LinuxSecurity.com: Think server sprawl is bad now? Just wait till you experience virtual server sprawl. When users can clone a virtual machine with the click of a mouse, or save versions of applications and operating systems for later use, you're
LinuxSecurity.com: I have downloaded the beta of Firefox 3 to check out the improvements related to SSL. First, there's the added support for Extended Validation SSL certificates, but I am not very excited about that (I wrote about this previously
LinuxSecurity.com: Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
LinuxSecurity.com: Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.
GoLd_M has discovered some vulnerabilities in Project-Based Calendaring System, which can be exploited by malicious people to disclose sensitive information. Input passed to the "filename" parameter in src/yopy_sync.php and plugins/system-logger/print_logs.php is not properly verified before being used to read files.
A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in the Java plugin and can be exploited by
A vulnerability has been reported in Nortel Multimedia Communication Server (MCS), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the Multimedia PC Client and can
A vulnerability has been reported in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to e.g. download and execute malicious
Thomas Pollet has reported a vulnerability in IBM Lotus Expeditor, which can be exploited by malicious people to compromise a user's system. The problem is that the application registers the "cai" URI handler, which allows launching rcplauncher.exe with arbitrary command
Red Hat has issued an update for thunderbird. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
Some vulnerabilities have been reported in cPanel, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerabilities are caused due to the application allowing users to perform certain actions via HTTP requests without performing any
Wade Alcorn and John Heasman have reported a vulnerability in SNMPc, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to a boundary error in
SugarCRM Community Edition is vulnerable to local file contents disclosure This vulnerability can be exploited by a malicious user to disclose potentially sensitive information. The flaw is caused due to a lack of input filtering in the SugarCRM RSS module,
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts . This vulnerability exists because it is possible to modify authentication cookies without invalidating
Glasgow's new, Stobhill and Victoria hospitals have selected CEM security solutions to secure their new, state-of-the-art GBP100m facilities. The contract, which was awarded in collaboration with ADT Glasgow, includes the CEM AC2000 SE (Standard Edition) security management system. As part
The newly revised UK British Banking code means that fraud losses by banks will now be shifted onto consumers. The new code allows banks to hold customers personally responsible if they have not taken adequate security measures to protect themselves.The
Swann Security has announced it is teaming up with the UK crime-fighting charity Crimestoppers. In an effort to support communities across the UK, Swann Security will support the independent charity in their vision to fight crime. Crimestoppers is an independent
