Realtyna RPL suffers from multiple SQL Injection vulnerabilities. Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Monthly Archives: October 2015
Release for Software Collections SIG content
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Software Collections SIG group is pleased to announce a way of Software Collections packages availability for CentOS Linux users. The Software Collections packages have been build in CentOS Build System [1] and will be available soon on CentOS mirrors. Collections will be released in stacks, as we test and validate them. With Software Collections provided by SCLo SIG, users of CentOS Linux as well as other SIG groups in the CentOS ecosystem will be able to use the latest versions of popular application stacks, databases or other content mainly focused on developers. And they are able to do this without any impact to the system versions already installed on their machine. The SCLo SIG is not only meant to include packages rebuilt from Software Collections that have been made available in Red Hat Software Collections (RHSCL), but it is also meant to include updated content or collections that are not part of the RHSCL portfolio at all. So far, the collections rebuilt by SCLo SIG from RHSCL are devassist09, devtoolset-3, git19, httpd24, mariadb55, maven30, mongodb24, mysql55, nginx14, nginx16, nodejs010, perl516, php54, php55, postgresql92, python27, python33, rh-java-common, rh-mariadb100, rh-mongodb26, rh-mysql56, rh-passenger40, rh-perl520, rh-php56, rh-postgresql94, rh-python34, rh-ror41, rh-ruby22, ror40, ruby193, ruby200, thermostat1 and v8314. With Software Collections that are not part of RHSCL (so far sclo-vagrant1 collection), both CentOS Linux and RHEL users will be provided by content that is not available on those platforms otherwise. Getting started with Software collections: On an updated CentOS Linux 7/x86_64 machine run: yum install centos-release-scl This will enable the right repositories, and bring any metadata needed to validate the content. Learn more about Software Collections concepts at: http://softwarecollections.org/ You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo this includes howto get involved and help with the effort. [1]: http://cbs.centos.org - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJWKllPAAoJEI3Oi2Mx7xbtRL8H/2Xt2FVKc+z+GIv8FOZmujRv ou9OqR6UxusgWBPVBaIZ3HTTaVYRkbzt7VpbGcsbxeA6q98LyAonCOn1hoZv+d1x SaItfkDIbz7e4lln7YUvrgfuKlNAZ7kzTXGY301VndZQRV/jU3sf4JuUR9upO9qx J8jkKS+/1g0QP0LRATCafHlDd9PbIirASOmHcc47GyPQRD+683ulwiE7ADFw1gbP CTVlGnXzxnFoJGGO9ZKhV9L374nWMVBqOqIF7oGddrrQ2rmSzI8P7InVjv8cMXVa 78f54x/E7/0jBJe4S0T4Wgy6uHo7y2Al8hto3DOktXnUofaOxZ6v9kGA32Svlpc= =ace6 -----END PGP SIGNATURE-----
Lime Survey 2.06+ Build 151014 File Download / Code Execution
Lime Survey versions 2.05 through 2.06+ Build 151014 suffer from arbitrary file download, database access, and php code execution vulnerabilities.
Release for qemu-kvm-ev from Virtualization SIG
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I am pleased to announce the immediate availability of qemu-kvm-ev stack for CentOS Linux 7/x86_64. This release is delivered by the work done in the CentOS Virtualization Special Interest Group. In order to use this qemu-kvm version, on an updated CentOS Linux 7/x86_64 machine, you should run: yum install centos-release-qemu-ev yum install qemu-kvm-ev This will bring in all the dependencies needed, including the updated qemu-img tools. This stack is curated as a part of the CentOS Virtualization SIG. You can find more details about this group, including the technologies they are bring to CentOS at their page https://wiki.centos.org/SpecialInterestGroup/Virtualization . This group meetings every alternate Tuesday in #centos-devel on irc.freenode.net, details for the meetings can be found on their SIG pag e. We welcome participation in this group from anyone interested in virtualization and technologies associated with it. Feel free to drop into our list at https://lists.centos.org/mailman/listinfo/centos-virt and say hi. Thanks to Sandro Bonazzola from the oVirt team for building and maintaining this qemu-kvm-ev stack. - -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJWKldBAAoJEI3Oi2Mx7xbtb3gIAIIF7If9daApI0cZtRPCLNC+ fz6FPpWd/OyBOkyXHFtREp32voR16eq0EMowW8P+mLAB5YJ6iauMfv7vDTHJWAnw n3/x2MSHMsSiRCUUDnLAJHBqqJ4X1YUsNkbHE/f+Vb7AF9w2fuQE7BBUJsjGY5tQ 9V1SIkVSdzaYy2tps7Y6b9iHBk5zpMiWnFdMKfW/QTSoLp9wpi+0jlwx7aebHRAK y1tEIljDEgwSF85IkGkNtah1LGjhiB1J4aseewjKw2azsQ1z41fh4MFnujvPXSbj 40aJoRDcLvtXtaHB5dMMXOeMFkaki4iJxH5GV3H32sGfrLm+7ZuH3n397rfuAvk= =aU1U -----END PGP SIGNATURE-----
Threatpost News Wrap, October 23, 2015
Mike Mimoso and Chris Brook discuss the news of the week: How Facebook will begin warning users of nation-state attacks, all the Apple and Oracle patches, and the latest attacks against the Network Time Protocol (NTP).
NSA Sparks Concern About A Crypto Apocalypse
EU Net Neutrality Up For A Vote Next Week
Why Do Companies Keep Getting Hacked?
Fitbit Hacked From 10 Feet Away, Security Firm Says
Police force blames hacker after #CyberAware tweet sent out containing bogus security advice
Organisations of all sizes need to do more to protect their social media accounts from being hijacked.
The post Police force blames hacker after #CyberAware tweet sent out containing bogus security advice appeared first on We Live Security.
