Posted by Vulnerability Lab on Oct 23
Document Title:
===============
Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1222
Release Date:
=============
2014-10-21
Vulnerability Laboratory ID (VL-ID):
====================================
1222
Common Vulnerability Scoring System:
====================================
3
Product & Service Introduction:…
Last month, we presented “The Evolution of Webinject†in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.
The post The Evolution of Webinject appeared first on We Live Security.
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.
AVG’s RMM platform continues to evolve to give partners even tighter applications’ integration experience, reducing cost and complexity
AMSTERDAM and SAN FRANCISCO – October 23, 2014 – AVG Technologies N.V. (NYSE: AVG), the online security companyâ„¢ for 182 million active users, today gave partners attending its Cloud Summit in Arizona a first-look preview of key new features in AVG Managed Workplace®9.0, its open eco-system Remote Management & Monitoring (RMM) tool for IT resellers and managed services providers (MSPs).
Following continued close consultation with its partner-base, AVG is unveiling a number of significant technical refinements to its RMM platform that will enable MSPs to deliver an even more tightly integrated range of streamlined services through the same integrated management console.
Key advances among the new integration features and benefits for MSPs of the enhanced AVG Managed Workplace RMM platform are:
“Recent industry events like Shellshock and Gameover Zeus have shown businesses that it is still best to leave your IT in the hands of experts,†said Mike Foreman, General Manager, SMB, AVG Technologies. “Incorporating the constructive feedback from our partners, combined with a set of technical enhancements to our RMM platform provides our partners with enhanced levels of protection and control that will let their customers sleep at night.â€
AVG’s business security portfolio is supported by a worldwide network of more than 10,000 partners. Its pedigree in this area makes it ideally positioned to help smaller IT companies and MSPs harness low cost, cloud-based tools so they can transition into fully-fledged managed services businesses.
In October 2012 AVG introduced AVG CloudCare™, a cloud-based administration platform offering resellers a new way to implement and manage services such as antivirus, content filtering, online backup and email security services for their business customers. In June 2013 it added AVG Managed Workplace, an open eco-system Remote Management & Monitoring (RMM) tool. AVG‘s vision is to make the lives of MSPs and their business customers as easy as possible, regardless of whether staff are in the office, at home, or on the road.
AVG Managed Workplace 9.0 is scheduled for general availability from November 2014.
About AVG Technologies (NYSE: AVG)
AVG is the online security company providing leading software and services to secure devices, data and people. AVG has over 182 million active users, as of June 30, 2014, using AVG’s products and services including Internet security, performance optimization, and personal privacy and identity protection. By choosing AVG’s products, users become part of a trusted global community that engages directly with AVG to provide feedback and offer mutual support to other customers.
Microsoft is taking aim at traditional single password systems with the upcoming version of Windows, by including build in two-factor authentication according to ZDNet, which describes the move as “audacious plans to tighten security”.
The post Windows 10 to tighten security with prominent 2FA appeared first on We Live Security.
Wonderful World-Wide CMS suffers from having default administrative credentials and a remote SQL injection vulnerability.
Resolved Bugs
1155272 – phpMyAdmin-4.2.10.1 is available
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155363 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]<br
phpMyAdmin 4.2.10.1 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer
Resolved Bugs
1155272 – phpMyAdmin-4.2.10.1 is available
1155362 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12)
1155363 – CVE-2014-8326 phpmyadmin: cross-site scripting (XSS) flaw fixed in versions 4.0.10.5, 4.1.14.6, and 4.2.10.1 (PMASA-2014-12) [fedora-all]<br
phpMyAdmin 4.2.10.1 (2014-10-21)
================================
– [security] XSS in debug SQL output
– [security] XSS in monitor query analyzer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2014-0011
Synopsis: VMware vSphere Data Protection product update addresses a
critical information disclosure vulnerability.
Issue date: 2014-10-22
Updated on: 2014-10-22 (Initial Advisory)
CVE number: CVE-2014-4624
- ------------------------------------------------------------------------
1. Summary
VMware vSphere Data Protection product updates address a
vulnerability that could lead to sensitive information disclosure.
2. Relevant releases
VMware vSphere Data Protection 5.5 prior to 5.5.7
3. Problem Description
a. VMware vSphere Data Protection (VDP) contains a vulnerability that
may allow a remote user to retrieve sensitive account credentials
from the affected VDP server using Java API calls. No
authentication to the VDP server is required for this potential
attack. Exposed information includes MCUser and GSAN account
passwords of all grid systems that are being monitored in VPD
Enterprise Manager.
VMware would like to thank Jakub Mleczko from the Orange Poland
security team for reporting this issue to EMC and the EMC Product
Security Response Center for working with us on the issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the identifier CVE-2014-4624 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware ProductRunningReplace with/
Product Versionon Apply Patch
============= ===============================
VDP 5.8 any not affected
VDP 5.5 any 5.5.7
VDP 5.1 any not affected
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware vSphere Data Protection
----------
Downloads:
https://my.vmware.com/web/vmware/details?productId=375&downloadGroup=VDPADV
55_7
Documentation:
https://www.vmware.com/support/vdr/doc/vdp_557_releasenotes.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4624
- ------------------------------------------------------------------------
6. Change log
2014-10-22 VMSA-2014-0011
Initial security advisory for VDP 5.5.7 which was on released on
2014-10-09.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.0 (Build 8741)
Charset: utf-8
wj8DBQFUSEgTDEcm8Vbi9kMRArgSAJ9wGYfsOIejER040ui9UWbs6CIm+QCeMuEX
av3pKCx1Cd5lnAoT7FRtxDI=
=UJmN
-----END PGP SIGNATURE-----
Back in the old days, when we only had a desktop PC, security was simpler. But now, with multiple devices and an increasing variety of attack methods, keeping everything secure and up-to-date can be a daunting task. Avast 2015 simplifies the task with the best antivirus and anti-malware protection possible, the ability to remove annoying browser toolbars, one-click scanning for malware, updates, network security, and PC performance, and the world’s first home network scanner.
Home network scanner
Avast identified a growing area of insecurity close to home (actually right in your home!): Your home Wi-Fi network. Easily hacked passwords make home routers an effortless entry point for hackers or even free-loading neighbors. Avast 2015 security solutions include the first-ever home network scanner, which will help you prevent hacker attacks on your router and network.
One-click Smart Scan
To help simplify device security for your family, Avast 2015 now allows you to use a one-click smart scan to scan for hacker threats, software that needs to be updated, your home network security, and your PC‘s operating status.
Unique cleanup and updater features
One of the weakest links in people’s security is out-of-date software. Hackers take advantage of old software, but it’s actually one of the simplest areas to defend. With the improved Avast Software Updater, you are notified when there is a patch or update to the software you’re running – regardless of who it’s from.
PUPs (potentially unwanted programs) like toolbars and search resets are not only annoying; they’re dangerous. They collect information distributed to advertisers or anyone willing to pay for it. The improved Avast Browser Cleanup removes annoying toolbars and search settings, allowing you to choose the settings you want and accelerate PC performance.
The Avast 2015 security solution is available in four variations for home use—Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, and Avast Premier—and in 45 languages. Avast also provides world-class protection for businesses and mobile devices. Visit www.avast.com to learn more and download.
Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.
