Ckeditor version 4.4.7.x suffers from cross site scripting and remote shell upload vulnerabilities.
Monthly Archives: March 2015
Debian Security Advisory 3184-1
Debian Linux Security Advisory 3184-1 – Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard.
Debian Security Advisory 3185-1
Debian Linux Security Advisory 3185-1 – Multiple vulnerabilities were discovered in libgcrypt.
Debian Security Advisory 3183-1
Debian Linux Security Advisory 3183-1 – Multiple vulnerabilities have been discovered in Movable Type, a blogging system.
HP Security Bulletin HPSBGN03249 1
HP Security Bulletin HPSBGN03249 1 – Potential security vulnerabilities has been identified with HP ArcSight Enterprise Security Manager (ESM) and HP ArcSight Logger. These vulnerabilities could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
HP Security Bulletin HPSBMU02895 SSRT101253 5
HP Security Bulletin HPSBMU02895 SSRT101253 5 – Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 5 of this advisory.
DSA-3186 nss – security update
It was discovered that the Mozilla Network Security Service library
(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could
possibly use this issue to perform a data-smuggling attack.
Adobe Patches 11 Critical Vulnerabilities in Flash Player
Adobe released an updated Flash Player with patches for 11 critical vulnerabilities, most of which lead to remote code execution.
Re: 'Rowhammer' – Software-triggered DRAM corruption
Posted by Aris Adamantiadis on Mar 12
Le 12/03/15 17:00, Nick Boyce a écrit :
There are countless reports of the attack working on desktops. It worked
on one of the two non-ecc desktops I’ve tried it on. It’s an AMD FX 8150.
Aris
Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities
Posted by Rehan Ahmed on Mar 12
Product: OpenCms
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/opencms-core/issues/304)
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Not Yet (…