Manyama holds the keys to Kaizer Chiefs' PSL title ambitions - Matsi
The Amakhosi forward continues to receive rave reviews with his former Cape Town City teammate joining in the praises ......
Man injured after being trapped under tree in Kaka Pt, South Otago
A man trapped under a tree has been freed and will soon be on his way to hospital.Emergency services were alerted to the man's plight about 5.30pm, a Southern Fire and Emergency spokesman said.As well as police and St John Ambulance...
Man hurt by bull in Riversdale, Southland
A man has been taken to hospital after a he was hurt by a bull in Southland this afternoon.St John Ambulance tweeted that they had been called to Riversdale, 30 kilometres north-west of Gore, just after 4pm."Two vehicles attended...
Man involved in Hawke's Bay $2.5 million meth bust gets prison sentence dropped
A man involved in a $2.5 million meth bust in Hawke's Bay has had his three and a half year prison sentence dropped to 12 months of home detention.Uriah Whetu Monty Wirihana received a prison sentence of three years and seven months...
Bashorun Askia Preaches Love, Compassion At Ramadan
Managing Director of Delta State Oil Producing Areas Development Commission (DESOPADEC) Bashorun Askia Ogieh has urged all Muslim faithful to show more love and compassion in this holy month of […]
Cuidado con los falsos profetas, 1ª Parte B
Many people think they're on their way to eternal life only to one day find out that, all along, they’d been traveling down the broad path to destruction. So how can you know for sure which path you are on? John MacArthur answers, today on "Grace to You."
¿Cuál es el camino al cielo? B
Many people today claim to know Jesus. But on the day of judgment what will matter is whether Jesus knows them. So how can you know that you are truly saved? John MacArthur helps to nail down the issue today on "Grace to You."
Ton-up Sharma stars as India beat rivals Pakistan in World Cup
MANCHESTER: Rohit Sharma scored his second hundred in three innings as India maintained their unbeaten record against Pakistan at the World Cup with an 89-run win under the Duckworth-Lewis-Stern method on Sunday.
MAN Energy Solutions latest power generator to consider hydrogen option
MAN Energy Solutions, VERBUND and New Brunswick Power are all experimenting with zero-carbon hydrogen as a future fuel source. Mitsubishi Hitachi Power Systems is also considering the alternative.
What Business Are Electric Utilities In?
Many businesses can now perform the traditional functions of an electric utility — provide affordable, reliable, resilient power to homes and businesses. The barriers to entry in the business have fallen. For instance, a home with rooftop solar panels, batteries, and gas-based generators may choose to be grid-independent. Even when homes decide to remain grid-tied, utilities face falling demand and revenue, and the possibility of future grid-defection. Further, competing electricity solutions can emerge quickly, and not one-home-at-a-time — microgrids can offer community, village, or campus-level solutions.
Manitoba Hydro announces workforce cuts, rate increases as debt rises
Manitoba Hydro has announced that it will eliminate more than 15% of its workforce while raising rates by at least 10% as the provincial utility's efforts to cut expenditures continue.
What is the future of the utility?
Many of us are somewhat familiar with what an electric utility does. Our house receives electricity, and we get a bill in the mail each month for it. Here in North Carolina, that bill is likely coming from Duke Energy. In other parts of the country it may be PG&E or Dominion Power. For at least a century, these utility monopolies have built power plants, installed transmission and distribution lines, billed customers for their electricity use, and the utility made a predictable margin for their work.
Manufacturing FDI into India on an upward curve
Figures show 2018 was India’s best year for manufacturing FDI in seven years.
Manufacturing FDI in Mexico stumbles again in 2018
Mexico suffered a second year of dwindling manufacturing, with the US's trade policy taking its toll. However, Mexico remains an attractive location for US companies and their suppliers.
Mandriva Linux Security Advisory 2015-232
Mandriva Linux Security Advisory 2015-232 - A malformed certificate input could cause a heap overflow read in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().
Mandriva Linux Security Advisory 2015-231
Mandriva Linux Security Advisory 2015-231 - Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.
Mandriva Linux Security Advisory 2015-230
Mandriva Linux Security Advisory 2015-230 - Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.
Mandriva Linux Security Advisory 2015-229
Mandriva Linux Security Advisory 2015-229 - It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code.
Mandriva Linux Security Advisory 2015-228
Mandriva Linux Security Advisory 2015-228 - It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.
Mandriva Linux Security Advisory 2015-227
Mandriva Linux Security Advisory 2015-227 - This update provides MariaDB 5.5.43, which fixes several security issues and other bugs.
Mandriva Linux Security Advisory 2015-223
Mandriva Linux Security Advisory 2015-223 - Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
Mandriva Linux Security Advisory 2015-226
Mandriva Linux Security Advisory 2015-226 - FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service.
Mandriva Linux Security Advisory 2015-225
Mandriva Linux Security Advisory 2015-225 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Mandriva Linux Security Advisory 2015-224
Mandriva Linux Security Advisory 2015-224 - Ruby OpenSSL hostname matching implementation violates RFC 6125. The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue.
Mandriva Linux Security Advisory 2015-222
Mandriva Linux Security Advisory 2015-222 - Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon.
Mandriva Linux Security Advisory 2015-221
Mandriva Linux Security Advisory 2015-221 - Multiple vulnerabilities have been found and corrected in clamav. The updated packages provides a solution for these security issues.
Mandriva Linux Security Advisory 2015-219
Mandriva Linux Security Advisory 2015-219 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie's path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
Mandriva Linux Security Advisory 2015-220
Mandriva Linux Security Advisory 2015-220 - NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
Mandriva Linux Security Advisory 2015-218
Mandriva Linux Security Advisory 2015-218 - Multiple vulnerabilities have been found and corrected in glibc. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. Various other issues were also addressed. The updated packages provides a solution for these security issues.
Mandriva Linux Security Advisory 2015-217
Mandriva Linux Security Advisory 2015-217 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE at the end of a SELECT statement. The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK in a CREATE TABLE statement. The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. The updated packages provides a solution for these security issues.
Mandriva Linux Security Advisory 2015-216
Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface.
Mandriva Linux Security Advisory 2015-215
Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm.
Mandriva Linux Security Advisory 2015-214
Mandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.
Mandriva Linux Security Advisory 2015-213
Mandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.
Mandriva Linux Security Advisory 2015-212
Mandriva Linux Security Advisory 2015-212 - An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures.
Mandriva Linux Security Advisory 2015-211
Mandriva Linux Security Advisory 2015-211 - glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the service. This was fixed by replacing it with systemd unit files for the service that work properly.
Mandriva Linux Security Advisory 2015-210
Mandriva Linux Security Advisory 2015-210 - A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU.
Mandriva Linux Security Advisory 2015-209
Mandriva Linux Security Advisory 2015-209 - Update PHP packages address buffer over-read and overflow vulnerabilities. PHP has been updated to version 5.5.24, which fixes these issues and other bugs. Additionally the timezonedb packages has been upgraded to the latest version and the PECL packages which requires so has been rebuilt for php-5.5.24.
Mandriva Linux Security Advisory 2015-208
Mandriva Linux Security Advisory 2015-208 - An issue has been identified in Mandriva Business Server 2's setup package where the /etc/shadow and /etc/gshadow files containing password hashes were created with incorrect permissions, making them world-readable. This update fixes this issue by enforcing that those files are owned by the root user and shadow group, and are only readable by those two entities. Note that this issue only affected new Mandriva Business Server 2 installations. Systems that were updated from previous Mandriva versions were not affected. This update was already issued as MDVSA-2015:184, but the latter was withdrawn as it generated.rpmnew files for critical configuration files, and rpmdrake might propose the user to use those basically empty files, thus leading to loss of passwords or partition table. This new update ensures that such.rpmnew files are not kept after the update.
man-cgi Local File Inclusion
man-cgi versions prior to 1.16 suffer from a local file inclusion vulnerability.
Mandriva Linux Security Advisory 2012-081
Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
Mandos Encrypted File System Unattended Reboot Utility 1.8.11
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
ManageEngine EventLog Analyzer 10.0 Information Disclosure
ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.
Mandriva Linux Security Advisory 2013-271
Mandriva Linux Security Advisory 2013-271 - The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related to bsd.lib.mk and bsd.prog.mk.
ManageEngine Asset Explorer Windows Agent Remote Code Execution
The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.
ManageEngine DataSecurity Plus Path Traversal / Code Execution
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.
ManageEngine 14 Remote Code Execution
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.
Manually Exploiting Intel AMT
This document illustrates the manual exploitation of the vulnerability found in the Intel Active Management Technology in 2017 that stripped off the primary authentication mechanism in the Intel AMT web interface.
Mandos Encrypted File System Unattended Reboot Utility 1.8.10
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.