Security
Posted by Vulnerability Lab on Oct 14
Document Title:
===============
PayPal Inc BB #98 MOS – Persistent Settings Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=983
Release Date:
=============
2014-10-13
Vulnerability Laboratory ID (VL-ID):
====================================
983
Common Vulnerability Scoring System:
====================================
4.1
Product & Service Introduction:…
Original release date: October 14, 2014
Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23Â and APSB 14-22 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: October 14, 2014
Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products.
US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Posted by Security Explorations on Oct 14
Hello All,
Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.
We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for gaining DBA role in an environment of
Oracle Database software.
All relevant materials accompanied with Proof of Concept codes can
be found at our…
Posted by Michal Zalewski on Oct 14
First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused
Firefox prior to version 33 (released today) to leak bits of
uninitialized memory when rendering certain types of truncated images
onto <canvas>.
Mozilla’s advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733
PoC is here:
http://lcamtuf.coredump.cx/ffgif2/
Secondly, MSRC case…
Microsoft posted eight bulletins for Patch Tuesday, three of which are considered critical including a cumulative Internet Explorer update, while Adobe has fixes for Flash Player and ColdFusion.
Red Hat Enterprise Linux: Updated 389-ds-base packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Red Hat Enterprise Linux: Updated ipmitool packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Red Hat Enterprise Linux: Updated policycoreutils packages that fix one bug are now available for Red Hat
Enterprise Linux 6.