AIS shellshock scanning tool that leverages the User-Agent header against a large list of possible targets. Written in C.
Monthly Archives: October 2014
PayPal France Mail Encoding Script Insertion
PayPal France suffered from a mail encoding script insertion vulnerability.
JP Morgan Chase data breach – bank admits 76 million affected
JP Morgan Chase, one of the largest banks in America has admitted that a JP Morgan Chase data breach has affected 76 million customers, and seven million small businesses, the Guardian reports.
The post JP Morgan Chase data breach – bank admits 76 million affected appeared first on We Live Security.
[ MDVA-2014:018 ] timezone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:018 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : timezone Date : October 3, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades the timezone data packages to the 2014g version. _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 0a1bda6ed3fb936cd1ce76528cce8e52 mbs1/x86_64/timezone-2014g-1.mbs1.x86_64.rpm cdca8c5afa60b40bbe08d3b939880722 mbs1/x86_64/timezone-java-2014g-1.mbs1.x86_64.rpm 87f855e977ac8cbb448a18ef4ffb1ab3 mbs1/SRPMS/timezone-2014g-1.mbs1.src.rpm _______________________________________________________
Elasticsearch 1.3.x CORS Issue
Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user’s browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise.
ZyXEL SBG-3300 Security Gateway Cross Site Scripting
ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability.
ZyXEL SBG-3300 Security Gateway Denial Of Service
ZyXEL SBG-3300 Security Gateway suffers from a malicious javascript denial of service vulnerability.
Google Changes SafeSearch Option for Administrators
Google is removing a feature that allowed administrator to require their users to employ a search option that removes explicit content from search results. The decision is tied to the fact that the option required the use of an unsecured connection to Google, something that the company said allowed it to become a target for […]
Cybersmart Guide: Protect Yourself Like a Security Guru
[ MDVSA-2014:195 ] libvirt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:195 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libvirt Date : October 3, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in libvirt: An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process (CVE-2014-3633). A denial of service flaw was found in the wa