Facebook is to face a class action lawsuit over ‘reading’ its user’s messages, a U.S. judge has ruled.
The post Facebook privacy – network faces court for ‘reading user messages’ appeared first on We Live Security.
Monthly Archives: December 2014
Bugtraq: [SECURITY] [DSA 3113-1] unzip security update
[SECURITY] [DSA 3113-1] unzip security update
Bugtraq: [SECURITY] [DSA 3114-1] mime-support security update
[SECURITY] [DSA 3114-1] mime-support security update
Bugtraq: nullcon HackIM Challenge 9-11 Jan 2015
nullcon HackIM Challenge 9-11 Jan 2015
CVE-2011-2727
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
DSA-3116 polarssl – security update
It was discovered that a memory leak in parsing X.509 certificates may
result in denial of service.
Vuln: NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
NTP ‘ntp-keygen.c’ Predictable Random Number Generator Weakness
Vuln: NTP 'ntp_config.c' Insufficient Entropy Security Weakness
NTP ‘ntp_config.c’ Insufficient Entropy Security Weakness
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.