BugTraq Mode:
(Page 5 of 1556)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability 2014-08-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability

EMC Identifier: ESA-2014-081

CVE Identifier: CVE-2014-4619

Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification 2014-08-26
advisories (advisories lsexperts de)
=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 ===

Grand MA 300 Fingerprint Reader - Weak Pin Verification
------------------------------------------------------------------------

Affected Versions
=================
Grand MA 300/ID with firmware 6.60

Issue Overview
========

[ more ]  [ reply ]
ntopng 1.2.0 XSS injection using monitored network traffic 2014-08-25
Steffen Bauch (mail steffenbauch de)
ntopng 1.2.0 XSS injection using monitored network traffic

ntopng is the next generation version of the original ntop, a network
traffic probe and monitor that shows the network usage, similar to what
the popular top Unix command does.

The web-based frontend of the software is vulnerable to inje

[ more ]  [ reply ]
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities 2014-08-25
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 2

HPSBMU03076 r

[ more ]  [ reply ]
[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc. 2014-08-25
WorldCIST (worldcist aisti eu)
------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015.
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

WORKSHOP FORM

[ more ]  [ reply ]
MEHR Automation System Arbitrary File Download Vulnerability(persian portal) 2014-08-25
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
# Author : alieye
# vendor : http://shakhesrayane.ir/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# intext:"Poshtibani@

[ more ]  [ reply ]
DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config 2014-08-25
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config
# Author : alieye
# vendor : http://dnnsoftware.com/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# inurl:ctl/+inurl:/tab
# inurl:

[ more ]  [ reply ]
DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config 2014-08-25
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config
# Author : alieye
# vendor : http://dnnsoftware.com/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# inurl:ctl/+inurl:/tab
# inurl:ctl

[ more ]  [ reply ]
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699) 2014-08-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=750

BARRACUDA NETWORK SECURITY ID: BNSEC-699

Release Date:
=============
2014-08-22

[ more ]  [ reply ]
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707) 2014-08-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=749

Barracuda Networks Security ID (BNSEC): 707

V

[ more ]  [ reply ]
[SECURITY] [DSA 3011-1] mediawiki security update 2014-08-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3011-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 23, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3010-1] python-django security update 2014-08-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3010-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 22, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities 2014-08-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04388127

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04388127
Version: 1

HPSBMU03079 re

[ more ]  [ reply ]
DoS attacks (ICMPv6-based) resulting from IPv6 EH drops 2014-08-22
Fernando Gont (fgont si6networks com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

Ten days ago or so we published this I-D:
<http://www.ietf.org/internet-drafts/draft-gont-v6ops-ipv6-ehs-in-real-w
orld-00.txt>

Section 5.2 of the I-D discusses a possible attack vector based on a
combination of "forged" ICMPv6 PTB messages and

[ more ]  [ reply ]
[security bulletin] HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-08-21
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04406535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04406535
Version: 1

HPSBST03098 re

[ more ]  [ reply ]
CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability 2014-08-21
Herbert Duerr (hdu apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3524
OpenOffice Calc Command Injection Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions may also be affected.

Description:
Th

[ more ]  [ reply ]
CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects 2014-08-21
Herbert Duerr (hdu apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3575
OpenOffice Targeted Data Exposure Using Crafted OLE Objects

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.

Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3009-1] python-imaging security update 2014-08-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3009-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 21, 2014

[ more ]  [ reply ]
[CVE-2014-5335] CSRF in Innovaphone PBX 2014-08-21
rg nsideattacklogic de
Title: Innovaphone PBX Admin-GUI CSRF
Impact: High
CVSS2 Score: 7.8 (AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C)
Announced: August 21, 2014
Reporter: Rainer Giedat (NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de)
Products: Innovaphone PBX Administration GUI
Affected Versions: all known versions (tes

[ more ]  [ reply ]
[SECURITY] [DSA 3008-2] php5 regression update 2014-08-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3008-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 21, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2940-1] libstruts1.2-java security update 2014-08-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2940-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Aug 21, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3008-1] php5 security update 2014-08-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3008-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 21, 2014

[ more ]  [ reply ]
ToorCon 16 Call For Papers! 2014-08-20
h1kari toorcon org
TOORCON 16 CALL FOR PAPERS

It's that time of year again! ToorCon 16 is coming so get your code finished and submit a talk this time around. We're letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge Sem

[ more ]  [ reply ]
ArcGIS for Server Vulnerability Disclosure 2014-08-20
Romano, Christian (cromano caanes com)
Product: ArcGIS for Server
Vendor: ESRI
Vulnerable Version: 10.1.1
Tested Version: 10.1.1
Vendor Notification: June 19, 2014
Public Disclosure: August 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5121
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N

[ more ]  [ reply ]
CVE-2014-4973 - Privilege Escalation in ESET Windows Products 2014-08-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Privilege Escalation in ESET Windows Products
CVE: CVE-2014-4973
Vendor: ESET
Product: ESET Windows Products
Affected version: v5.0 - 7.0 (Firewall Module Build 1183 (20140214) and
earlier)
Fixed version: v6 - v7 (Firewall Module Build 1212 (20140609))
Reported by: Kyriakos Econ

[ more ]  [ reply ]
SQL Injection Vulnerability in ArticleFR 2014-08-20
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23225
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 3.0.4 and probably prior
Tested Version: 3.0.4
Advisory Publication: July 23, 2014 [without technical details]
Vendor Notification: July 23, 2014
Public Disclosure: August 20, 2014
Vulnerability Type: SQL I

[ more ]  [ reply ]
CVE-2014-5307 - Privilege Escalation in Panda Security Products 2014-08-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-5307
Vendor: Panda Security
Product: Multiple
Affected version: Panda 2014 Products
Fixed version: Hotfix hft131306s24_r1
Reported by: Kyriakos Economou

Details:

Latest, and possibly earlier builds, of the PavTPK.sys kernel

[ more ]  [ reply ]
[SECURITY] [DSA 3007-1] cacti security update 2014-08-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3007-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2014

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities 2014-08-20
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140820-001]

Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Recommend

[ more ]  [ reply ]
ICETC2014 - IEEE Extended Submission until Aug. 28, 2014 2014-08-20
jackie sdiwc info
Apologies for cross-posting.
Kindly forward to those who may be of interest.
=======================================================================
International Conference on Education Technologies and Computers
(ICETC2014)
Lodz University of Technology, Lodz, Poland

[ more ]  [ reply ]
(Page 5 of 1556)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus