Update to January, 2015 Critical Patch Update (CPU). See: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA
Monthly Archives: January 2015
Denial Of Service Attacks In Wireless Networks
This whitepaper discusses denial of service attacks carried out in WLANs at the physical and MAC layers. It touches on IEEE 802.11 protocol flaws for handling frames at the MAC layer, preventive measures for DoS attacks, and protocol design suggestions.
OpenSchool Community Edition 2.2 XSS / Access Bypass
OpenSchool Community Edition version 2.2 suffers from access bypass and cross site scripting vulnerabilities.
SWFupload 2.5.0 – Cross Frame Scripting (XFS) Vulnerability
Posted by Vulnerability Lab on Jan 25
Document Title:
===============
SWFupload 2.5.0 – Cross Frame Scripting (XFS) Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1422
Release Date:
=============
2015-01-25
Vulnerability Laboratory ID (VL-ID):
====================================
1422
Common Vulnerability Scoring System:
====================================
2.3
Product & Service Introduction:…
SWFupload 2.5.0 Cross Frame Scripting
SWFupload version 2.5.0 suffers from a cross frame scripting vulnerability.
WordPress Revolution Slider Local File Disclosure
WordPress Revolution Slider plugin suffers from a local file disclosure vulnerability. Note that this finding houses site-specific data.
DSA-3139 squid – security update
Matthew Daley discovered that squid, a web proxy cache, does not
properly perform input validation when parsing requests. A remote
attacker could use this flaw to mount a denial of service attack, by
sending specially crafted Range requests.
DSA-3138 jasper – security update
An off-by-one flaw, leading to a heap-based buffer overflow
(CVE-2014-8157), and an unrestricted stack memory use flaw
(CVE-2014-8158) were found in JasPer, a library for manipulating
JPEG-2000 files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code.
Cisco Ironport Appliance Privilege Escalation
Cisco Ironport appliances are vulnerable to authenticated “admin” privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing “admin” account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.