Red Hat Security Advisory 2015-1214-01 – The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
Monthly Archives: July 2015
HP Security Bulletin HPSBUX03363 1
HP Security Bulletin HPSBUX03363 1 – A potential security vulnerability has been identified with OpenSSL which may impact HP-UX Apache Web Server with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as “Logjam” which could be exploited remotely resulting in disclosure of information. Note: The default configuration of HP-UX Apache Web Server is not vulnerable. Revision 1 of this advisory.
AirLink101 SkyIPCam1620W OS Command Injection
Core Security Technologies Advisory – The AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera is vulnerable to an OS command injection vulnerability in the snwrite.cgi binary.
Merethis Centreon 2.5.4 SQL Injection / Remote Command Execution
Merethis Centreon versions 2.5.4 and below suffer from remote SQL injection and command execution vulnerabilities.
Symantec EP 12.1.4013 Denial Of Service
Symantec EP version 12.1.4013 suffers from a denial of service vulnerability.
Firefox 39 Out With Patches for Four Critical Vulnerabilities
Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs. IN all, Firefox 39 patches 13 vulnerabilities, including two high-risk bugs and six moderate-level ones. The most dangerous vulnerabilities, however, include a pair of use-after-free bugs in one part of […]
FBI Director to Silicon Valley: ‘Try Harder’ to Find ‘Going Dark’ Solution
FBI director James Comey and Deputy Attorney General Sally Yates testified before a Senate committee on how encryption is hampering law enforcement and national security efforts.
Administration Views – Critical – Information Disclosure – SA-CONTRIB-2015-132
- Advisory ID: DRUPAL-SA-CONTRIB-2015-132
- Project: Administration Views (third-party module)
- Version: 7.x
- Date: 2015-July-08
- Security risk: 15/25 ( Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:All
- Vulnerability: Information Disclosure
Description
Administration Views module replaces overview/listing pages with actual views for superior usability.
The module does not check access properly under certain circumstances. Anonymous users could get access to read information they should not have access to.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Administration Views 7.x-1.x versions prior to 7.x-1.5.
Drupal core is not affected. If you do not use the contributed Administration Views module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Administration Views module for Drupal 7.x, upgrade to Administration Views 7.x-1.5
Also see the Administration Views project page.
Reported by
Fixed by
- Damian Lee, a module maintainer
Coordinated by
- Pere Orga of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
Computer Glitches Mysteriously Halt Stock Exchange, United Flights, WSJ
CVE-2015-4614
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.