In-Portal CMS versions 5.2.0 and below suffer from cross site scripting and brute forcing vulnerabilities.
Category Archives: Security
Security
The Bureau Of Investigative Journalism Wants Answers About GCHQ Surveillance
DSA-3025 apt – security update
It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data
(CVE-2014-0488), performs
incorrect verification of 304 replies
(CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command
(CVE-2014-0490).
DSA-3026 dbus – security update
Alban Crequy and Simon McVittie discovered several vulnerabilities in
the D-Bus message daemon.
ALCASAR 2.8.1 Remote Root Code Execution
ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.
SNMP-Based DDoS Attack Spoofs Google Public DNS Server
SNMP-based DDoS attacks spoofing Google’s public recursive DNS server have been spotted by the SANS Internet Storm Center.
Open-Xchange 7.6.0 XSS / SSRF / Traversal
Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.
Briefcase 4.0 Code Execution / Local File Inclusion
Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.
PASSWORDS'14 Norway Call For Papers
The PASSWORDS’14 Norway Call For Papers has been announced. It will take place December 8th through the 10th, 2014 in Trondheim, Norway.
Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management
Aztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.