Feed aggregator

CVE-2014-4965

News.Debuntu.Org - Tue, 07/15/2014 - 14:55

Multiple cross-site scripting (XSS) vulnerabilities in Shopize 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.

Bookmark/Search this post with:
Categories: Network

CVE-2014-4964

News.Debuntu.Org - Tue, 07/15/2014 - 14:55

Multiple cross-site request forgery (CSRF) vulnerabilities in Shopize 1.1.5 and earlier allow remote attackers to hijack the authentication of users for requests that (1) modify customer settings or hijack the authentication of administrators for requests that change (2) customer passwords, (3) shop configuration, or (4) product details, as demonstrated by (5) modify a product's price via a crafted request to central/catalog/saveproduct.action or (6) creating a product review via a crafted request to shop/product/createReview.action.

Bookmark/Search this post with:
Categories: Network

CVE-2014-4963

News.Debuntu.Org - Tue, 07/15/2014 - 14:55

Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action.

Bookmark/Search this post with:
Categories: Network

CVE-2014-4962

News.Debuntu.Org - Tue, 07/15/2014 - 14:55

Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost.

Bookmark/Search this post with:
Categories: Network

CVE-2014-4663 (timthumb, wordthumb)

News.Debuntu.Org - Tue, 07/15/2014 - 14:55

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.

Bookmark/Search this post with:
Categories: Network

Next-Gen OpenGL To Be Announced Next Month

News.Debuntu.Org - Tue, 07/15/2014 - 14:47

The Khronos Group has shared details about their BoF sessions to be hosted next month during SIGGRAPH and it includes detailing the next-generation OpenGL / OpenGL ES specifications...

The Khronos Group has shared details about their BoF sessions to be hosted next month during SIGGRAPH and it includes detailing the next-generation OpenGL / OpenGL ES specifications...
Read more at Phoronix

Bookmark/Search this post with:
Categories: Network

When "Free" Can Suck

News.Debuntu.Org - Tue, 07/15/2014 - 14:00

 blog of helios: Google's act of stripping Java support from Chrome severely cripples that browser.

Bookmark/Search this post with:
Categories: Network

Google's "Project Zero"

News.Debuntu.Org - Tue, 07/15/2014 - 13:29

Google's newly announced
Project Zero is focused on making the net as a whole safer from attackers.
"We're not placing any particular bounds on this project and will
work to improve the security of any software depended upon by large numbers
of people, paying careful attention to the techniques, targets and
motivations of attackers. We'll use standard approaches such as locating
and reporting large numbers of vulnerabilities.

Bookmark/Search this post with:

read more

Categories: Network

GNOME's Tracker 1.1.1 Released with a Brand New Extractor

News.Debuntu.Org - Tue, 07/15/2014 - 13:00

 softpedia: The Tracker 1.1.1 release brings a brand new extractor, improves the extraction of content from ODT files

Bookmark/Search this post with:
Categories: Network

CentOS 7 Comes on the Heels of Red Hat Enterprise Linux 7

News.Debuntu.Org - Tue, 07/15/2014 - 12:00

eWEEK: CentOS inherits the same XFS file system used in RHEL 7, which provides a file system that can scale up to 500 terabytes.

Bookmark/Search this post with:
Categories: Network

Distribution Release: Zorin OS 9

News.Debuntu.Org - Tue, 07/15/2014 - 11:56

Artyom Zorin has announced the release of Zorin OS 9, a new version of the Ubuntu-based user-friendly distribution designed for newcomers to Linux.

Artyom Zorin has announced the release of Zorin OS 9, a new version of the Ubuntu-based user-friendly distribution designed for newcomers to Linux: "We are excited to announce the release of Zorin OS 9 Core and Ultimate. The main focus for Zorin OS 9 has been on stability...
Read more at DistroWatch

Bookmark/Search this post with:
Categories: Network

Raspberry Pi 2 expected in 2017, Foundation focussed on software for now

News.Debuntu.Org - Tue, 07/15/2014 - 11:00

 RaspberryPi Today: Raspberry Pi Foundation founder Eben Upton revealed that they plan to release a higher performance Raspberry Pi in 2017.

Bookmark/Search this post with:
Categories: Network

Wine 1.7.22 (Development Version) Released – Install in RedHat and Debian Based Systems

News.Debuntu.Org - Tue, 07/15/2014 - 06:41

Wine, a most popular and powerful open source application for Linux, that used to run Windows based applications and games on Linux Platform without any trouble.

Wine, a most popular and powerful open source application for Linux, that used to run Windows based applications and games on Linux Platform without any trouble. WineHQ team, recently announced a new development version of Wine 1.7.22. This new development build arrives with a number of new...
Read more at TecMint

Bookmark/Search this post with:
Categories: Network

Linux Top 3: Raspberry Pi B+, CentOS 7 and RHEL 5.11

News.Debuntu.Org - Tue, 07/15/2014 - 06:00

LinuxPlanet: While the Linux piece of the Raspberry Pi is about software, hardware does matter and the hardware is now getting an update.

Bookmark/Search this post with:
Categories: Network

OpenStack Swift Storage Project Gets New Policies

News.Debuntu.Org - Tue, 07/15/2014 - 02:00

eWEEK: Open-source cloud storage is set for a policy-based future. These policies enable cloud administrators to be more flexible with their storage back end.

Bookmark/Search this post with:
Categories: Network

[$] Filesystem notification, part 2: A deeper investigation of inotify

News.Debuntu.Org - Mon, 07/14/2014 - 23:20

In the first article in this series, we briefly looked at the original Linux filesystem notification API, dnotify, and noted a number of its limitations. We then turned our attention to its successor, inotify, and saw how the design of the newer API addressed various problems with the dnotify API while providing a number of other benefits as well. At first glance, inotify seems to provide a complete solution for the task of creating an application that reliably monitors the state of a filesystem.

Bookmark/Search this post with:

read more

Categories: Network

Is making your product free and open source crazy talk?

News.Debuntu.Org - Mon, 07/14/2014 - 22:00

 OpenSource.com: Patrick McFadin, chief evangelist for Apache Cassandra at DataStax, discusses the benefits of open source software and open source thinking for entrepreneurs.

Bookmark/Search this post with:
Categories: Network

CVE-2014-3319

News.Debuntu.Org - Mon, 07/14/2014 - 21:55

Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.

Bookmark/Search this post with:
Categories: Network

CVE-2014-3317

News.Debuntu.Org - Mon, 07/14/2014 - 21:55

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.

Bookmark/Search this post with:
Categories: Network

CVE-2014-2955

News.Debuntu.Org - Mon, 07/14/2014 - 21:55

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Bookmark/Search this post with:
Categories: Network
Syndicate content