-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:191 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : perl-XML-DT Date : September 29, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated perl-XML-DT package fixes security vulnerability: The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file (CVE-2014-5260). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5260 http://advisories.mageia.org/MGASA-2014-0390.html _______________________________________________________________________ Updated P
Category Archives: Security
Security
AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling
AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
CloudFlare Rolls Out Free SSL
In a move that will essentially double the number of SSL-protected sites on the Web in the space of 24 hours, CloudFlare on Monday said that it was enabling SSL for all of its more than two million customers for free. The new service is called Universal SSL, and the company is making it available […]
The Internet Is Broken, And Shellshock Is Just The Start Of Our Woes
Tim Berners-Lee Wants An Internet Bill Of Rights
Ruskies Use Commercial Crimeware To Mask 'Patriotic' Ukraine Attacks
Dark Web Black Market Turning Mobsters Into Cyber Crooks
FBI to Open Up Malware Investigator Portal to External Researchers
SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. […]
WordPress Users Ultra 1.3.37 SQL Injection
WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.