Pimcore v3.0.5 CMS – Multiple Web Vulnerabilities
Monthly Archives: May 2015
So, The NSA Has An Actual Skynet Program
Here Come More Critical Adobe Reader Patches
eFront 3.6.15 SQL Injection
eFront version 3.6.15 suffers from a remote SQL injection vulnerability.
eFront 3.6.15 Path Traversal
eFront version 3.6.15 suffers from a path traversal vulnerability.
eFront 3.6.15 PHP Object Injection
eFront version 3.6.15 suffers from a PHP object injection vulnerability.
DSA-3254 suricata – security update
Kostya Kortchinsky of the Google Security Team discovered a flaw in the
DER parser used to decode SSL/TLS certificates in suricata. A remote
attacker can take advantage of this flaw to cause suricata to crash.
MDVSA-2015:232: libtasn1
Updated libtasn1 packages fix security vulnerability:
A malformed certificate input could cause a heap overflow read in the
DER decoding functions of Libtasn1. The heap overflow happens in the
function _asn1_extract_der_octet() (CVE-2015-3622).
Fedora EPEL 7 Security Update: php-ZendFramework2-2.3.8-1.el7
* **ZF2015-04**: ZendMail and ZendHttp were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either ZendMail or ZendHttp (which includes users of ZendMvc), we recommend upgrading immediately.
Xeams 4.5 Build 5755 CSRF / Cross Site Scripting
Xeams version 4.5 build 5755 suffers from cross site request forgery and cross site scripting vulnerabilities.