ZTE ZXHN H108L fails to verify user authentication when editing the CWMP configuration.
Monthly Archives: November 2014
CVE-2012-1669
Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
CVE-2012-6665
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2012-1669. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might have been fixed in 1.0.3.
CVE-2014-0059
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions audit.log, which allows local users to obtain sensitive information by reading this file.
CESA-2014:1859 Important CentOS 5 mysql55-mysqlSecurity Update
CentOS Errata and Security Advisory 2014:1859 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1859.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: c9ea1dadcefa2f454dc3dd4eb1b0dafd708d562caf9895fd403f9ee353f315d4 mysql55-mysql-5.5.40-2.el5.i386.rpm c0b71829ab4e34eaf7a24851dbe55379184950991b7571d72f368a219cd941f3 mysql55-mysql-bench-5.5.40-2.el5.i386.rpm 87a51c1e79ed717e89825f720e994253e5d4360a73db36f072f2c7dab2457ded mysql55-mysql-devel-5.5.40-2.el5.i386.rpm 6f5eedc05d29537847da75d2d396f7771ceb4bf05540e395be1b09606046fa5c mysql55-mysql-libs-5.5.40-2.el5.i386.rpm 21c20d37c91c1dc924a10fc0207244e01d33719678743fcc48ca948581dfa8d9 mysql55-mysql-server-5.5.40-2.el5.i386.rpm 55d7cc9c7fa54d5917b9c17059d430cf8e726584c0bec898b47737815bdab585 mysql55-mysql-test-5.5.40-2.el5.i386.rpm x86_64: 650d9818697804c2f19a296675d1560d117d014b51a00b6ef5dbab8aeb307cdb mysql55-mysql-5.5.40-2.el5.x86_64.rpm ced490aeacc547995c9d8b7525f834a813d57498839e1dbada3e66f847864488 mysql55-mysql-bench-5.5.40-2.el5.x86_64.rpm 87a51c1e79ed717e89825f720e994253e5d4360a73db36f072f2c7dab2457ded mysql55-mysql-devel-5.5.40-2.el5.i386.rpm a5d4c7ac1494f388f61956882d5611e822098be1a2c6287800ca9e2a8e9dee77 mysql55-mysql-devel-5.5.40-2.el5.x86_64.rpm 1e45e766f62ff399483acc945c0eee9284b12c6f2a7b6b1ea2b232db07d83d5c mysql55-mysql-libs-5.5.40-2.el5.x86_64.rpm e490a7fff04ec59129f7cfdca654ac71554e36f220bdb3e235d0ee0048460103 mysql55-mysql-server-5.5.40-2.el5.x86_64.rpm 05dea9082221e5b84cf65d32e862608524d6ff9e9b4183aabe49a4e2da925761 mysql55-mysql-test-5.5.40-2.el5.x86_64.rpm Source: ed34392e938f632fbd9d6ab6d93c217b3a9d0a62d2207559ca4aead56bd00702 mysql55-mysql-5.5.40-2.el5.src.rpm
CESA-2014:1861 Important CentOS 7 mariadbSecurity Update
CentOS Errata and Security Advisory 2014:1861 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1861.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: f21d6c8f097891da2ac2fd26efb759977c468c6e51782ab89bfd4ff80ea44733 mariadb-5.5.40-1.el7_0.x86_64.rpm 5f5c51540d5adeb81853dbb8221705af85ca92af59d59ff9b98a1367498d0265 mariadb-bench-5.5.40-1.el7_0.x86_64.rpm b7c24f9b1b02adaaec267afce5dc1d48780b9a385c4cee4d6283b1e571094c36 mariadb-devel-5.5.40-1.el7_0.i686.rpm 56a060d85e5df669d20e1d930b16e16d297785c324fdf7c00b16d10d0e250577 mariadb-devel-5.5.40-1.el7_0.x86_64.rpm 207a684aa8f97fd0f8a6e50e82c24c54ae0dbc3e07ee68f8290bb9425182ecf3 mariadb-embedded-5.5.40-1.el7_0.i686.rpm 3fb4306a929cf40153a6cf74571514dff21e7e55c2fb48aa3f4e8bfd88ec065e mariadb-embedded-5.5.40-1.el7_0.x86_64.rpm 8819115f18538b91fd6f0d41ef4baa7bc558aff8ba021e2a47bde43020cdccc7 mariadb-embedded-devel-5.5.40-1.el7_0.i686.rpm c3108e4a04028d6ae79dc4e840ca8b0eb6c1de8d5c8d22cd45a84a6f37e57a99 mariadb-embedded-devel-5.5.40-1.el7_0.x86_64.rpm 8db3f1530f3575d4a415f864f7430ffdb72c202928a8cc984ac44a7abff9f3bb mariadb-libs-5.5.40-1.el7_0.i686.rpm 538ce3ebd6f38686eead55abebf235454b57530f6a631be8405b8de20456213f mariadb-libs-5.5.40-1.el7_0.x86_64.rpm 99391aab31f0070b22431530829ec0d977c1f5e71e250821816d364e632e7b8a mariadb-server-5.5.40-1.el7_0.x86_64.rpm ed6430b11eac9a8422b1da4344be37a7a0c8ee5f7c4b35396f6e6b1961d1df0a mariadb-test-5.5.40-1.el7_0.x86_64.rpm Source: e03871fbbc6a32e52689c00baad1798a518c732f98ec7c9ee4be31fa092cbe19 mariadb-5.5.40-1.el7_0.src.rpm
Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV
Original release date: November 17, 2014
Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands.
Updates available include:
- iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
- OS X Yosemite v10.10.1 for Macintosh
- Apple TV 7.0.2 for Apple TV 3rd generation and later
US-CERT encourages users and administrators to review Apple security updates HT6590, HT6572 and HT6592, and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Analytics Framework to Open Source
Cisco’s OpenSOC, a security analytics framework, has been released to open source.
Maarch LetterBox 2.8 Insecure Cookie Handling
Maarch LetterBox version 2.8 suffers from an authentication bypass vulnerability via SQL injection via a modified cookie.
IAB Urges Designers to Make Encryption the Default
The Internet Architecture Board, the body in charge of overseeing the structure of many of the Internet’s key standards, has recommended that encryption be the default traffic option for protocols. The recommendation comes after more than 18 months of revelations about the pervasive surveillance activities online by intelligence agencies. The IAB is part of the […]