Monthly Archives: October 2014

NVD

CVE-2014-8071

Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to allergyui/allergy.page; the (6) w10 parameter to htmlformentryui/htmlform/enterHtmlForm/submit.action; the (7) HTTP Referer Header to login.htm; the (8) returnUrl parameter to htmlformentryui/htmlform/enterHtmlFormWithStandardUi.page or (9) coreapps/mergeVisits.page; or the (10) visitId parameter to htmlformentryui/htmlform/enterHtmlFormWithSimpleUi.page.

Mandriva

[ MDVSA-2014:202 ] php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:202
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php
 Date    : October 23, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in php:
 
 A heap corruption issue was reported in PHP's exif_thumbnail()
 function. A specially-crafted JPEG image could cause the PHP
 interpreter to crash or, potentially, execute arbitrary code
 (CVE-2014-3670).
 
 The updated php packages have been upgraded to the 5.5.18 version
 resolve this security flaw.
 
 Additionally, php-apc has been rebuilt against the updated php
 packages.
 _______________________________________________________________________

 References:

 ht
Panda Security

How to boost security on your Facebook account with two-step verification

two-step-verification-facebook

No doubt you’ve heard about two-step verification used on various social networks.

Having this option enabled lets you increase security on your account and helps prevent unauthorized and potentially malicious access.

In the case of Facebook, the process is simple, and all you need is your cell phone handy to confirm access from a new device. In Facebook, a new device is one that you haven’t used previously to connect to the platform.

This way, what you have to do is approve logins to prevent others from accessing your account.

Here we explain step-by-step how to enable login approvals.

How to boost security on your Facebook account with two-step verification

In your Facebook account, go to Settings.

facebook-settings

Go into Account Settings and select Security. There you will see “Login Approvals”.

facebook-login

From there click “Require a security code to access my account from unknown browsers”.

facebook-login-approvals

facebook-security-code

When you enter the code that they send to your phone, you will have to enter your Facebook account password.

facebook-password

Now you have enabled login approvals.

facebook-complete

Facebook also gives you the option to print security codes in case at some time you don’t have your phone handy. It’s easy, right?

The post How to boost security on your Facebook account with two-step verification appeared first on MediaCenter Panda Security.

Avira

Avira HR Team @Top Employers Job Fair

Software engineering: from everyday challenges to real world solutions

The second day of event, our colleague Radu Calin (Web Backend Software Engineer) gave a presentation about Distributed computing during the workshop we organized. We were happy to learn that this session raised unexpected interest among the candidates attending the fair: more than 120 people had registered for what we designed as a workshop with 40 participants.

Radu talked about how we managed to build a product that makes life easier for millions of users worldwide, all the while solving some of the most difficult problems of the cloud era. He went more in-depth, showing the attendees how the Avira team managed to create a scalable distributed system with pure fun and passionate engineering. Towards the end, he did not forget to give some details about what makes “life at Avira” so special and the audience was really impressed.

All in all, the event was a great success for our HR team:  2 days, over 500 applicants, almost 1400 flyers taken home by the candidates, 1 workshop with 58 participants, and over 5000 participants to attend the fair in search of their next Top Employers.

If you missed the event but you also want to” join the battle”, you can also check the current job opportunities and apply directly on our career page. A virtual job fair is also organized to follow up with Top Employers attendees, check it out here.

The post Avira HR Team @Top Employers Job Fair appeared first on Avira Blog.

Full Disclosure

File Manager v4.2.10 iOS – Code Execution Vulnerability

Posted by Vulnerability Lab on Oct 23

Document Title:
===============
File Manager v4.2.10 iOS – Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:…