Debian Linux Security Advisory 3104-1 – It was discovered that bsd-mailx, an implementation of the “mail” command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.
Monthly Archives: December 2014
Debian Security Advisory 3105-1
Debian Linux Security Advisory 3105-1 – Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the “mail” command.
Fedora 19 Security Update: denyhosts-2.6-28.fc19.1
Fedora 20 Security Update: denyhosts-2.6-29.fc20.1
Fedora 21 Security Update: openvas-cli-1.3.1-1.fc21,openvas-manager-5.0.7-1.fc21,openvas-scanner-4.0.5-1.fc21
Resolved Bugs
1169169 – CVE-2014-9220 openvas-manager: SQL injection related to the timezone parameter<br
Bugfix release of Openvas-7
Fedora 19 Security Update: openjpeg-1.5.1-13.fc19
Resolved Bugs
1038409 – CVE-2013-6887 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 openjpeg: various flaws [fedora-all]<br
Better fix for CVE-2013-6045, that doesn’t cause regressions. Backporting from f20/f21.
Fedora 21 Security Update: dcmtk-3.6.1-1.fc21
Resolved Bugs
1104041 – CVE-2013-6825 dcmtk: possible privilege escalation if setuid() fails [fedora-all]<br
Upgraded to new upstream version.
Fuzzylime 3.03b Cross Site Scripting
Fuzzylime CMS version 3.03b suffers from a client-side cross site scripting vulnerability.
BOF(s) +SSRF in Honewell EPKS
Posted by SCADA StrangeLove on Dec 16
Vendor advisory/fix
Details
http://scadastrangelove.blogspot.com/2014/12/well-honeywell.html
Regards,
SCADA StrangeLove
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
Posted by Mazin Ahmed on Dec 16
####
# Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
# Author: Mazin Ahmed
##
# Date of Discovering: October 6th, 2014
# Date of Reporting to the Vendor: October 7th, 2014
# Date of Releasing a Patch: December 9th, 2014
##
# Vulnerability Type: Cross-Site Request Forgery (CSRF) – CWE-352
##
# Vendor Homepage: https://www.w3-edge.com/
##
# Affected Version: 0.9.4, previous versions might be vulnerable as…