BugTraq Mode:
(Page 5 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3333-1] iceweasel security update 2015-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3333-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2015

[ more ]  [ reply ]
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability 2015-08-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1571

Release Date:
=============
2015-08-12

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Windows Platform Binary Table (WPBT) - BIOS PE backdoor 2015-08-12
Kevin Beaumont (kevin beaumont gmail com)
PRECURSOR

There will be debate about if this is a vulnerability. It affects a
majority of user PCs -- including all Enterprise editions of Windows,
there is no way to disable it, and allows direct code execution into
secure boot sequences. I believe it is worth discussing.

SCOPE

Microsoft docum

[ more ]  [ reply ]
Pdf Shaper Buffer Overflow 2015-08-12
metacom27 gmail com
##
# This module requires Metabuffer: http://metabuffer.com/download
# Current source: https://github.com/rapid7/metabuffer-framework
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
#Rank definition: http://dev.metabuffer.com/redmine/projects/framework/wiki/Exploit_Rankin
g
#Manu

[ more ]  [ reply ]
[SECURITY] [DSA 3334-1] gnutls28 security update 2015-08-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3334-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2015

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault
Predictable encryption passwordsfor Configuration Values

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault
Predictable Encryption Password for Secure Storage

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault
Keystream Recovery

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt creden

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2015-219-01) 2015-08-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-219-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3330-1] activemq security update 2015-08-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3330-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 07, 2015

[ more ]  [ reply ]
QNAP crypto keys logged on unencrypted disk partition in world accessible files 2015-08-07
Andreas Steinmetz (ast domdv de)
Affected devices:
=================

Probably all QNAP devices running the QNAP modified 3.12.6 kernel with
firmware older than 4.1.4 Build 0804.

Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build
0522.

Probably fixed with Firmware 4.1.4 Build 0804 (incriminating message
gone, tho

[ more ]  [ reply ]
[slackware-security] mozilla-nss (SSA:2015-219-02) 2015-08-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-nss (SSA:2015-219-02)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
Device Inspector v1.5 iOS - Command Inject Vulnerabilities 2015-08-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Device Inspector v1.5 iOS - Command Inject Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1558

Release Date:
=============
2015-08-07

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability 2015-08-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1562

Video: http://www.vulnerability-lab.com/get_content.php?id=1561

Vulnerability Magazine: http://magazine.vuln

[ more ]  [ reply ]
Thomson Reuters FATCA - Arbitrary File Upload 2015-08-07
jakub palaczynski ingservicespolska pl
Title: Thomson Reuters FATCA - Arbitrary File Upload
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5951

Affected software:
==================

All versions of Thomson Reuters FATCA below v5.2

Exploit was tested on:
======================

Thomson Reuters FATCA v5.1.0.30

De

[ more ]  [ reply ]
[SECURITY] [DSA 3329-1] linux security update 2015-08-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3329-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 07, 2015

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de) (2 replies)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> W^X applies to memory protection, completely irrelevant here.

I recommend to revisit elementary school and start to learn reading!

http://seclists.org/bugtraq/2015/Aug/8

| JFTR: current software separates code from data in virtual memory and
| uses

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Reindl Harald (h reindl thelounge net)
RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Steve Friedl (steve unixwiz net) (1 replies)
RE: [FD] Mozilla extensions: a security nightmare 2015-08-07
Frank Waarsenburg (fwaarsenburg ram-it nl) (1 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Jakob Holderbaum (hi jakob io) (1 replies)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-07
Teddy A PURWADI (teddyap access net id)
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> This makes no sense.

Right. "W^X" obviously doesnt make sense to YOU.

> Administrator can write everywhere and users can write their own
> directories. There is no privilege escalation here, no security
> boundary being crossed.

Who wrote anything about

[ more ]  [ reply ]
Re: [FD] Mozilla extensions: a security nightmare 2015-08-06
Stefan Kanthak (stefan kanthak nexgo de)
"Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote:

> If it can only be written by your own user, what would be the
> security boundary being crossed here?

Please read AGAIN what I already wrote!

| The security boundary created by privilege separation

ie. Administrator/root vs. "user"

| and installation of

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:19.routed 2015-08-05
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:19.routed Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
(Page 5 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus