CentOS Errata and Bugfix Advisory 2015:1779 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1779.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: fd48636bc24a9303826e1c57008d7da21a8dc5a72cae72ccaa88e3cdf8406e61 selinux-policy-3.13.1-23.el7_1.18.noarch.rpm 7ed18f9a42ea5cbadf0ed1304273577c8a92220dc24bbb11277ce5b8ecc0cb45 selinux-policy-devel-3.13.1-23.el7_1.18.noarch.rpm 614c5f412cd5be0f2f3cc509ceeddfeb34ffbb30b847edcf0eccb6ecf4ec77f5 selinux-policy-doc-3.13.1-23.el7_1.18.noarch.rpm ac28e2d9c0b002342e63f2ff042f1fc19ec1ec18d8d2bfc7e0ada23af65fca14 selinux-policy-minimum-3.13.1-23.el7_1.18.noarch.rpm 35267737fc44312feeae5a956b2538e94a31247bdea76d5e4fa4d918f84997fe selinux-policy-mls-3.13.1-23.el7_1.18.noarch.rpm 77e51ef161d5894dca0bdb5153025a6cc29b771b44b3c093f51ec477bf2804d1 selinux-policy-sandbox-3.13.1-23.el7_1.18.noarch.rpm 9cf3ad902a64688cbd340912bd73312160941b4f12ff8818b9097910f687c0a4 selinux-policy-targeted-3.13.1-23.el7_1.18.noarch.rpm Source: 17b01fe0f78ed5268329d5ee378bf9c23a4afcc34d3ae525cff9ec309e0d12b0 selinux-policy-3.13.1-23.el7_1.18.src.rpm
Monthly Archives: September 2015
CEBA-2015:1790 CentOS 7 fence-agents BugFix Update
CentOS Errata and Bugfix Advisory 2015:1790 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1790.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ec798d14e642fef7a4957fb02f0ade7c54f00a518de456922ee3e1a83fcf275f fence-agents-all-4.0.11-13.el7_1.2.x86_64.rpm d9d459ebc7f9c072f3efe28744084e946bdd895d1c057387f2dbab0dd79f3367 fence-agents-apc-4.0.11-13.el7_1.2.x86_64.rpm 6908bc5d7319ca72508f4631b0b5b9b9e995a2ea88afaf05c8bceed890f373ed fence-agents-apc-snmp-4.0.11-13.el7_1.2.x86_64.rpm be3d33249da9a96e7ad042e89e350165c6713b4b1d0e8d5abc349b6498a5501f fence-agents-bladecenter-4.0.11-13.el7_1.2.x86_64.rpm 428989382a85f030af190546a6a5b11b4329e40334be9bdec9eb354170aaffd2 fence-agents-brocade-4.0.11-13.el7_1.2.x86_64.rpm f41ddbdf44089030e5e144df7144147b517aa6b08eff6e151bea914ba8652dd0 fence-agents-cisco-mds-4.0.11-13.el7_1.2.x86_64.rpm 0fef8ff1aa21a86b2153b5f8c5e240f84f0c9b27eb33e6eabac9029d0930cec3 fence-agents-cisco-ucs-4.0.11-13.el7_1.2.x86_64.rpm 2259b9cefacbe564b048136004f6f15607a95c5725db3098198a7cc3121748e5 fence-agents-common-4.0.11-13.el7_1.2.x86_64.rpm 74ea75cd4938f164907985be3311b82248722a572b2c3f3aab3c0c12b4cfde35 fence-agents-compute-4.0.11-13.el7_1.2.x86_64.rpm fed37bf389f30e000ee367401690aa6fac5ce1588c192a0d1b11da2d1b7713a8 fence-agents-drac5-4.0.11-13.el7_1.2.x86_64.rpm af781b8c2f71d05a33fb55f7391baa810d1c30e4b912b33f0a233e579d93d680 fence-agents-eaton-snmp-4.0.11-13.el7_1.2.x86_64.rpm 8e47e4f9a4320bc693d6407407b238a9fcaca0292e5b2be4d4b22bcc01f37175 fence-agents-eps-4.0.11-13.el7_1.2.x86_64.rpm 19933ce5961c0c8201416a29ca7778fbef598c3bccdad08efbde2ae320cdd489 fence-agents-hpblade-4.0.11-13.el7_1.2.x86_64.rpm 464f26b12f05209adc4d575064d0e4f0cfcaec4202149e1404f15b3d3d689a63 fence-agents-ibmblade-4.0.11-13.el7_1.2.x86_64.rpm c1911b20a94535a236c912f628874217a9415e9e2047fe1260dcc0abc4a7e81b fence-agents-ifmib-4.0.11-13.el7_1.2.x86_64.rpm 1f9b5da41bcd3a6137d284e2177a6e238499bd0dd1f0d3a01a70caa825a64ac4 fence-agents-ilo2-4.0.11-13.el7_1.2.x86_64.rpm dc099144e67acd1f0412a3680d1286453ff4351bf6dceb2b1a648b3220a3d116 fence-agents-ilo-mp-4.0.11-13.el7_1.2.x86_64.rpm c37b1a4856eec1b7bef968f7fe847f70bcc1dccb0e923cd843da3f57e727a350 fence-agents-ilo-ssh-4.0.11-13.el7_1.2.x86_64.rpm c94a5edb7006e123be6e19a943370036fa367d6ee85c0c6c38cec5cf2b9d5c8a fence-agents-intelmodular-4.0.11-13.el7_1.2.x86_64.rpm 1449f424364d4e490c8d7b4ac98679efe62c6e0894e4d6f52b8a3fb4635525fa fence-agents-ipdu-4.0.11-13.el7_1.2.x86_64.rpm 6d4084d5afe109a2f3a1fd24fa787aefb9ad76168af023f746d100bd1a3bff93 fence-agents-ipmilan-4.0.11-13.el7_1.2.x86_64.rpm 587c028006363f2ef2cd4db11957fd490fd7cb667df8deb2b52663e9b39d03d4 fence-agents-kdump-4.0.11-13.el7_1.2.x86_64.rpm 1d07baec81a06ffce499d9f3de8de1b8e93865ad7fd117a71d75002ca3f27ade fence-agents-rhevm-4.0.11-13.el7_1.2.x86_64.rpm 2e79bdf86010169cf581a1b7ffa157822c76264fcca7972a7b0207516a2b0bd6 fence-agents-rsb-4.0.11-13.el7_1.2.x86_64.rpm 193c5770c07accf4adb620907c376325eed35d3cca8bfc78aac1cf7df1dda6b5 fence-agents-scsi-4.0.11-13.el7_1.2.x86_64.rpm 054ff3065af4acc7d8856065cdd7ee5ec2a23477939397058ade7b4ff02f1aa5 fence-agents-virsh-4.0.11-13.el7_1.2.x86_64.rpm 0812ef928f207a34c1133781f4e14af0c1456c64307520d44046e773980ecc97 fence-agents-vmware-soap-4.0.11-13.el7_1.2.x86_64.rpm 64e5984ecbd97ce286d1c8f9f470bec0be808d325cb295cd36970873d4497b59 fence-agents-wti-4.0.11-13.el7_1.2.x86_64.rpm Source: 1d69ade001b5a651b7a430f7d02f3404061d5f2f0f7764158dd9e658b25f05ac fence-agents-4.0.11-13.el7_1.2.src.rpm
Researchers make easy work of Android lockscreen security
Researchers from the University of Texas at Austin have demonstrated how easy it is to bypass Android lockscreen security.
The post Researchers make easy work of Android lockscreen security appeared first on We Live Security.
Panda Security achieves a 100% detection rate yet again, according to AV-Comparatives!
It’s happened again! Our free antivirus, Panda Free Antivirus, has obtained a 100% rate of detection according to the monthly report that was carried out in August by AV-Comparatives.
This is another success for our XMT motor, which is the basis for all of our consumer solutions.
That’s not all, though! We scored the same result in the Real World Protection Test that was carried out during the last three months. This test recreates real-life conditions in which it analyzes and subjects different protection solutions to various tests. Here are Panda’s results:
You can see all of the information in this infographic, which explains it all for you. Congratulations, everyone!
The post Panda Security achieves a 100% detection rate yet again, according to AV-Comparatives! appeared first on MediaCenter Panda Security.
Kids safety online depends on us being better role models
We lock our doors and activate security systems to keep intruders out. We place parental controls on TV channels to manage what our children watch. We keep our kids out of R-rated movies until we feel it’s appropriate. We monitor the violence of their videos games. All of this to keep them shielded from explicit content. Except this time, the violence was very real and readily available on social media.
The recent shootings in Virginia created an unprecedented situation for parents. The incident was caught on camera during a live broadcast of a television newscast, producing a graphic video of the shooting, violence that wasn’t in a video game or TV show but a real murder. That clip, along with video of shocked expressions during the newscast, circulated the Internet available for children to stumble upon. The shooter also recorded the murder from his phone and uploaded it onto social media, making the video widely available. And people viewed it and shared it.
This also raises larger questions: How many people viewed these videos online? Should we have sought out and viewed these videos? Is there a social responsibility to take ownership of our online behaviour? Is our own behaviour demonstrating to our kids how to responsibly use the internet?
The children we try so hard to protect could have seen these videos online. Children’s introduction to the Internet often happens before they’re educated in online safety skills. An AVG Technologies survey found 66 percent of children ages three to five stated that they can play a computer game, but only 14 percent can tie their own shoes.
Much of the online crises that can occur to youth today—from teen sexting to identity theft to cyberbullying—can be mostly avoided if they understand the consequences of their actions. According to the same survey from AVG, nearly one in three teenagers said they regret posting something online and 32 percent have had to ask someone to remove content posted online about them.
When technological development outpaces society’s sense of responsibility and understanding of that technology, it can create unintended consequences in our lives and in the lives of our children. The answer is not only to encourage a society-wide attitude of responsibility for our impact as digital citizens, but also to empower the leadership of organizations to work together and create new solutions that allow innovation to continue while taking responsibility for our own digital lives.
For more information about the Smart User Initiative, go to www.smartuser.com.
FuzzDB updated, relocated to Github
Posted by Adam Muntner on Sep 15
FuzzDB has moved to Github.- https://github.com/fuzzdb-project/fuzzdb
– New and updated payload files
– Easier to find payloads
– Comments that were previously in payload files relocated to README.md
files
– Documentation and cheatsheets centralized in /docs
Pull requests welcomed!
ManageEngine EventLog Analyzer SQL query execution
Posted by xistence on Sep 15
Exploit Title: ManageEngine EventLog Analyzer SQL query execution
Product: ManageEngine EventLog Analyzer
Vulnerable Versions: v10.6 build 10060 and previous versions
Tested Version: v10.6 build 10060 (Windows)
Advisory Publication: 14/09/2015
Vulnerability Type: authenticated SQL query execution
Credit: xistence <xistence[at]0x90.nl>
Product Description
——————-
EventLog Analyzer carry out logs analysis for all Windows, Linux…
ManageEngine OpManager multiple vulnerabilities
Posted by xistence on Sep 15
Exploit Title: ManageEngine OpManager multiple vulnerabilities
Product: ManageEngine OpManager
Vulnerable Versions: v11.5 and previous versions
Tested Version: v11.5 (Windows)
Advisory Publication: 14/09/2015
Vulnerability Type: hardcoded credentials, SQL query protection bypass
Credit: xistence <xistence[at]0x90.nl>
Product Description
——————-
ManageEngine OpManager is a network, server, and virtualization monitoring
software…
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
Posted by Ahrens, Julien on Sep 15
secunet Security Networks AG Security Advisory
Advisory: Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
1. DETAILS
———-
Product: Typo3 CMS
Vendor URL: typo3.org
Type: Cross-site Scripting[CWE-79]
Date found: 2015-07-30
Date published: 2015-09-14
CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE: CVE-2015-5956
2. AFFECTED VERSIONS
——————–
Typo3 6.2.14 and…
Weeman 1.1 HTTP server for phishing | release announcement
Posted by Hypsurus on Sep 15
Hello list,
Weeman 1.1 – is a simple HTTP server (Using python).
The server will do the following steps:
1, will create a phishing page,
2, will grab the DATA take the user,
3, and will try to login the user to the original website.
Tested only on linux.
You will need to install python <= 2.x , and python2-beautifulsoup4
Screenshot and repository: https://github.com/Hypsurus/weeman.git
The project is open-source (GPLV3 license), feel…