A new report finds that in the world of business, it is in fact IT workers who are the riskiest users of technology.
The post IT workers ‘the riskiest users of technology’ appeared first on We Live Security.
Monthly Archives: October 2015
Bugtraq: Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
Bugtraq: CVE-2015-6576: Bamboo – Deserialisation resulting in remote code execution
CVE-2015-6576: Bamboo – Deserialisation resulting in remote code execution
Bugtraq: [security bulletin] HPSBGN03428 rev.1 – HP Asset Manager, Local Disclosure of Sensitive Information
[security bulletin] HPSBGN03428 rev.1 – HP Asset Manager, Local Disclosure of Sensitive Information
Bugtraq: [security bulletin] HPSBGN03429 rev.1 – HP Arcsight Logger, Remote Disclosure of Information
[security bulletin] HPSBGN03429 rev.1 – HP Arcsight Logger, Remote Disclosure of Information
Joomla! Releases Security Update for CMS
Original release date: October 23, 2015 | Last revised: October 24, 2015
Joomla! has released version 3.4.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.
US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT’s Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Ubuntu Security Notice USN-2780-2
Ubuntu Security Notice 2780-2 – USN-2780-1 fixed a vulnerability in the MiniUPnP library in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 15.04. This update provides the corresponding update for Ubuntu 15.10. Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code with privileges of the user running an application that uses the MiniUPnP library. Various other issues were also addressed.
DSA-3377 mysql-5.5 – security update
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle’s
Critical Patch Update advisory for further details:
DSA-3378 gdk-pixbuf – security update
Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit
for image loading and pixel buffer manipulation. The Common
Vulnerabilities and Exposures project identifies the following problems:
Realtyna RPL 8.9.2 CSRF / Cross Site Scripting
The Realtyna RPL application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.