Posted by Peter Thoeny on Oct 09
This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code
execution.
TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people.
* Vulnerable Software Version
* Attack Vectors
* Impact
* Severity Level
* MITRE Name for this Vulnerability
* Details
* Countermeasures
* Hotfix for TWiki Production Release 6.0.0…
Posted by Peter Thoeny on Oct 09
This is an advisory for TWiki administrators: Attaching a specially named file allows remote upload of an Apache
configuration file. This applies to native TWiki installations on Windows, the TWiki-VM (virtual machine) running in a
Windows server environment is not affected.
TWiki ( http://twiki.org ) is an Open Source Enterprise Wiki and Web Application Platform used by millions of people.
* Vulnerable Software Version
* Attack Vectors…
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have to do some hardware/software maintenance on the machine actually hosting the Wiki service (http://wiki.centos.org). Instead of just taking the wiki instance down during that maintenance, we've decided to relocate it to a temporary host, proceed to maintenance, and then migrate it back to the previous node. Migration is scheduled for Friday October 10th, 11:00 am UTC time. You can convert to local time with $(date -d '2014-10-10 11:00 UTC') Migration will happen in several steps: 1 - we "freeze" the wiki on the actual node, transfer data, update the A record, restore the service on the temporary node (disruption ~ 30min) 2 - we proceed to the needed maintenance on first node (no disruption in service, but no estimated time) 3 - depending on time needed for step [2], and assuming we have no hardware issue, we proceed like step [1], but in reverse (so disruption ~30 minutes again) Thanks for your comprehending and patience. on behalf of the Infra team, - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: < at >arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQ2g0kACgkQnVkHo1a+xU4flACfc1IjPeHelBntwt4eNTd6SBvM wXAAnAqtOg4Ko4nqd0QVUfX7ZcQevD5K =v15z -----END PGP SIGNATURE-----
Researchers at Malware Must Die published a report that hackers are spreading Mayhem botnet malware in exploits targeting the Shellshock vulnerability in Bash.
Malware may begin to offer genuinely helpful functionality in the future, in order to “fly under the radar” and fake legitimacy before striking, according to Professor Giovanni Vigna from the University of California.
The post Future malware might offer real functions to avoid detection appeared first on We Live Security.
At least 50 cash machines in Eastern Europe have been targeted by malware that allows the hacker to withdraw up to 40 notes at once without a credit or debit card to hand, Computer Weekly reports.
The post European ATMs under malware attack appeared first on We Live Security.
Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to custom copyright information.
Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the “administer themes” permission to inject arbitrary web script or HTML via vectors related to header background setting.
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.
Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x and 7.x-3.x for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.