Resolved Bugs
1192960 – drupal6-views: drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039) [fedora-all]
1192340 – drupal6-views-2.18 is available
1192959 – drupal-views: multiple vulnerabilities (SA-CONTRIB-2015-039)<br
Latest upstream release.
Monthly Archives: February 2015
Fedora 21 Security Update: sox-14.4.1-7.fc21
Fedora 20 Security Update: drupal6-views-2.18-1.fc20
Cosmoshop Cross Site Scripting
Cosmoshop suffers from a cross site scripting vulnerability.
CVE-2015-0517
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
CVE-2015-0518
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
CVE-2015-0519
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
HumHub 0.10.0 File Upload / Remote Code Execution
HumHub versions 0.10.0 and below suffer from .htaccess file upload and remote code execution vulnerabilities.
Bugtraq: [security bulletin] HPSBGN03258 rev.1 – HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution
[security bulletin] HPSBGN03258 rev.1 – HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution
Bugtraq: UNIT4 Prosoft HRMS XSS Vulnerability
UNIT4 Prosoft HRMS XSS Vulnerability