BugTraq Mode:
(Page 5 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ANN] Apache Struts 2.3.20 GA release available with security fix 2014-12-08
Lukasz Lenart (lukaszlenart apache org)
The Apache Struts group is pleased to announce that Apache Struts
2.3.20 is available as a "General Availability" release. The GA
designation is our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is desig

[ more ]  [ reply ]
CFP: InfoSec SouthWest 2015 (ISSW) 2014-12-08
Tod Beardsley (todb packetfu com)
I'm pleased to announce the Call For Papers for InfoSec Southwest 2015!

If you are interested in speaking at this year's event in Austin, Texas,
on April 11 or April 12, 2015, please take a look our submission
requirements at http://2015.infosecsouthwest.com/cfp.html .

Once you've decided to parti

[ more ]  [ reply ]
CMS Made Simple PHP Code Injection Vulnerability (All versions) 2014-12-06
sahm post com
# CMS Made Simple PHP Code Injection Vulnerability (All versions)
# 2014-12-02
# SAHM (@post.com)
# cmsmadesimple.org
# All versions
---exploit
A malicious attacker can intrude every CMSMS-installed website by taking the following steps:
Open the /install folder from the URL (The cms doesn't force

[ more ]  [ reply ]
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-05
Shawn (citypw gmail com)
Hi Agostino,

I don't think this issue impact on Grsecurity/PaX, which
Hardened-Gentoo is using PaX.

On Fri, Dec 5, 2014 at 7:10 PM, Agostino Sarubbo <ago (at) gentoo (dot) org [email concealed]> wrote:
> On Gentoo (Hardened) I always get form
> ./get_offset2lib:
>
> Offset2lib (libc): 0x0
>
>
> --
> Agostino Sarubbo
> Gentoo

[ more ]  [ reply ]
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) 2014-12-06
Security Explorations (contact security-explorations com)

Hello All,

We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.

There are more issues pending verification - we estimate them to be in
the range of 30+ in total.

Quick summary of our developments so far:
- we bypassed GAE whitelis

[ more ]  [ reply ]
[SECURITY] [DSA 3091-1] getmail4 security update 2014-12-07
Giuseppe Iuculano (iuculano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3091-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
December 07, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3092-1] icedove security update 2014-12-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3092-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2014

[ more ]  [ reply ]
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) 2014-12-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1339

[VU#666988] US CERT

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articl

[ more ]  [ reply ]
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2014-0012
Synopsis: VMware vSphere product updates address security
vulnerabilities
Issue date: 2

[ more ]  [ reply ]
Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)
Hi,

This is a disclosure of a weakness of the ASLR Linux implementation.
The problem appears when the executable is PIE compiled and it has an
address leak belonging to the executable. We named this weakness:
offset2lib.

In this scenario, an attacker is able to de-randomize all mmapped
areas (libr

[ more ]  [ reply ]
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04510081

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04510081
Version: 1

HPSBGN03205 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-12-05
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04517477

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04517477
Version: 1

HPSBUX03218 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3090-1] iceweasel security update 2014-12-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3090-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3089-1] jasper security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3089-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
[oCERT-2014-009] JasPer input sanitization errors 2014-12-04
Andrea Barisani (lcars ocert org)

#2014-009 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by two heap-based buffer overflows which can lead to
arbitrary code execution. The vulnerability is present in functions
jpc_dec_cp_setfrom

[ more ]  [ reply ]
[SECURITY] [DSA 3088-1] qemu-kvm security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3088-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3087-1] qemu security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3087-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
Re: Slider Revolution/Showbiz Pro shell upload exploit 2014-12-04
assistenz crm-br com
Thank you for this information! Is there already a fix?

[ more ]  [ reply ]
CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn
Vulnerability title: SQL Injection in PBBoard CMS
CVE: CVE-2014-9215
CMS: PBBoard
Vendor: Power bulletin board - http://www.pbboard.info/
Product: http://sourceforge.net/projects/pbboard/files/PBBoard_v3.0.1/PBBoard_v3.
0.1.zip/download
Affected version: Version 3.0.1 (updated on 13/09/2014) and befo

[ more ]  [ reply ]
APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 2014-12-03
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1

Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and
addresses the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v1

[ more ]  [ reply ]
[SECURITY] [DSA 3086-1] tcpdump security update 2014-12-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3086-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 03, 2014

[ more ]  [ reply ]
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection 2014-12-03
Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br)
Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130

Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?fai
lrefer=<script></scrip

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2014-337-01) 2014-12-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2014-337-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3085-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
December 03, 2014

[ more ]  [ reply ]
F5 BIGIP - (OLD!) Persistent XSS in ASM Module 2014-12-02
jplopezy gmail com

Description
-----------

The f5 is a "load balancer" which has several modules, one of them called ASM works as a WAF (firewall application). The asm allow create security policy
to protect a web site for example.

For it have some methods

Create a policy automatically (recommended) <- BAD IDEA
C

[ more ]  [ reply ]
ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability

EMC Identifier: ESA-2014-160

CVE Identifier: CVE-2014-4631

Severity Rating: CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA Adapti

[ more ]  [ reply ]
ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability

EMC Identifier: ESA-2014-156

CVE Identifier: CVE-2014-4629

Severity Rating: CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:P/A:C)

Affected product

[ more ]  [ reply ]
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress 2014-12-02
Henri Salo (henri nerv fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin cm-download-manager
Plugin page: https://wordpress.org/plugins/cm-download-manager/
Vendor: CreativeMindsSolutions http://cminds.com/
Vulnerability Type: CWE-79: Cross-site scripting
Vulnerable Versions: 2.0.6 and below
Fixed V

[ more ]  [ reply ]
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components 2014-12-02
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager
Mobile Device Management Components

During a penetration test, RedTeam Pentesting discovered that several
IBM Endpoint Manager Components are based on Ruby on Rails and use
static secret_token values. With these value

[ more ]  [ reply ]
(Page 5 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus