Monthly Archives: March 2015
Microsoft Scrambles To Kill Live.fi Man-In-The-Middle
Fedora EPEL 7 Security Update: varnish-4.0.3-3.el7
Resolved Bugs
1200034 – varnish: heap-based buffer overflow in backend server HTTP response parsing
1200036 – varnish: heap-based buffer overflow in backend server HTTP response parsing [epel-all]<br
This update fixes a bug trigged by a bogus content-length header. Under special circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project’s announcement at https://www.varnish-cache.org/content/varnish-cache-403
Advantage Dental hacked – over 150,000 personal records breached
Advantage Dental has sent out notices to 151,626 customers after a hacking which may have led to the leaking of valuable patient data, according to the Portland Tribune.
The post Advantage Dental hacked – over 150,000 personal records breached appeared first on We Live Security.
Wonder CMS 0.6 Cross Site Scripting
Wonder CMS version 0.6 suffers from a cross site scripting vulnerability.
Stealthy, Persistent DLL Hijacking Works Against OS X
Researcher Patrick Wardle of Synack is expected this week at CanSecWest to unveil malicious dylib attacks against Apple’s Mac OS X.
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
724CMS 5.01 / 4.59 / 4.01 / 3.01 Cross Site Scripting
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a cross site scripting vulnerability.
724CMS 5.01 / 4.59 / 4.01 / 3.01 SQL Injection
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a remote SQL injection vulnerability.
Intel Network Adapter Diagnostic Driver IOCTL DoS
A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.