BugTraq Mode:
(Page 1 of 1576)  1 2 3 4 5 6 7 8 9 10 11  Next >
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1386

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239

CVE-ID:
=======
CVE-2014-2239

Release Date:
==

[ more ]  [ reply ]
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377

Release Date:
=============
2014-12-25

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1358

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1363

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1387

Release Date:
=============
2014-12-24

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1370

Facebook Security ID: 216850649

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2014

[ more ]  [ reply ]
DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)
Hi!

It seems that it is easy to induce DRAM bit errors by doing repeated
reads from adjacent memory cells on common hw. Details are at

https://www.ece.cmu.edu/~safari/pubs/kim-isca14.pdf

. Older memory modules seem to work better, and ECC should detect
this. Paper has inner loop that should trigg

[ more ]  [ reply ]
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com
Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
Advisory ID: SROEADV-2014-03
Author: Steffen Rösemann
Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014)
Vendor URL: http://www.contenido.org/de/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerab

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products

Advisory ID: cisco-sa-20141222-ntpd

Revision 1.1

Last Updated 2014 December 23 13:37 UTC (GMT)

For Public Release 2014 December 22 16:00 UTC (GMT)

+--------------

[ more ]  [ reply ]
[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3110-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
December 23, 2014

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3112-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2014

[ more ]  [ reply ]
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 2014-12-23
steffen roesemann1986 gmail com
Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
Advisory ID: SROEADV-2014-02
Author: Steffen Rösemann
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)
Vendor URL: http://www.s9y.org/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerability Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3108-1] ntp security update 2014-12-20
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3108-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 20, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3106-1] jasper security update 2014-12-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3106-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3109-1] firebird2.5 security update 2014-12-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3109-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2014

[ more ]  [ reply ]
[oCERT-2014-011] UnZip input sanitization errors 2014-12-22
Andrea Barisani (lcars ocert org)

#2014-011 UnZip input sanitization errors

Description:

The UnZip tool is an open source extraction utility for archives compressed in
the zip format.

The unzip command line tool is affected by heap-based buffer overflows within
the CRC32 verification, the test_compr_eb() and the getZip64Data() f

[ more ]  [ reply ]
[slackware-security] php (SSA:2014-356-02) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2014-356-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.3

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2014-356-01) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2014-356-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[slackware-security] xorg-server (SSA:2014-356-03) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2014-356-03)

New xorg-server packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 2014-12-19
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Importa

[ more ]  [ reply ]
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 2014-12-19
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Important

[ more ]  [ reply ]
Facebook BB #18 - IDOR Issue & Privacy Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook BB #18 - IDOR Issue & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1371

Facebook Security ID: 219208937

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
=

[ more ]  [ reply ]
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
iBackup v10.0.0.45 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iBackup v10.0.0.45 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor 2014-12-19
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF

[ more ]  [ reply ]
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 2014-12-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .

[ more ]  [ reply ]
[oCERT-2014-012] JasPer input sanitization errors 2014-12-18
Andrea Barisani (lcars ocert org)
#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A spe

[ more ]  [ reply ]
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,

[ more ]  [ reply ]
(Page 1 of 1576)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus