Monthly Archives: January 2015
Corel Software DLL Hijacking
Posted by CORE Advisories Team on Jan 12
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12
Date of last update: 2015-01-06
Vendors contacted: Corel
Release mode: User release
2. *Vulnerability Information*
Class: Uncontrolled Search Path…
Corel Software DLL Hijacking
Posted by CORE Advisories Team on Jan 12
Core Security – Corelabs Advisory
http://corelabs.coresecurity.com/
Corel Software DLL Hijacking
1. *Advisory Information*
Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12
Date of last update: 2015-01-06
Vendors contacted: Corel
Release mode: User release
2. *Vulnerability Information*
Class: Uncontrolled Search Path…
CVE-2014-2838
Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct (1) SQL injection attacks via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php or (2) cross-site scripting (XSS) attacks via unspecified vectors.
CVE-2014-2839
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
CVE-2014-6268
The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.
CEBA-2015:0026 CentOS 5 openssl BugFix Update
CentOS Errata and Bugfix Advisory 2015:0026 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-0026.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c51d4d7112d8378dfe6a0c2db25cbd354add6719d32b8ed9ff0a360a2c4f2845 openssl-0.9.8e-32.el5_11.i386.rpm 8aa95692d839bedf943ed731773b6ee508d5c32093cacfb5876f0d0ca3e19704 openssl-0.9.8e-32.el5_11.i686.rpm 8db507128fe18d9e2649097753f0d65342ccb8117d34d16b9d4effcd1519f2bc openssl-devel-0.9.8e-32.el5_11.i386.rpm fb599d51d7c0a6c5bccd3548fa76b820e84b82c266615c2814b52e8b466a3752 openssl-perl-0.9.8e-32.el5_11.i386.rpm x86_64: 8aa95692d839bedf943ed731773b6ee508d5c32093cacfb5876f0d0ca3e19704 openssl-0.9.8e-32.el5_11.i686.rpm 289f5940753e6d3942a4ddf12c96f0f3b37685eccf5ca1709ccb46c620fed2d2 openssl-0.9.8e-32.el5_11.x86_64.rpm 8db507128fe18d9e2649097753f0d65342ccb8117d34d16b9d4effcd1519f2bc openssl-devel-0.9.8e-32.el5_11.i386.rpm 203860bd05d32689b27f615bf5e9ccd3a41329fe8adc420c883f479437db11ee openssl-devel-0.9.8e-32.el5_11.x86_64.rpm e0eda057349ff33bb14189da006aab9e9eda2b5a14c1efe351e1728e2ca5db4e openssl-perl-0.9.8e-32.el5_11.x86_64.rpm Source: c26a2660f5e767c292e4eac69840ad29e83ee39966d6379fdba633d2a6696cf0 openssl-0.9.8e-32.el5_11.src.rpm
Certificate Transparency Moves Forward With First Independent Log
The Certificate Transparency scheme proposed by Google engineers has taken a couple of significant steps forward recently, with the approval of the first independent certificate log and the passing of a deadline for all extended validation certificates to be CT-compliant or lose the green indicator in Google Chrome. On Jan. 1, a CT log operated by […]
[ MDVA-2015:002 ] mariadb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:002 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mariadb Date : January 12, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades MariaDB to the latest 5.5.41 version which resolves various upstream bugs. _______________________________________________________________________ References: https://mariadb.com/kb/en/mariadb-5541-changelog/ _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: cb4243c231be6a9e3e75ec7203acfe74 mbs1/x86_64/lib64mariadb18-5.5.41-1.mbs1.x86_64.rpm 6f80a336dc7b0a4f60a64e6d977eaca0 mbs1/x86_64
Obama calls for 30 day data breach notification and greater student privacy
President Barack Obama is today to propose legislation that would ensure companies inform customers of any leaks within 30 days of a data breach, reports Physorg.
The post Obama calls for 30 day data breach notification and greater student privacy appeared first on We Live Security.