Ike.ninja

(Aug 25) Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2887 [More…]

SUMMARY The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue. …

The following issues have been fixed:

[-] (Windows only) Security fix:  BIND has been updated to version 9.8.5-P2, that also fixes CVE-2013-4854
[-] Security improvements. We would like to thank Rack911.com for their help in investigating a number of security issues.

SUMMARY The Apache HTTPD Server Project have released httpd-2.2.25 and httpd-2.4.6 to correct multiple vulnerabilities that were issues CVE’s. Apache HTTP Server 2.2.25 CVE-2013-1896 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to …

(Jul 18) Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2853 [More…]

(Jun 28) Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer [More…]

(Jun 18) Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. CVE-2013-1960 [More…]

The following bug has been fixed:

[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.

The following bug has been fixed:

[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.

The following bug has been fixed:



[-] Fixed moderate security issue with privilege escalation. Parallels Plesk Panel versions 9.x-11.x with Apache web server running mod_php, mod_perl, mod_python, etc.  is vulnerable to authenticated user privilege escalation. Authenticated users are users that have login to Parallels Plesk Panel (such as f.e. your customers, resellers, or your employees).

Parallels Plesk Panel instances with Apache web server configured with Fast CGI (PHP, perl, python, etc) or CGI (PHP, perl, python, etc) are NOT vulnerable.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.

The following bug has been fixed:

[-] Fixed moderate security issue with privilege escalation. Parallels Plesk Panel versions 9.x-11.x with Apache web server running mod_php, mod_perl, mod_python, etc.  is vulnerable to authenticated user privilege escalation. Authenticated users are users that have login to Parallels Plesk Panel (such as f.e. your customers, resellers, or your employees).
Parallels Plesk Panel instances with Apache web server configured with Fast CGI (PHP, perl, python, etc) or CGI (PHP, perl, python, etc) are NOT vulnerable.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.

(Mar 15) Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 [More…]

(Mar 4) Several vulnerabilities have been found in the Apache HTTPD server. CVE-2012-3499 [More…]

(Feb 17) Several vulnerabilities were discovered in the TLS/SSL protocol. This update addresses these protocol vulnerabilities in lighttpd. CVE-2009-3555 [More…]

(Feb 13) Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0169 [More…]