feb69321525261aeef
Joomla JoomLeague plugin version 2.1.12 suffers from cross site scripting and XML injection vulnerabilities.
af5baf2b9503bc98d029f951219f69ea3093ae597aa850367a0c41e1d206e812
The Call For Papers for CISTI'2014, the 9th Iberian Conference on Information Systems and Technologies, has been announced. It will be held June 18th through the 21st, 2014 in Barcelona, Spain.
8577694e14454fa46996f136fc909f2b4de343843acde2aa25d46bb4ecf75696
MyBB version 1.6.12 suffers from a remote SQL injection vulnerability.
6b0bf9b1bf870f7fbd330b2583ee19deb7b9bbb829e547b505627bd44daf59cd
WebFilter Appliance Web-Application version 6.0.1.009 suffers from a script insertion vulnerability.
adaa2afa748caa2424e3ebe222836d0e1df898d7d7975534838213e4b4dc9f4d
FreePBX versions before 2.3 suffer from a remote command execution vulnerability.
1b6ab5d6eea2edb5fba249fb2cfe50bfe3208ae7e99bf070ba3cfb23ec2b8e63
Symantec Endpoint Protection Manager suffers from a remote command execution vulnerability. Versions 11.0, 12.0, and 12.1 are affected.
1230fa397327e1f414c650a845b08b3ed515236c94fa13a2c1c80e976a099209
Mini HTTPd version 1.21 stack buffer overflow POST exploit for Windows XP SP3.
6b9603bbda9cff25f4c22bcdc841389ee80652a11577c40f599cd58da168b97b
SolidWorks Workgroup PDM 2014 SP2 suffers from an arbitrary file write vulnerability.
5031db0895f8f86ccfac8994d8fada3d4c9910fce53ab7ccc8b1fed2ed1b9fb1
Subrion CMS 3.1.1 cross site request forgery exploit that adds an administrator.
196ea2067b8fb16e7b8e88f1764e7c86b7d128377d20d4d793de983e73a095dc
Debian Linux Security Advisory 2866-1 - Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.
267bbb9a2b3339b537b0cb41a2ddf6033c2c06e9019ecfde71c400bd8e04dd45
Telligent Evolution version 7.5.0.32466 suffers from a cross site scripting vulnerability.
ebf39516b15980bbdcc0d874db8a1a9772574ad44c2a961fd0d64eb09c67ff3e
GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.
80e0d5a7dde9e0323ed3e02e1089d03713fff0ff8625d27a202e927517f4fac8
The 44CON 2014 Call For Papers has been announced. 44CON is the UK's largest combined annual Security Conference and Training event. Taking place on the 11th and 12th of September at the ILEC Conference Centre near Earls Court, London, they will have a fully dedicated conference facility, including catering, private bar and daily Gin O'Clock break.
6bc536a50e23a496e3230d06a708b5250cdf7295a20a23091f6f4ba6bae6f2b9
CMSMadeSimple version 1.11.10 suffers from fourteen cross site scripting vulnerabilities.
a5774bb267898276c4969bdf9b9b4b4526766ff535c3954c1cd6596f037ea7fa
IBM BPMS version 8.0.0.1 suffers from account reconfiguration, privilege escalation, and information disclosure vulnerabilities.
5bc100973e8ede6772241ce111902e09ddd52ed35ab950dc88c83434e0e6ca4f
ILIAS version 4.4.1 suffers from cross site scripting and remote shell upload vulnerabilities.
c0661e7076cb96d3a4d5d6f668620a2b19c64b24aebb226ce42ff039d7da7091