Red Hat Security Advisory 2015-0718-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
Monthly Archives: March 2015
Ubuntu Security Notice USN-2547-1
Ubuntu Security Notice 2547-1 – It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. Various other issues were also addressed.
HP Security Bulletin HPSBGN03299 1
HP Security Bulletin HPSBGN03299 1 – Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including: The SSL vulnerability known as “FREAK”, which could be exploited remotely to allow disclosure of information. Other vulnerabilities which could be exploited remotely resulting in unauthorized access. Revision 1 of this advisory.
HP Security Bulletin HPSBHF03279 2
HP Security Bulletin HPSBHF03279 2 – Potential security vulnerabilities have been identified with certain HP Point of Sale PCs Running Windows with OLE Point of Sale (OPOS) Drivers. These vulnerabilities could be remotely exploited resulting in execution of code. Revision 2 of this advisory.
Microsoft Windows Local WebDAV NTLM Reflection Privilege Escalation
A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system. It can also be used to escape application sandboxes if TCP socket access is not blocked. Microsoft will not fix this issue.
Anchor CMS 0.9.2 Cross Site Scripting
Anchor CMS version 0.9.2 suffers from a cross site scripting vulnerability.
Mobile security: IBM/Ponemon study finds enterprise app security weaknesses
Nearly 40 percent of large companies – including a significant number in the Fortune 500 – are not taking necessary precautions to secure the apps that they’re providing their customers.
The post Mobile security: IBM/Ponemon study finds enterprise app security weaknesses appeared first on We Live Security.
Joomla Random Article SQL Injection
Joomla Random Article component suffers from a remote SQL injection vulnerability.
Unasjee CMS Cross Site Request Forgery
Unasjee CMS suffers from multiple cross site request forgery vulnerabilities.
RHSA-2015:0716-1: Moderate: openssl security and bug fix update
Red Hat Enterprise Linux: Updated openssl packages that fix several security issues and one bug are now
available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293