-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:064
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:063
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:062
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:061
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:060
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:059
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:058
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:057
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:056
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:055
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:054
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:053
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:052
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:051
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2216607
* Advisory ID: DRUPAL-SA-CONTRIB-2014-031
* Project: Webform Template [1] (third-party module)
* Version: 7.x
* Date: 2014-March-12
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access Bypass
View online: https://drupal.org/node/2216269
* Advisory ID: DRUPAL-SA-CONTRIB-2014-030
* Project: SexyBookmarks [1] (third-party module)
* Version: 6.x
* Date: 2014-March-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Information
3.2.8 or later
- - Users of 4.x should upgrade to 4.0.2 or later
Credit:
This issue was discovered and reported responsibly to the Pivotal security team
by Paul Wowk of CAaNES LLC.
References:
https://jira.springsource.org/browse/SPR-11426
https://github.com/spring-projects/spring-framework/commit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0097 Blank password may bypass user authentication
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring Security 3.2.0 to 3.2.1
- - Spring Security 3.1.0 to 3.1.5
Description:
The ActiveDirectoryLdapAuthenticator
rs by Spase Markovski.
References:
http://www.gopivotal.com/security/cve-2014-0054
https://jira.springsource.org/browse/SPR-11376
https://github.com/spring-projects/spring-framework/commit/edba32b3093703d5e9ed42b5b8ec23ecc1998398#diff-1f3f1d5cdab9ac92d1ca5ec7def8f131
History:
2014-Mar-11: In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2014-0002
Synopsis:VMware vSphere updates to third party libraries
Issue date: 2014-03-11
Updated on: 2014-03-11 (initial
Asterisk Project Security Advisory - AST-2014-004
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP Channel Driver
Subscription Handling
Asterisk Project Security Advisory - AST-2014-002
ProductAsterisk
SummaryDenial of Service Through File Descriptor Exhaustion
with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-003
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-001
ProductAsterisk
SummaryStack Overflow in HTTP Processing of Cookie Headers.
Nature of Advisory Denial Of Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:050
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:049
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:048
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2211381
* Advisory ID: DRUPAL-SA-CONTRIB-2014-027
* Project: NewsFlash [1] (third-party theme)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: https://drupal.org/node/2211401
* Advisory ID: DRUPAL-SA-CONTRIB-2014-028
* Project: Masquerade [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2211419
* Advisory ID: DRUPAL-SA-CONTRIB-2014-029
* Project: Mime Mail [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-March-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Cisco Small Business Router Password Disclosure
Vulnerability
Advisory ID: cisco-sa-20140305-rpd
Revision 1.0
For Public Release 2014 March 5 16:00 UTC (GMT
at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTFyueAAoJEIpI1I6i1Mx3QjIQALqJuwk1Y8YJAG+QM86XNUw3
to the Grails team via Twitter. Pivotal strongly
encourages responsible reporting of security vulnerabilities via
secur...@gopivotal.com
The /META-INF aspects of this issue were identified by numerous
individuals and reported responsibly to either the Grails team or to
the Pivotal Security team.
The dir
View online: https://drupal.org/node/2205991
* Advisory ID: DRUPAL-SA-CONTRIB-2014-026
* Project: Mime Mail [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-26
* Security risk: Not critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2205807
* Advisory ID: DRUPAL-SA-CONTRIB-2014-024
* Project: Content locking (anti-concurrent editing) [1] (third-party
module)
* Version: 6.x, 7.x
* Date: 2014-February-26
* Security risk: Moderately critical [2]
* Exploitable from
View online: https://drupal.org/node/2205877
* Advisory ID: DRUPAL-SA-CONTRIB-2014-025
* Project: Open Omega [1] (third-party theme)
* Version: 7.x
* Date: 2014-February-26
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2205767
* Advisory ID: DRUPAL-SA-CONTRIB-2014-023
* Project: Project Issue File Review [1] (third-party module)
* Version: 6.x
* Date: 2014-February-26
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:047
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:046
http://www.mandriva.com/en/support/security
It's detected now.
ClamAV - PUA.Win32.Packer.Upx-53K7AntiVirus - Trojan ( 000200f91 )K7GW - Trojan
( 000200f91 )Qihoo-360 - HEUR/Malware.QVM06.GenSymantec -
WS.Reputation.1TrendMicro-HouseCall - TROJ_GEN.F47V0219
> Too bad they killed it already.
>
> 2014-02-19 21:17 GMT+01:00
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:045
http://www.mandriva.com/en/support/security
Hi,
Just releasing my new achievement.
What is?RC Trojan AKA Remote Control trojan which allow the control of
a computer remotely in the same network (Lan/Wan).
It's build in commercial software so it may take a while to get detected but
MD5 may be applied.
INFOBasicaly it's an http s
'/js/**',
'/plugins/**']
grails.resources.adhoc.excludes = ['/WEB-INF/**']
Credit:
This issue was identified by @Ramsharan065 but was reported publicly
to the Grails team via Twitter. Pivotal strongly encourages responsible
reporting of security vulnerabilities via secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:044
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2200491
* Advisory ID: DRUPAL-SA-CONTRIB-2014-22
* Project: Slickgrid [1] (third-party module)
* Version: 7.x
* Date: 2014-February -22
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2200453
* Advisory ID: DRUPAL-SA-CONTRIB-2014-021
* Project: Maestro [1] (third-party module)
* Version: 7.x
* Date: 2014-February-19
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Unauthorized Access Vulnerability in Cisco Unified SIP
Phone 3905
Advisory ID: cisco-sa-20140219-phone
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco UCS Director Default Credentials Vulnerability
Advisory ID: cisco-sa-20140219-ucsd
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IPS Software
Advisory ID: cisco-sa-20140219-ips
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco Firewall Services Module Cut-Through Proxy
Denial of Service Vulnerability
Advisory ID: cisco-sa-20140219-fwsm
Revision 1.0
For Public Release 2014 February 19 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:043
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:042
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:041
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:040
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:039
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:038
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:037
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:036
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:035
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:034
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:033
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:032
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:031
http://www.mandriva.com/en/support/security
=
INTERNET SECURITY AUDITORS ALERT 2014-001
- Original release date: February 4, 2014
- Last revised: February 4, 2014
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:029
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:028
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2194809
* Advisory ID: DRUPAL-SA-CONTRIB-2014-019
* Project: Easy Social [1] (third-party module)
* Version: 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: https://drupal.org/node/2194671
* Advisory ID: DRUPAL-SA-CONTRIB-2014-018
* Project: Webform [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2194877
* Advisory ID: DRUPAL-SA-CONTRIB-2014-020
* Project: Drupal Commons [1] (third-party distribution)
* Version: 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: https://drupal.org/node/2194655
* Advisory ID: DRUPAL-SA-CONTRIB-2014-017
* Project: Image Resize Filter [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2194135
* Advisory ID: DRUPAL-SA-CONTRIB-2014-016
* Project: MAYO [1] (third-party theme)
* Version: 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2194639
* Advisory ID: DRUPAL-SA-CONTRIB-2014-015
* Project: FileField [1] (third-party module)
* Version: 6.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2194589
* Advisory ID: DRUPAL-SA-CONTRIB-2014-013
* Project: Chaos tool suite (ctools) [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-02-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2194621
* Advisory ID: DRUPAL-SA-CONTRIB-2014-014
* Project: Webform Validation [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-February-12
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:027
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:026
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:025
http://www.mandriva.com/en/support/security
=
INTERNET SECURITY AUDITORS ALERT 2013-014
- Original release date: March 25th, 2013
- Last revised: March 25th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Scored)
- CVE-ID: CVE-2013-6229
View online: https://drupal.org/node/2189751
* Advisory ID: DRUPAL-SA-CONTRIB-2014-012
* Project: Modal Frame API [1] (third-party module)
* Version: 6.x
* Date: 2014-February-05
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site
View online: https://drupal.org/node/2189643
* Advisory ID: DRUPAL-SA-CONTRIB-2014-011
* Project: Push Notifications [1] (third-party module)
* Version: 7.x
* Date: 2014-February-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information
View online: https://drupal.org/node/2189509
* Advisory ID: DRUPAL-SA-CONTRIB-2014-010
* Project: Services [1] (third-party module)
* Version: 7.x
* Date: 2014-February-05
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2187453
* Advisory ID: DRUPAL-SA-CONTRIB-2014-009
* Project: Tagadelic [1] (third-party module)
* Version: 6.x
* Date: 2014-February-05
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Information Disclosure
: > This is not the behavior of the site as of 48 hours ago.
: Let me check. Normal registration should also be available ? Infact I
: will remove the registration.
:
: The purpose of this whole registration in the first place was to allow
: for future postings I am going to make later this w
: > : From: Mark Litchfield
: >
: > : As previously stated, I would post an update for Ektron CMS bypassing :
: > the security fix.
: >
: > : A full step by step with the usual screen shots can be found at - :
: > http://www.securatary.com/vulnerabilities
: >
: >
: From: Mark Litchfield
: As previously stated, I would post an update for Ektron CMS bypassing
: the security fix.
: A full step by step with the usual screen shots can be found at -
: http://www.securatary.com/vulnerabilities
Uh... you expect people to login to your site with their
Hello All,
Those concerned about security of Java PaaS (Platform as a Service)
or cloud services in general might find the following information
interesting.
Security Explorations discovered multiple security vulnerabilities
in the environment of Oracle [1] Java Cloud Service [2].
Among a
View online: https://drupal.org/node/2184845
* Advisory ID: DRUPAL-SA-CONTRIB-2014-008
* Project: Tribune [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2014-January-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting
View online: https://drupal.org/node/2184843
* Advisory ID: DRUPAL-SA-CONTRIB-2014-007
* Project: Services [1] (third-party module)
* Version: 7.x
* Date: 2014-January-29
* Security risk: Highly critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple access bypass
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:024
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:023
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:022
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:021
http://www.mandriva.com/en/support/security
View online: https://drupal.org/node/2179123
* Advisory ID: DRUPAL-SA-CONTRIB-2014-006
* Project: Language Switcher Dropdown [1] (third-party module)
* Version: 7.x
* Date: 2014-January-22
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
View online: https://drupal.org/node/2179085
* Advisory ID: DRUPAL-SA-CONTRIB-2014-003
* Project: Doubleclick for Publishers (DFP) [1] (third-party module)
* Version: 7.x
* Date: 2014-January-22
* Security risk: Moderately critical [2]
* Exploitable from: Remote
View online: https://drupal.org/node/2179103
* Advisory ID: DRUPAL-SA-CONTRIB-2014-005
* Project: Leaflet [1] (third-party module)
* Version: 7.x
* Date: 2014-January-22
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
View online: https://drupal.org/node/2179099
* Advisory ID: DRUPAL-SA-CONTRIB-2014-004
* Project: Secure Cookie Data [1] (third-party module)
* Version: 7.x
* Date: 2014-January-22
* Security risk: Moderately critical [2]
* Exploitable from: Remote
* Vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2014:020
http://www.mandriva.com/en/support/security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence System Software Command Execution
Vulnerability
Advisory ID: cisco-sa-20140122-cts
Revision 1.0
For Public Release 2014 January 22 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP
Denial of Service Vulnerability
Advisory ID: cisco-sa-20140122-vcs
Revision 1.0
For Public Release 2014 January 22 16:00 UTC (GMT
1 - 100 of 4261 matches
Mail list logo
