Red Hat Security Advisory 2014-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
7b43399c8297d76dd46dd0933745d26b4de10eebe9f700a43e687901819a236b
Red Hat Security Advisory 2014-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
4da1d3ba75d748e08e95de45e5cf1defc759a9a506037cddf827b73f39496145
The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. The authors investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. They leverage these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment in coordination with authorities. Their attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage. They make recommendations on how to improve existing systems and discuss the lessons learned for embedded systems security in general.
7eb72c4fe42431b49f23e36bae8a9024cdacfdd85d7d3cab51bf021cdf47aca7
MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.
dabab641dae9255bac128fc3d2e933d5be5af5ba51c232b96f0fc9c5c33828a7
Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.
8e1e463761d4827cd6a59576788f068dfed5b06371c54dc07fa1ec37a0bf4210
Red Hat Security Advisory 2014-1084-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.
3c25ea0f31a94abd37555dce2866ca455ade1242e9c70c53365d1fb7c26bce19
Ubuntu Security Notice 2320-1 - A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. An issue was discovered in the Public Key Pinning implementation in Chromium. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
803dcbfcc1350f593726e36e66951407044c506c9079c1e3816df02135c1d9b2
Core Security Technologies Advisory - Applications developed with Delphi and C++ Builder that use the specific integrated graphic library detailed below are prone to a security vulnerability when processing malformed BMP files. The aforementioned vulnerability has been found in the VCL (Visual Component Library) allowing an attacker to use a specially crafted BMP file that produces a buffer overflow and potentially allows him to execute arbitrary code by performing a "client side" attack.
1ad46948219c57f4001f5e0e099b37c87d1b5e51f467c84cbd4bbd6735fbee14
WordPress Mobile Pack version 2.0.1 suffers from an information disclosure vulnerability that allows anybody the ability to read password protected posts.
dff0a420e3f4d47e4e4afa42f423edf9c2e1f5d2a86e892ebba2995540b9076f
Panda 2014 products suffer from a heap overflow vulnerability that allows for privilege escalation.
ee7570db291ac19c2cacdd5efdcf59e3ad74d5faf572b58900607b82cf340cd4
ESET Windows Products versions 5.0 through 7.0 (Firewall Module Build 1183 (20140214) and earlier) suffer from a privilege escalation vulnerability.
dece2baa665e8eaa6eefd41fcb60bffa50108ef2c1df166fbc98dc57cbe85529
RiseCON 2014 has announced its call for papers. It will take place in Rosario, Santa Fe, Argentina November 6th through the 7th, 2014.
ff49138463eb4787dca54729b54b74573d46fab1ad58813a39f508e3ddaff01e
WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
fda7f45cc565a3147e5ba92c58662a487ff60f0478cb6e7f55ce73080ff1e02e
ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
7c5659fce0f2f013119ba1cb640fb4096e1cb15afb78f203f05a4d647b441c86
ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.
3de6153a54568339e66c97e4d4aaed785dc31350ed472c9d9041a12fbd2c4ec2
check_mk versions prior to 1.2.4p4 and 1.2.5i4 suffer from code execution, write access, and cross site scripting vulnerabilities.
a00c8d0fe4e508233a535d46e84394410ce2c44a02229119c8b053b43de0f949
HP Security Bulletin HPSBUX03095 SSRT101674 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access. Revision 1 of this advisory.
35ea6546fb12c44295439a0781aa60fc6a8b2a36280244b7445e4c518ed728ff
HP Security Bulletin HPSBUX03092 SSRT101668 - Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
c475e47d56e402b9414d3d4787a5237a281a3f776dad71a9c75166d6b88b3ce1
HP Security Bulletin HPSBUX03091 SSRT101667 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
a73ee293e490e0bc1321df066c53a0382b005d71d29f3d9b45085803e2a2f61c
HP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
5d131e19c74508e54a0fb0b1a8b26b636d5c559cc31f1fba60c84afc59abd798
HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
156f676c821faa0780e9c47395871260abe84199c340cefaa2510d6f8b6742d1
Red Hat Security Advisory 2014-1078-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. A denial of service flaw was found in Neutron's handling of allowed address pairs. There was no enforced quota on the amount of allowed address pairs, possibly allowing a sufficiently authorized user to create such a large number of firewall rules as to impact performance, or potentially render a compute node unusable.
61eb55f7d058af9258b042448433e0cf6aa02fb99c11d532644292fb37b5765e
Ubuntu Security Notice 2319-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
54f5da236016a9ec948c44fc37236d57d819e18c3273bea43ec3b53073de3efa
Red Hat Security Advisory 2014-1082-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. The httpcomponents-client package provides an HTTP agent implementation that is used by Thermostat to visualize collected data in an HTTP-aware client application. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
bfae5fc3bb60d3716504aa9437504ce45b829444527176b89c73d86eb3a68576
Debian Linux Security Advisory 3007-1 - Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.
4f0e774ab42a6d70a94103e9e8f16df9a32a25d26c01b1a17ccf40a3b0bdc588