A vulnerability was discovered in PolarSSL, a lightweight crypto and
SSL/TLS library. A remote attacker could exploit this flaw using
specially crafted certificates to mount a denial of service against an
application linked against the library (application crash), or
potentially, to execute arbitrary code.
Monthly Archives: January 2015
Vuln: Oracle MySQL Server CVE-2014-6568 Remote Security Vulnerability
Oracle MySQL Server CVE-2014-6568 Remote Security Vulnerability
Vuln: Oracle MySQL Server CVE-2015-0411 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-0411 Remote Security Vulnerability
Vuln: Oracle MySQL Server CVE-2015-0432 Remote Security Vulnerability
Oracle MySQL Server CVE-2015-0432 Remote Security Vulnerability
Vuln: McAfee ePolicy Orchestrator 'conditionXML' Parameter XML External Entity Injection Vulnerability
McAfee ePolicy Orchestrator ‘conditionXML’ Parameter XML External Entity Injection Vulnerability
FBI Releases "Ransomware on the Rise"
Original release date: January 23, 2015
The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it.
Users and administrators are encouraged to review the FBI article “Ransomware on the Rise” for details and refer to Alert TA-295A for information on Crypto Ransomware.
This product is provided subject to this Notification and this Privacy & Use policy.
ManageEngine ServiceDesk 9.0 SQL Injection
ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability.
ManageEngine ServiceDesk 9.0 User Enumeration
ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote user enumeration vulnerability.
ManageEngine ServiceDesk Plus 9.0 Privilege Escalation
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.
Hack In The Box 2015 AMS Call For Papers
The Hack In The Box 2015 AMS Call For Papers closes at the end of January. It will be held May 26th through the 29th, 2015 at De Beurs van Berlage, Amsterdam.