Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. (CVSS:4.3) (Last Update:2013-10-09)
All posts by 007admin
CVE-2013-5576
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013. (CVSS:6.8) (Last Update:2013-11-30)
WatchGuard Technologies Brings Big Data Visibility Tools to Network Security
Zero-install, cloud-ready WatchGuard Dimension instantly distills ‘oceans of security data’ into key insights and trends
CVE-2013-6044
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL’s scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by “the login view in django.contrib.auth.views” and the javascript: scheme. (CVSS:4.3) (Last Update:2013-12-10)
CVE-2013-4249
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. (CVSS:4.3) (Last Update:2013-10-08)
Walker County School District Deploys WatchGuard Technologies Following Devastating Tornado
After losing 95 percent of its data center infrastructure, district reassesses network security needs to support data-intense applications and programs
Catholic Regional College Gives Students, Staff and Parents Secure Access to Critical Data and Applications Using WatchGuard
School district uses market’s highest performing Unified Threat Management solution to control the flow of information in and out of the network
CVE-2013-1443
The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed. (CVSS:5.0) (Last Update:2014-01-27)
Cascade School District Uses WatchGuard Technologies to Meet BYOD, Cloud and Remote Access Security Challenges
School district cuts costs, streamlines operations, and centralizes security infrastructure
CVE-2013-1034 (os_x_server)
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.