Lithium Forum suffers from a persistent cross site scripting vulnerability.
Monthly Archives: December 2015
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
Posted by Stefan Kanthak on Dec 22
Hi @ll,
the executable installer [°][‘] (rather: the 7-Zip based executable
self-extractor [²]) of Rapid7’s (better known for their flagship
Metasploit) ScanNowUPnP.exe loads and executes several rogue/bogus
DLLs eventually found in the directory it is started from (the
“application directory”), commonly known as “DLL hijacking”.
For software downloaded with a web browser the application directory
is typically…
Oracle Settles with FTC Over ‘Deceptive’ Java Security Updates
Oracle will be required to provide users with a mechanism to uninstall older and vulnerable versions of Java, following a settlement with the Federal Trade Commission.
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality
Posted by RedTeam Pentesting GmbH on Dec 22
Advisory: Symfony PHP Framework: Session Fixation In “Remember Me” Login
Functionality
A session fixation vulnerability within the Symfony web application
framework’s “Remember Me” login functionality allows an attacker to
impersonate the victim towards the web application if the session ID
value was previously known to the attacker.
Details
=======
Product: Symfony
Affected Versions: 2.3.0 to 2.3.34, 2.6.0 -…
How to Crash Your Friends' WhatsApp Just By Sending Crazy Smileys
What would require crashing the wildly popular WhatsApp messaging application?
Nearly 4000 Smileys.
Yes, you can crash your friends’ WhatsApp, both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys.
Indrajeet Bhuyan, an independent researcher, has reported The Hacker News a new bug in WhatsApp that could allow anyone to remotely
Announcing release for PHP 5.4, 5.5 and 5.6 on CentOS Linux 7 x86_64 SCL
I am pleased to announce the immediate availability of versions 5.4, 5.5 and 5.6 of the PHP on CentOS Linux 7 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps (example of PHP 5.6): $ sudo yum install centos-release-scl $ sudo yum install rh-php56 $ scl enable rh-php56 bash At this point you should be able to use php just as a normal application. Examples of commands run might be: $ php my-app.php $ sudo yum install rh-php56-php-devel yum install libxml2-devel $ sudo pear install Cache_Lite $ sudo pecl install xmldiff In order to view the individual components included in this collection, including additional PHP modules, you can run: $ sudo yum list rh-php56* About Software Collections -------------------------- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collections php54, php55 and rh-php56 deliver versions 5.4, 5.5 and 5.6 of the PHP interpreter, pecl and perl installers and some other modules that are also included in the collections as RPMs. For more on the PHP, see http://www.php.net. The SCLo SIG in CentOS ---------------------- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the PHP collections being released here, we also build and deliver databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member
Announcing release for Perl 5.16 and 5.20 on CentOS Linux 7 x86_64 SCL
I am pleased to announce the immediate availability of versions 5.16 and 5.20 of the Perl language stack on CentOS Linux 7 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps (example of Perl 5.20): $ sudo yum install centos-release-scl $ sudo yum install rh-perl520 $ scl enable rh-perl520 bash At this point you should be able to use perl just as a normal application. Examples of commands run might be: $ perl my-app.pl $ sudo yum install rh-perl520-perl-CPAN make $ sudo cpan App::cpanminus $ sudo cpanm -n Furl In order to view the individual components included in this collection, including additional Perl modules, you can run: $ sudo yum list rh-perl520* About Software Collections -------------------------- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collections perl516 and rh-perl520 deliver versions 5.16 and 5.20 of the Perl language stack, cpan installer and some other modules that are also included in the collections as RPMs. For more on the Perl, see https://www.perl.org. The SCLo SIG in CentOS ---------------------- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the Perl collections being released here, we also build and deliver databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python, PHP and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member
Announcing release for Perl 5.16 and 5.20 on CentOS Linux 6 x86_64 SCL
I am pleased to announce the immediate availability of versions 5.16 and 5.20 of the Perl language stack on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps (example of Perl 5.20): $ sudo yum install centos-release-scl $ sudo yum install rh-perl520 $ scl enable rh-perl520 bash At this point you should be able to use perl just as a normal application. Examples of commands run might be: $ perl my-app.pl $ sudo yum install rh-perl520-perl-CPAN make $ sudo cpan App::cpanminus $ sudo cpanm -n Furl In order to view the individual components included in this collection, including additional Perl modules, you can run: $ sudo yum list rh-perl520* About Software Collections -------------------------- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collections perl516 and rh-perl520 deliver versions 5.16 and 5.20 of the Perl language stack, cpan installer and some other modules that are also included in the collections as RPMs. For more on the Perl, see https://www.perl.org. The SCLo SIG in CentOS ---------------------- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the Perl collections being released here, we also build and deliver databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python, PHP and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member
Announcing release for PHP 5.4, 5.5 and 5.6 on CentOS Linux 6 x86_64 SCL
I am pleased to announce the immediate availability of versions 5.4, 5.5 and 5.6 of the PHP on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps (example of PHP 5.6): $ sudo yum install centos-release-scl $ sudo yum install rh-php56 $ scl enable rh-php56 bash At this point you should be able to use php just as a normal application. Examples of commands run might be: $ php my-app.php $ sudo yum install rh-php56-php-devel yum install libxml2-devel $ sudo pear install Cache_Lite $ sudo pecl install xmldiff In order to view the individual components included in this collection, including additional PHP modules, you can run: $ sudo yum list rh-php56* About Software Collections -------------------------- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collections php54, php55 and rh-php56 deliver versions 5.4, 5.5 and 5.6 of the PHP interpreter, pecl and perl installers and some other modules that are also included in the collections as RPMs. For more on the PHP, see http://www.php.net. The SCLo SIG in CentOS ---------------------- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the PHP collections being released here, we also build and deliver databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member
Announcing release for nginx 1.6 and 1.8 onCentOS Linux 6 x86_64 SCL
I am pleased to announce the immediate availability of versions 1.6 and 1.8 of the nginx HTTP and reverse proxy server on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps: $ sudo yum install centos-release-scl $ sudo yum install rh-nginx18 $ scl enable rh-nginx18 bash At this point you should be able to use nginx just as a normal application. An example of commands run might be: $ nginx -v $ service rh-nginx18-nginx start In order to view the individual components included in this collection, including additional subpackages, you can run: $ sudo yum list rh-nginx18* About Software Collections -------------------------- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collection nginx16 and rh-nginx18 deliver versions 1.6 and 1.8 of the nginx, an HTTP and reverse proxy server with a focus on high concurrency, performance and low memory usage. The collection nginx16 delivers a daemon called nginx16-nginx and the collection rh-nginx18 delivers a daemon called rh-nginx18-nginx. For more on the nginx, see http://nginx.org. The SCLo SIG in CentOS ---------------------- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the nginx collections being released here, we also build and deliver other databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member