Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
Monthly Archives: April 2015
Airties Air5650v3TT Remote Stack Overflow
Airties Air5650TT remote stack overflow exploit that spawns a reverse shell.
US teen pleads guilty to $100 million gaming hack
An Indiana teen has pleaded guilty to his involvement in a hacking ring that is said to have stolen data worth more than $100 million from major gaming developers.
The post US teen pleads guilty to $100 million gaming hack appeared first on We Live Security.
[ MDVA-2015:007 ] mariadb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:007 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mariadb Date : April 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades MariaDB to the latest 5.5.42 version which resolves various upstream bugs. _______________________________________________________________________ References: https://mariadb.com/kb/en/mariadb-5542-changelog/ _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 71c8d8fded75bbaae327a48198419c6b mbs1/x86_64/lib64mariadb18-5.5.42-1.mbs1.x86_64.rpm 3f8a6e51d3212ed73b0ad57e3bd37f6a mbs1/x86_64/li
[ MDVSA-2015:192 ] subversion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:192 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : subversion Date : April 3, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in subversion: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests (CVE-2015-0202). Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers (CVE-2015-0248). Subversion HTTP servers allow spoofing svn:author property values for new revisio
Obama issues cybersecurity executive order to tackle ‘national emergency’
President Barack Obama has issued an executive order allowing economic sanctions against hackers outside the United States.
The post Obama issues cybersecurity executive order to tackle ‘national emergency’ appeared first on We Live Security.
[ MDVA-2015:006 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:006 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nss Date : April 3, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades NSS to the latest 3.18 version which resolves various upstream bugs. Additionally the rootcerts package has also been updated to the latest version as of 2015-03-26, which adds, removes, and distrusts several certificates. _______________________________________________________________________ References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18_release_notes _______________________________________________________________________ Updated
[ MDVA-2015:005 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2015:005 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : nss Date : April 3, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades NSS to the latest 3.18 version and NSPR to the latest 4.10.8 version which resolves various upstream bugs. Additionally the rootcerts package has also been updated to the latest version as of 2015-03-26, which adds, removes, and distrusts several certificates. _______________________________________________________________________ References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17.4_release_notes https://developer.mozilla.org/en-US/docs
WordPress Simple Ads Manager 2.5.94 / 2.5.96 SQL Injection
WordPress Simple Ads Manager plugin versions 2.5.94 and 2.5.96 suffer from multiple remote SQL injection vulnerabilities.
WordPress Simple Ads Manager 2.5.94 File Upload
WordPress Simple Ads Manager version 2.5.94 suffers from an arbitrary file upload vulnerability.