Google and the University of Pennsylvania performed a study intended to determine the effect of best practices on the efficacy of SSL browser warnings.
Monthly Archives: February 2015
SQL injection vulnerability in Pragyan CMS v.3.0
Posted by Steffen Rösemann on Feb 03
Advisory: SQL injection vulnerability in Pragyan CMS v.3.0
Advisory ID: SROEADV-2015-11
Author: Steffen Rösemann
Affected Software: Pragyan CMS v.3
Vendor URL: https://github.com/delta/pragyan, http://delta.nitt.edu/
Vendor Status: vendor did not respond after initial communication
CVE-ID: –
==========================
Vulnerability Description:
==========================
Pragyan CMS v. 3 suffers from a SQL injection vulnerability that can be…
Capstone disassembly engine 3.0.1 released!
Posted by Nguyen Anh Quynh on Feb 03
Greetings,
We are happy & excited to release version 3.0.1 of Capstone disassembly
framework!
This stable version brings some important bugfixes for X86, Arm, Arm64,
PowerPC architectures. Several memory leaking issues in Python/Cython
bindings have been addressed, too.
Since this release, our Python module “capstone” on PyPi allows to download
& compile the core at the same time of installing Python package, so Python
users…
1,800 Domains Overtaken by Flash Zero Day
Researchers at Cisco say that a Flash zero day exploit has compromised 1,800 domains, the majority of those during a 48-hour period last week.
Fedora EPEL 7 Security Update: qpid-cpp-0.30-9.el7
Resolved Bugs
1181721 – CVE-2015-0203 qpid-cpp: qpidd can be crashed by unauthenticated user
1186308 – CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented
1184488 – build failure in qpid-cpp-0.30/src/tests/txshift.cpp<br
Resolves: BZ#1186308
Apply patch 10.
Resolves: BZ#1184488
Resolves: BZ#1181721
Enabled building the linear store.
White House seeks 10% increase in cybersecurity spend
President Obama’s budget proposal for the 2016 fiscal year includes a projected 10 percent increase in cybersecurity spend, reports Reuters.
The post White House seeks 10% increase in cybersecurity spend appeared first on We Live Security.
New Wave of CTB-Locker/Critroni Ransomware Hitting Victims
There is a new wave of attacks delivering the CTB-Locker or Critroni crypto ransomware, arriving through spam messages with a variety of lures in several different countries. CTB-Locker is one of the newer variants in the crypto ransomware family, a kind of malware that encrypts victims’ hard drives and demands a relatively large payment in order […]
Capstone 3.0.1
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
Hewlett-Packard UCMDB 10.10 JMX-Console Authentication Bypass
Hewlett-Packard Universal CMDB version 10.10 suffers from a jmx-console related authentication bypass vulnerability.
CVE-2014-5360 (landesk_management_suite)
Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.