Posted by Tod Beardsley on Apr 01
# Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)
## Product Description
Ceragon produces a series of ruggedized, microwave backhaul devices used
to provide connectivity to mobile, IP-based devices; usually, these
devices are found in either large industrial environments, or installed
on towers to provide “middle-mile” connectivity to mobile customers on
behalf of ISPs. In other words, a FibeAir IP-10 typically act as a…
Posted by Larry W. Cashdollar on Apr 01
Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
Author: Larry W. Cashdollar, @_larry0
Date: 2015-03-29
Download Site: https://wordpress.org/support/plugin/videowhisper-video-conference-integration
Vendor: http://www.videowhisper.com/
Vendor Notified: 2015-03-31, won’t fix. http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822
Vendor Contact:…
Posted by Larry W. Cashdollar on Apr 01
Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17
Author: Larry W. Cashdollar, @_larry0
Date: 2015-03-29
Download Site: https://wordpress.org/plugins/videowhisper-video-presentation/
Vendor: http://www.videowhisper.com/
Vendor Notified: 2015-03-31 won’t fix, http://www.videowhisper.com/tickets_view.php?t=10019545-1427810822
Vendor Contact: http://www.videowhisper.com/tickets_submit.php…
Posted by Antonio Quina on Apr 01
We have released SPARTA 1.0.2 BETA with some bug fixes and new features.
Read about it:
http://sparta.secforce.com/2015/03/sparta-1-0-2-beta-released/
Download:
https://github.com/SECFORCE/sparta
Posted by Johnny Five on Apr 01
Update to version 31.6.
Resolved Bugs
1207192 – CVE-2015-2806 libtasn1: stack overflow in asn1_der_decoding
1207194 – mingw-libtasn1: libtasn1: stack overflow in asn1_der_decoding [fedora-all]<br
libtasn1 4.4 release, fixing CVE-2015-2806.
GnuTLS 3.3.14 release
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8077
Resolved Bugs
1207741 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125) [fedora-all]
1207739 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host [fedora-all]
1207738 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126) [fedora-all]
1203732 – CVE-2015-2752 xen: long latency MMIO mapping operations are not preemptible (xsa125)
1203737 – CVE-2015-2756 xen: unmediated PCI command register access in qemu (xsa126)
1203745 – CVE-2015-2751 xen: certain domctl operations may be abused to lock up the host<br
Long latency MMIO mapping operations are not preemptible [XSA-125, CVE-2015-2752]
Unmediated PCI command register access in qemu [XSA-126, CVE-2015-2756]
Certain domctl operations may be abused to lock up the host [XSA-127, CVE-2015-2751]
update to xen-4.4.2
[security bulletin] HPSBMU03304 rev.1 – HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information