Mike Mimoso and Dennis Fisher look back on the crazy year that was in security, including the big Internet-wide bugs such as Heartbleed and Shellshock, the Home Depot and Sony breaches and what lessons we learned in 2014.
Monthly Archives: December 2014
Nuit Du Hack 2015 Call For Papers
The Nuit Du Hack Call For Papers for 2015 has been announced. It will be held June 20th, 2015 at the Circus Academy Fratellini.
NotePad++ 6.6.9 Buffer Overflow
NotePad++ version 6.6.9 suffers from a buffer overflow vulnerability.
AMSI 3.20.47 Build 37 File Disclosure
AMSI version 3.20.47 build 37 suffers from a remote file disclosure vulnerability.
2014: A Specious Odyssey
The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by.
Christmas contest! – Help us to get a safe Christmas!
As you have no doubt seen, these days we have been posting a series of articles to help ensure everyone enjoys a safe and happy Christmas! We want to help you to be able to shop online without any unpleasant surprises, and avoid falling for any of the typical Christmas scams that are doing the rounds at this time of year.
That’s why we have organized this competition, in order to reward you for helping our content to reach across the globe.
What can you win? Well, we’ve spoken to Santa and he’s going to leave various presents under the Panda Christmas tree. On December 23 and 29 and on January 2, we will reveal the prizes on offer each week to those who share our content.
How can you take part? It’s easy! Share on Facebook or RT on Twitter all the content we post with hashtag #xmaspanda. Prizes will be drawn among those who do this on the days included in the competition.
We will announce the winners on January 12 in this blog. So keep your eyes open!
Remember, Share or RT the posts with #xmaspanda and you could win great prizes.
The post Christmas contest! – Help us to get a safe Christmas! appeared first on MediaCenter Panda Security.
CVE-2014-5214 (access_manager)
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-5215 (access_manager)
NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp.
CVE-2014-5216 (access_manager)
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
CVE-2014-5217 (access_manager)
Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.1 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via an fw.SetPassword action.