Multiple SQL injection vulnerabilities have been discovered in the Mantis
bug tracking system.
DSA-3029 nginx – security update
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was
possible to reuse cached SSL sessions in unrelated contexts, allowing
virtual host confusion attacks in some configurations by an attacker in
a privileged network position.
GetSimpleCMS PHP File Upload
This Metasploit module exploits a file upload vulnerability in GetSimple CMS. By abusing the upload.php file, a malicious authenticated user can upload an arbitrary file, including PHP code, which results in arbitrary code execution.
Gentoo Linux Security Advisory 201409-07
Gentoo Linux Security Advisory 201409-7 – A vulnerability in c-icap could result in Denial of Service. Versions less than 0.2.6 are affected.
Gentoo Linux Security Advisory 201409-08
Gentoo Linux Security Advisory 201409-8 – A vulnerability in libxml2 allows a remote attacker to cause Denial of Service. Versions less than 2.9.1-r4 are affected.
There's A New Social Network For Leakers And Whistleblowers
Gentoo Linux Security Advisory 201409-05
Gentoo Linux Security Advisory 201409-5 – Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.406 are affected.
Gentoo Linux Security Advisory 201409-06
Gentoo Linux Security Advisory 201409-6 – Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service. Versions less than 37.0.2062.120 are affected.
How to protect yourself after the Home Depot breach
Home Depot has issued a statement today that provides more details about their recent breach, as well as indicating that the malware used by the attackers has now been removed from their systems. This breach appears to be even larger than Target’s, as it exposed payment information for 56 million customers in their US and Canada locations.
The post How to protect yourself after the Home Depot breach appeared first on We Live Security.
New Research Refines Security Vulnerability Metrics
Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.