Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of service (process hang) by establishing many HTTPS sessions, aka Bug ID CSCuq40652.
Monthly Archives: March 2015
CVE-2015-2264
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory.
Kaspersky Finds NSA's Space Station Malware
CISA Cybersecurity Bill Advances Despite Security Concerns
IPass Control Pipe Remote Command Execution
This Metasploit module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTINUsers. This pipe can be abused to force the service to load a DLL from a SMB share.
Alkacon OpenCms 9.5.1 Cross Site Scripting
Alkacon OpenCms version 9.5.1 suffers from a cross site scripting vulnerability.
WordPress SEO By Yoast 1.7.3.3 SQL Injection
WordPress SEO by Yoast plugin versions 1.7.3.3 and below suffer from a remote blind SQL injection vulnerability.
WordPress WPML XSS / Deletion / SQL Injection
WordPress WPML plugin versions prior to 3.1.9.1 suffer from remote SQL injection, cross site scripting, and page/post/menu deletion vulnerabilities.
Codiad 2.5.3 Local File Inclusion
Codiad version 2.5.3 suffers from a local file inclusion vulnerability.
iPass Mobile Client 2.4.2.15122 Privilege Escalation
iPass Mobile Client version 2.4.2.15122 suffers from a local privilege escalation vulnerability.