Security
Posted by Peter Thoeny on Oct 09
This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code
execution.
TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people.
* Vulnerable Software Version
* Attack Vectors
* Impact
* Severity Level
* MITRE Name for this Vulnerability
* Details
* Countermeasures
* Hotfix for TWiki Production Release 6.0.0…
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have to do some hardware/software maintenance on the machine actually hosting the Wiki service (http://wiki.centos.org). Instead of just taking the wiki instance down during that maintenance, we've decided to relocate it to a temporary host, proceed to maintenance, and then migrate it back to the previous node. Migration is scheduled for Friday October 10th, 11:00 am UTC time. You can convert to local time with $(date -d '2014-10-10 11:00 UTC') Migration will happen in several steps: 1 - we "freeze" the wiki on the actual node, transfer data, update the A record, restore the service on the temporary node (disruption ~ 30min) 2 - we proceed to the needed maintenance on first node (no disruption in service, but no estimated time) 3 - depending on time needed for step [2], and assuming we have no hardware issue, we proceed like step [1], but in reverse (so disruption ~30 minutes again) Thanks for your comprehending and patience. on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: < at >arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQ2g0kACgkQnVkHo1a+xU4flACfc1IjPeHelBntwt4eNTd6SBvM wXAAnAqtOg4Ko4nqd0QVUfX7ZcQevD5K =v15z -----END PGP SIGNATURE-----
Researchers at Malware Must Die published a report that hackers are spreading Mayhem botnet malware in exploits targeting the Shellshock vulnerability in Bash.
Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to header background setting.
Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to custom copyright information.
Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to font family CSS property.
The pervasive dragnet surveillance of Americans revealed by the Edward Snowden documents has caused serious damage to the trust that enterprises and citizens had in the United States government and unless that trust is repaired, it could have serious effects on the Internet economy, a panel of prominent technology executives said. In a town hall meeting […]
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those patches–113 of them–fix minor vulnerabilities in the […]