SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
Monthly Archives: December 2014
Mozilla Releases Security Updates for Firefox and Thunderbird
Original release date: December 02, 2014
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial of service, or exploit a buffer overflow on an affected browser.
Updates available include:
- Firefox 34
- Firefox ESR 31.3
- Thunderbird 31.3
US-CERT encourages users and administrators to review Mozilla’s Security Updates and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Fedora 19 Security Update: libyaml-0.1.6-2.fc19
Fedora 20 Security Update: libyaml-0.1.6-2.fc20
Fedora 20 Security Update: qemu-1.6.2-11.fc20
Resolved Bugs
1163080 – CVE-2014-7840 qemu: insufficient parameter validation during ram load [fedora-all]
1163075 – CVE-2014-7840 qemu: insufficient parameter validation during ram load<br
* Fix SLES11 migration issue (bz #1109427)
* CVE-2014-7840: insufficient parameter validation during ram load (bz #1163080)
DSA-3085 wordpress – security update
Multiple security issues have been discovered in WordPress, a web
blogging tool, resulting in denial of service or information disclosure.
More information can be found in the upstream advisory at
DSA-3086 tcpdump – security update
Several vulnerabilities have been discovered in tcpdump, a command-line
network traffic analyzer. These vulnerabilities might result in denial
of service, leaking sensitive information from memory or, potentially,
execution of arbitrary code.
CVE-2014-9182 (anchor_cms)
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
CVE-2014-9183 (zxdsl)
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
CVE-2014-9184 (zxdsl)
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.