Bypassing blacklists based on IPy
Category Archives: Security
Security
CESA-2014:1652 Important CentOS 7 opensslSecurity Update
CentOS Errata and Security Advisory 2014:1652 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1652.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 982ba4376041d2d99d4b84dc05fbeac6b925777aa34d631aceeedb598bb98413 openssl-1.0.1e-34.el7_0.6.x86_64.rpm 426ba8dc7ac74f8b71f7965ec2e6e6b398ab466dc892394e8d1d5bd80ca4a4e6 openssl-devel-1.0.1e-34.el7_0.6.i686.rpm 7fdf24148ed86f0abb2618d92741d5c8f0769de6136b4ed9df2a60b8c795abe3 openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm ebc0fc79108a67efd64da36669c90865b4a75a38b4c07a5316078edd98b65da9 openssl-libs-1.0.1e-34.el7_0.6.i686.rpm 5d0607c487922602ae315f62d9d3c0eb8ca76a65c288e6c8fc61f688dad59593 openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm 4b092081206a1140a5d2901c2f5513c8155ec2b57a05cafdd6c9011ccdde78f5 openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm d664f61543bb84773467300c726d870700584f5af616df7a9f29922822773dd8 openssl-static-1.0.1e-34.el7_0.6.i686.rpm c57075f8c198ec81db1936eb2dea8ff210de317f76047ffa601eefd8230d3bae openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm Source: 6638e94c18b6961748e7986823b7115d852b25883ccff03ec89a16234cbca517 openssl-1.0.1e-34.el7_0.6.src.rpm
CEEA-2014:1649 CentOS 7 kpatch Enhancement Update
CentOS Errata and Enhancement Advisory 2014:1649 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-1649.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 51d8cfeb1a49efd3d778fcbf00537076b2d68f6ebcd0098fa174cd885c29dc6a kpatch-0.1.10-3.el7_0.noarch.rpm Source: 4d7cb8146fc0433167cd8e18f439d3b3cf7748649ce21b509b501fd46cc45c58 kpatch-0.1.10-3.el7_0.src.rpm
OpenX 2.8.10 Open Redirect
OpenX version 2.8.10 suffers from multiple open redirection vulnerabilities.
CVE-2014-8311
SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener.
CVE-2014-7030
The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6989
The Germanwings (aka com.germanwings.android) application 2.1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-8302
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.
CVE-2014-7025
The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6999
The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.