Posted by Vulnerability Lab on Oct 21
Document Title:
===============
FileBug v1.5.1 iOS – Path Traversal Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342
Release Date:
=============
2014-10-15
Vulnerability Laboratory ID (VL-ID):
====================================
1342
Common Vulnerability Scoring System:
====================================
5.1
Product & Service Introduction:…
Posted by Vulnerability Lab on Oct 21
Document Title:
===============
Files Document & PDF 2.0.2 iOS – Multiple Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341
Release Date:
=============
2014-10-14
Vulnerability Laboratory ID (VL-ID):
====================================
1341
Common Vulnerability Scoring System:
====================================
8.7
Product & Service Introduction:…
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:200 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : bugzilla Date : October 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated bugzilla packages fix security vulnerabilities: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571). An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatic
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:199 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : perl Date : October 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated perl and perl-Data-Dumper packages fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function (CVE-2014-4330). The Data::Dumper module bundled with perl and the perl-Data-Dumper packages has been updated to fix this issue. ________________________________________________
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:198 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : mediawiki Date : October 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199). MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages (CVE-2014-7295). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199 http://cve.mitre.org/cgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:197 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : python Date : October 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated python packages fix security vulnerability: Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185 http://advisories.mageia.org/MGASA-2014-0399.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: dcefcf76c1a242a7f6f1b6db782df456 mbs1/x86_64/lib64pyt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:196 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : rsyslog Date : October 21, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated rsyslog packages fix security vulnerability: Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack (CVE-2014-3634). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634 http://cve.mitre.org/cgi-bin/cvename.cgi?name
The warning is particularly relevant to those users who choose to download pirated software. As reported on The Safe Mac, the “iWorm†Trojan malware has been distributed through a pirate software website offering infected commercial software applications, such as Adobe Photoshop, Adobe Illustrator, Microsoft Office and Parallels.
This particular Trojan malware has been identified as being able to receive commands from the remote attacker and can inspect and transmit your files from your Mac. iWorm can also download and execute additional components – potentially causing serious havoc and compromising your privacy.
Mac users who choose to download untrusted applications from pirate websites are often completely unaware of the risks; easily blindsided by the immediate cost-savings of avoiding purchasing the software legitimately.
All iWorm Trojan malware is detected by AVG Antivirus for Mac including:
While the prevalence of Mac malware remains relatively low when compared to Windows PC users, it’s no reason for Mac users to be complacent. Make sure you protect all your devices today.
Until next time, stay safe out there.
Stationary and office supply store Staples is the latest company to be dealing with a credit and debit card breach, according to Brian Krebs at Krebs on Security.
The post Staples the latest to be hit by credit card breach? appeared first on We Live Security.
The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.