BugTraq Mode:
(Page 5 of 1587)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ MDVSA-2015:037 ] vorbis-tools 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:037
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS) 2015-02-06
ayman abdelaziz helpag com
About the Product:
BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses.

Advisory Details:

During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the following:
1) Store

[ more ]  [ reply ]
[ MDVSA-2015:035 ] libvirt 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:035
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:036 ] python-django 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:036
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:034 ] jasper 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:034
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:033 ] java-1.7.0-openjdk 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:033
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
LG On Screen Phone authentication bypass (CVE-2014-8757) 2015-02-06
Imre Rad (imre rad search-lab hu)
LG On Screen Phone authentication bypass vulnerability
------------------------------------------------------
SEARCH-LAB Ltd. discovered a serious security vulnerability in the On
Screen Phone protocol used by LG Smart Phones. A malicious attacker is
able to bypass the authentication phase of the ne

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-06
David Leo (david leo deusen co uk)
'could you share the contents of "1.php"?'
Sure:
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>

"I'm assuming it is a delayed re-direct to the target's domain?"
Exactly. :-)

"the cloudflare scripts"
It's been tested without them.

Kind Regards,

On 2015/2/6 2:31, Bar

[ more ]  [ reply ]
[SECURITY] [DSA 3154-1] ntp security update 2015-02-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3154-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 05, 2015

[ more ]  [ reply ]
[ MDVSA-2015:031 ] busybox 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:031
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:032 ] php 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:032
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability 2015-02-05
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability

EMC Identifier: EMC-2015-012

CVE Identifier: CVE-2015-0519

Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

? EMC Capt

[ more ]  [ reply ]
[ MDVSA-2015:029 ] binutils 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:029
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:030 ] bugzilla 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:030
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
CVE-2015-1172 Wordpress-theme remote arbitrary code 2015-02-05
borg servernet se
Product: holding_pattern
Vendor: Liftux
Vulnerable Version(s): 0.6 and prior
Tested Version: 0.6
Advisory Publication: January 18, 2015
Vendor Notification: January 14, 2015
Public Disclosure: January 18, 2015
Vulnerability Type: Exec Code
Authentication: Not required to exploit
CVE Reference: CVE-2

[ more ]  [ reply ]
[SECURITY] [DSA 2978-2] libxml2 security update 2015-02-06
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2978-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 06, 2015

[ more ]  [ reply ]
[oCERT-2015-002] e2fsprogs input sanitization errors 2015-02-05
Andrea Barisani (lcars ocert org)

#2015-002 e2fsprogs input sanitization errors

Description:

The e2fsprogs package is a set of open source utilities for ext2, ext3 and
ext4 filesytems.

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor informati

[ more ]  [ reply ]
RE: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
Dimitris Strevinas (d strevinas obrela com)
Ben, we have reproduced the vulnerability in many occasion.
First of all, at least to steal the session it is no matter if
X-Frame-Option is set to deny/same-origin.
Secondly, we were able to easily bypass the alert popup. It is not needed if
you implement the "waiting" logic with a synchronous AJAX

[ more ]  [ reply ]
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" 2015-02-05
David Leo (david leo deusen co uk)
1.
"Spartan - vulnerable (Windows 10)"
http://www.deusen.co.uk/items/insider3show.3362009741042107/SpartanWin10
_screenshot.png
Thanks to Zaakiy Siddiqui!

2.
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Many asked for it.

3.
It's Universal XSS, as we tested:
Not onl

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
David Leo (david leo deusen co uk)
"is this entirely an IE flaw"
Yes.

"is it tied to the use of Cloudflare"
No.

"I tried to reproduce... was unsuccessful"
Likely, this detail is missing:
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Please tell us whether you reproduce(with the PHP code).

"am I corr

[ more ]  [ reply ]
Re: Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
kingkaustubh me com
Here is the exact conversation

ASUS CASEID=RTM20150115204498-295 Please click here if you wish to reply this mail!

Dear Kaustubh,

Thank you for the information, we really appreciate your feedback.

To improve our customers experience we have forwarded your information to related dept., the conc

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability 2015-02-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability

Advisory ID: cisco-sa-20150204-wbx

Revision 1.0
For Public Release 2015 February 4 16:00 UTC (GMT)

- ----------------------------------------------------------------

[ more ]  [ reply ]
Bitdefender Internet Security - 2015-02-04
jerold v00d00sec com
There seems to be some security issues with the way Bitdefender Internet Security 2015 software (Build 18.20.0.1429) interacts with its myBitdefender online portal.

Issues:

1) Possible partial information disclosure privacy issue of users' myBitdefender account credentials when using the SAFEGO fu

[ more ]  [ reply ]
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities 2015-02-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

EMC Identifier: ESA-2015-010

CVE Identifier: CVE-2015-0517, CVE-2015-0518

Affected products:

? EMC Documentum D2 3.1 and all patch versions

? EMC Documentum D2 3.1 SP1 and all patch

[ more ]  [ reply ]
ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability 2015-02-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability

EMC Identifier: ESA-2014-158

CVE Identifier: CVE-2014-4630

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affect

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-04
David Leo (david leo deusen co uk)
Microsoft was notified on Oct 13, 2014.

Joey thank you very much for your words.

Kind Regards,

On 2015/2/3 4:53, Joey Fowler wrote:
> Hi David,
>
> "nice" is an understatement here.
>
> I've done some testing with this one and, while there /are/ quirks, it most definitely works. It even bypasses

[ more ]  [ reply ]
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 2015-02-04
sven bsddaemon org
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

----------------------------------------------------------------

Product Information:

Software: Fork CMS

Tested Version: 3.8.5, released on Wednesday 14 January 2015

Vulnerability Type: SQL Injection (CWE-89)

Download link to tested ver

[ more ]  [ reply ]
(Page 5 of 1587)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus