Vulnerabilities in FreeBSD#1 Denial of service and system compromise in FreeBSD (Remote Buffer Overflow vulnerability)

Danger level: High
Availability Corrections: Yes
Quantity of vulnerabilities: 1

CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2014-3954

Vector of operation: Remote
Impact: Remote Buffer Overflow (Denial of service, system compromise) Read the rest of this entry »

PidginFive new vulnerabilities in universal instant messenger client

There are five vulnerabilities fixed in the client messaging Pidgin. Administrators are advised to update to version 2.10.10.

The program for instant messaging on the Internet Pidgin updated to version 2.10.10. Administrators are advised to install the updates immediately because they fixed five vulnerabilities.

Vulnerability CVE-2014-3698 allows attackers to steal information from the memory process in XMPP-messages. Vulnerability CVE-2014-3697 possible to change arbitrary files when connecting a specially designed theme emoticons (only in Windows). Vulnerabilities CVE-2014-3696 and CVE-2014-3695 could lead to abnormal termination of the process,  and CVE-2014-3694 leads to errors when checking SSL-certificates. Read the rest of this entry »

avast protectionAvast Free Antivirus 2015 – is free antivirus with all the features you need for reliable protection of your computer and data from malicious attacks. It includes efficient antivirus with powerful shields and scanner for your home network.

Avast Free Antivirus 2015 – a reliable free antivirus with over 200 million users worldwide.

The solution offers everything you need to effectively protect your computer and data from hackers and malicious attacks. Read the rest of this entry »

avast protectionAVAST Software Company announced its line of the antivirus products for 2015, including: avast! Free / Pro Antivirus 2015, avast! Internet Security 2015 and avast! Premier 2015.

All programs now contain the function of protecting domestic networks, which scans the local network for different types of vulnerabilities: checks the status of the wireless Wi-Fi-connection, settings of the router, password settings, and etc.

A new smart scan option available from the main console, consistently runs all avast! scanners: antivirus, home networking, software updates and a file collection. The results of these tests are displayed in a common window, so that you can eliminate found problems in one mouse click. Read the rest of this entry »

dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. Read the rest of this entry »

Linux TuxTwo vulnerabilities in the Linux Kernel

Danger level: Low
Availability Fixes: Instructions on corrective action
Quantity of vulnerabilities: 2

CVSSv2 Rating:
1.  (AV: L / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: W / RC: C) = Base: 2.1 / Temporal: 1.7
2. (AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:W/RC:C) = Base:2.1/Temporal:1.7

1. CVE-2014-7970
2. CVE-2014-7975 Read the rest of this entry »

ibm logoTwo vulnerabilities in the IBM product WebSphere MQ

Danger level: Low
Availability Corrections: Yes
Quantity of vulnerabilities: 2

CVSSv2 Rating:

(AV: A / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 5.8 / Temporal: 4.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: O / RC: C) = Base: 2.1 / Temporal: 1.6

CVE ID: CVE-2014-6116; CVE-2014-4822 Read the rest of this entry »

Physical Access to a ComputerWe continue our series of articles on COMPUTER security. Today we offer the second part of the article “Physical Access to a Computer and Data”.

Here’s the first part of the article

This part of the article describes following questions of the computer security:

  • Limited Access to Programs
  • LOCK ACTION WITH Kaspersky Internet Security
  • Control Access to Files And Folders
  • ON GUARD – Bio-Scanners
  • Restricting access to the BIOS

Read the rest of this entry »

SQL InjectionSQL Injection / Command Injection in Centreon and Centreon Enterprise Server

Critical vulnerabilities has been identified in all versions of the free system monitoring Centreon, issued since 2008 (Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2 | 3.0). These vulnerabilities can be exploited by anonymous users without passing authentication. Update with security fixes until released.

Danger level: High
Availability of corrections: No
Quantity of vulnerabilities: 2 Read the rest of this entry »

php logoThe PHP developers have eliminated four vulnerabilities in their products

The update fixed a vulnerability that could lead to an integer overflow.

PHP developers have released a patches 5.6.2, 5.5.18 and 5.4.34 for your scripting language that eliminates four vulnerabilities, including CVE-2014-1668, CVE-2014-3669 and CVE-2014-3670.

All holes were discovered in September of this year. The most dangerous of the patched vulnerabilities is CVE-2014-3669.  It can cause an integer overflow when parsing specially designed serialize data using the unserialize () function. Read the rest of this entry »