The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Posted on 28 January 2015. | Researchers found a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials.
Posted on 23 January 2015. | The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.
Posted on 23 January 2015. | Adobe has released an out-of-band update for Flash Player, which fixes a security flaw (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform.