An army of the undead, wreaking havoc on the Internet – it’s a nightmare scenario that has played out many times as the population of humans online has exploded. Some zombie plagues have been particularly troubling, and we will take a look at the worst of the worst.
The post Top 5 Scariest Zombie Botnets appeared first on We Live Security.
Resolved Bugs
1060758 – CVE-2012-2249 tor: denial of service via a renegotiation attempt
1060762 – CVE-2012-2249 tor: denial of service via a renegotiation attempt [epel-5]
1102136 – tor: security update [epel-all]
1055014 – CVE-2013-7295 tor: improper random number generation on certain Intel platforms with OpenSSL 1.x
1060768 – CVE-2012-2250 tor: denial of service via link protocol negotiation
1060769 – CVE-2012-2250 tor: denial of service via link protocol negotiation [epel-5]<br
Update to latest upstream release.
This is part of the second part of the security rollup to 2.3.18 for EPEL5. These packages don’t have security updates, but their dependencies of activerecord, activesupport and actionpack do.
Resolved Bugs
1142849 – [RFE] include nginx vim files
1142298 – RFE: nginx + php + webapp
1142573 – CVE-2014-3616 nginx: virtual host confusion
1142576 – CVE-2014-3616 nginx: virtual host confusion [epel-all]<br
* use default.d directory
* add vim files (#1142849)
* Security fix for CVE-2014-3616
* Create nginx-filesystem subpackage
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.