nullcon HackIM Challenge 9-11 Jan 2015
CVE-2011-2727
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
DSA-3116 polarssl – security update
It was discovered that a memory leak in parsing X.509 certificates may
result in denial of service.
Vuln: NTP 'ntp-keygen.c' Predictable Random Number Generator Weakness
NTP ‘ntp-keygen.c’ Predictable Random Number Generator Weakness
Vuln: NTP 'ntp_config.c' Insufficient Entropy Security Weakness
NTP ‘ntp_config.c’ Insufficient Entropy Security Weakness
CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
Flaw In Vendor Database, Info On More Than 7,000 Veterans Possibly Exposed
Hacker Group Claims To Have Released 13,000 Passwords / Credit Cards
This Hobbit-inspired sword can help you find unsecured WiFi hotspots
A glow-in-the-dark sword promises to help you vanquish any unsecured WiFi access point.
The post This Hobbit-inspired sword can help you find unsecured WiFi hotspots appeared first on We Live Security.