Linuxguru.se

ManageEngine ADManager Plus version 5.2 suffers from multiple cross site scripting vulnerabilities.

Batavi version 1.1.2 suffers from a remote SQL injection vulnerability.

Cyberoam Central Console version 2.00.2 suffers from a local file inclusion vulnerability.

Facebook Profile Sticker suffers from a remote SQL injection vulnerability.

HP Security Bulletin HPSBMU02736 SSRT100699 2 - Potential security vulnerabilities have been identified with HP Business Availability Center (BAC) and Business Service Management (BSM). The vulnerabilities could be remotely exploited to allow unauthorized access to sensitive information. Revision 2 of this advisory.

Dinama SMS Service suffers from a cross site scripting vulnerability.

eFronts Community++ version 3.6.10 suffers from a cross site scripting vulnerability.

VolksBank Online Banking suffers from cross site scripting, open redirection and input validation vulnerabilities.

SimpleGroupware version 0.742 suffers from a cross site scripting vulnerability.

Apache CXF versions 2.4.5 and 2.5.1 fail to validate a WS-Security UsernameToken received as part of the security header of a SOAP request against a WS-SP UsernameToken policy.

This is a compact fake pop3 daemon that logs password attacks.

This is an newsletter that discusses information related to Capture The Flag that will be held at DEF CON 20 this year.

Debian Linux Security Advisory 2403-2 - Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.

Ubuntu Security Notice 1356-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the linux kernels IPv4 IGMP query processing. A remote attacker could exploit this to cause a denial of service. Various other issues were also addressed.

afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.

The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.

Three proof of concept exploits that demonstrate denial of service vulnerabilities in Typsoft FTP server version 1.10.

Flyspray version 0.9.9.6 suffers from a cross site request forgery vulnerability.

PS Design Web Site suffers from a remote SQL injection vulnerability.

Axiatel.com suffers from a cross site scripting vulnerability.