Bugtraq: [ MDVSA-2014:231 ] icecast

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:231
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : icecast
Date : November 27, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated icecast package fixes security vulnerability:

Icecast did not properly handle the launching of scripts on connect
or disconnect of sources.… Read the rest


Bugtraq: [ MDVSA-2014:232 ] glibc

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:232
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : glibc
Date : November 27, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated glibc package fixes security vulnerability:

The function wordexp() fails to properly handle the WRDE_NOCMD
flag when processing arithmetic inputs in the form of $((… “))
where … can be anything valid.… Read the rest

Bugtraq: [ MDVSA-2014:230 ] kernel

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:230
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : November 27, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The WRMSR processing functionality in the KVM subsystem in the
Linux kernel through 3.17.2 does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).… Read the rest

Vuln: Icecast CVE-2014-9018 Information Disclosure Vulnerability

Icecast CVE-2014-9018 Information Disclosure Vulnerability
Bugtraq ID: 71205
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2014-9018
Remote: Yes
Local: No
Published: Nov 20 2014 12:00AM
Updated: Nov 27 2014 12:55PM
Credit: herzi
Vulnerable:
Not Vulnerable:

Read the article:

Vuln: Icecast CVE-2014-9018 Information Disclosure VulnerabilityRead the rest

Vuln: GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability

[unable to retrieve full-text content] GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability

Source: 

Vuln: GNU glibc CVE-2014-7817 Arbitrary Command Execution VulnerabilityRead the rest

Vuln: WordPress wpDataTables Plugin ‘wpdatatables.php’ SQL Injection Vulnerability

WordPress wpDataTables Plugin ‘wpdatatables.php’ SQL Injection Vulnerability
Bugtraq ID: 71271
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Nov 23 2014 12:00AM
Updated: Nov 23 2014 12:00AM
Credit: Claudio Viviani
Vulnerable:
Not Vulnerable:

More here – 

Vuln: WordPress wpDataTables Plugin ‘wpdatatables.php’ SQL Injection VulnerabilityRead the rest

Vuln: WordPress wpDataTables Plugin Multiple Arbitrary File Upload Vulnerabilities

WordPress wpDataTables Plugin Multiple Arbitrary File Upload Vulnerabilities
Bugtraq ID: 71272
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Nov 23 2014 12:00AM
Updated: Nov 23 2014 12:00AM
Credit: Claudio Viviani
Vulnerable:
Not Vulnerable:

See the original post – 

Vuln: WordPress wpDataTables Plugin Multiple Arbitrary File Upload VulnerabilitiesRead the rest

Vuln: Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability

Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
Bugtraq ID: 71230
Class: Input Validation Error
CVE: CVE-2014-8090
Remote: Yes
Local: No
Published: Nov 21 2014 12:00AM
Updated: Nov 27 2014 12:56AM
Credit: Tomas Hoger
Vulnerable: Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Not Vulnerable:

See the original article here: 

Vuln: Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service VulnerabilityRead the rest

Vuln: FortiManager and FortiAnalyzer CVE-2014-2334 Multiple Cross Site Scripting Vulnerabilities

FortiManager and FortiAnalyzer CVE-2014-2334 Multiple Cross Site Scripting Vulnerabilities
Bugtraq ID: 70887
Class: Input Validation Error
CVE: CVE-2014-2334
Remote: Yes
Local: No
Published: Oct 30 2014 12:00AM
Updated: Nov 27 2014 08:59AM
Credit: Oded Vanunu & Adi Volkovitz, Check Point Security Research Team.
Read the rest

Vuln: FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability

[unable to retrieve full-text content] FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability

Read the article:

Vuln: FreeBSD CVE-2014-8475 Remote Denial of Service VulnerabilityRead the rest