Monthly Archives: May 2015

Full Disclosure

HUAWEI MobiConnect 23.9.17.216 – Privilege Escalation Vulnerability

Posted by Vulnerability Lab on May 04

Document Title:
===============
HUAWEI MobiConnect 23.9.17.216 – Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1389

Release Date:
=============
2015-05-04

Vulnerability Laboratory ID (VL-ID):
====================================
1389

Common Vulnerability Scoring System:
====================================
6.7

Product & Service Introduction:…

Panda Security

10 commandments for remote desktop managers – Infographic

 

10-commandments-desktop-managers1

Try Systems Management, the new way to manage, monitor and support IT systems!

If you want to share this infographic, here you have the code:

The post 10 commandments for remote desktop managers – Infographic appeared first on MediaCenter Panda Security.

Mandriva

[ MDVSA-2015:220 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:220
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When doing HTTP requests using the Negotiate authentication
 method along with NTLM, the connection used would not be marked
 as authenticated, making it possible to reuse it and send requests
 for one user over the connection authenticated as a different user
 (CVE-2015-3148)
Mandriva

[ MDVSA-2015:219 ] curl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:219
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When parsing HTTP cookies, if the parsed cookie's path element consists
 of a single double-quote, libcurl would try to write to an invalid
 heap memory address. This could allow remote attackers to cause a
 denial of service (crash) (CVE-2015-3145).
 
 When doing HTTP re
Debian

DSA-3250 wordpress – security update

Multiple security issues have been discovered in WordPress, a weblog
manager, that could allow remote attackers to upload files with invalid
or unsafe names, mount social engineering attacks or compromise a site
via cross-site scripting, and inject SQL commands.

NVD

CVE-2015-0714

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

Fedora

Fedora 21 Security Update: kernel-3.19.6-200.fc21

Resolved Bugs
1208999 – iscsi issues on 3.19 kernel
1204390 – [abrt] WARNING: CPU: 6 PID: 790 at drivers/media/v4l2-core/v4l2-ioctl.c:1025 v4l_querycap+0x41/0x70 [videodev]() [videodev]
1206036 – Impossible to reduce the display brightness under the new kernel – Toshiba Z30 laptop
1215989 – Backlight is non-responsive on Toshiba Satellite
1205083 – [abrt] WARNING: CPU: 3 PID: 644 at drivers/net/wireless/iwlwifi/mvm/tx.c:952 iwl_mvm_rx_ba_notif+0x525/0x5c0 [iwlmvm]() [iwlmvm]
1214030 – CVE-2015-3339 kernel: race condition between chown() and execve()<br
The 3.19.6 stable update contains an number of fixes across the kernel tree