BugTraq Mode:
(Page 9 of 1593)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
[slackware-security] patch (SSA:2015-047-01) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] patch (SSA:2015-047-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2015-047-02) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2015-047-02)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Reflected File Download in AOL Search Website 2015-02-16
Ricardo Iramar dos Santos (riramar gmail com) (1 replies)
Oren Hafif reported a new kind of attack called Reflected File
Download (https://www.blackhat.com/eu-14/briefings.html#reflected-file-download-a
-new-web-attack-vector)
in Black Hat Europe 2014 conference.
More details about the attack you can found in his public
presentation: https://www.blackhat.co

[ more ]  [ reply ]
Re: Reflected File Download in AOL Search Website 2015-02-16
Mike Antcliffe (mikeantcliffe logicallysecure com)
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher 2015-02-15
kingkaustubh me com
#####################################
Title:- XSS In Image-Metadata-Cruncher
Author: Kaustubh G. Padwad
Product: image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/
Severity: Medium
Auth: Requierd

# Description:
Vulnerable Parameter:
Alternate text:

[ more ]  [ reply ]
Cosmoshop - XSS on Admin-Login Mask 2015-02-14
innate gmx de
author: l0om
page: l0om.org
date: 14.02.2015

Cosmoshop is a simple webshop designed for the german market.

There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at

http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi

This page w

[ more ]  [ reply ]
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 2015-02-14
sven bsddaemon org
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5

----------------------------------------------------------------

Product Information:

Software: Fat Free CRM

Tested Version: 0.13.5, released 22.1.2015 with over 10.000 downloads

Vulnerability Type: Cross-Site Request Forgery,

[ more ]  [ reply ]
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four 2015-02-14
Hector Marco (hecmargi upv es)
Hi,

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
been found. The issue is that the stack for processes is not properly
randomized on some 64 bit architectures due to an integer overflow.

Affected systems have reduced the stack entropy of the processes by four.

Details at

[ more ]  [ reply ]
CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak 2015-02-13
jullrich sans edu
Summary

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

The problem has been fixed by removing this configuration dump from curr

[ more ]  [ reply ]
UNIT4 Prosoft HRMS XSS Vulnerability 2015-02-13
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.unit4.com/
# Product: UNIT4 Prosoft HRMS
# Product site: http://www.unit4apac.com/products/prosofthrms
# Affected version: 8.14.230.47
# Fixed version: 8.14.330.43
# Credit: Jerold Hoong & Edric Teo

# PROOF OF CONCEPT

The login page o

[ more ]  [ reply ]
[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution 2015-02-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04568731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04568731
Version: 1

HPSBGN03258 r

[ more ]  [ reply ]
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service 2015-02-13
Hector Marco (hecmargi upv es)
Hello,

Summary:

A bug in the stock Google email application version 4.4.2.0200 has been
found. An attacker can remotely perform an Denial Of Service attack by
sending a specially crafted email. No interaction from the user is
needed to produce the crash just receive the malicious email.

The C

[ more ]  [ reply ]
[ MDVSA-2015:046 ] ntp 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:046
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:045 ] e2fsprogs 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:045
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:047 ] elfutils 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:047
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:048 ] postgresql 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:048
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:044 ] perl-Gtk2 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:044
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Open-Xchange Security Advisory 2015-02-12 2015-02-12
Martin Heiland (martin heiland open-xchange com)
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35889 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versio

[ more ]  [ reply ]
Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-12
Jonathan Brossard (endrazine gmail com) (1 replies)


----++++++++++++++++++++++++++++++++++++----
Shakacon VII - Honolulu, Hawaii

"Sun, Surf, and C Shells"

CALL FOR PAPERS

www.shakacon.org/CFP2015.html
----++++++++++++++++++++++++++++++++++++----

Who: Shakacon Crew
What: Shakacon VII
When: July 6-7 (Training) & July

[ more ]  [ reply ]
Re: Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-13
Jonathan Brossard (endrazine gmail com)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-02-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa

Revision 2.0

Last Updated 2015 February 11 17:54 UTC (GMT)

For Public Release 2014 October 8 16:00 UTC (GMT)

Summary
=======

*** Revision 2.0 Note: Please see the

[ more ]  [ reply ]
[SECURITY] [DSA 3161-1] dbus security update 2015-02-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3161-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3160-1] xorg-server security update 2015-02-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3160-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2015

[ more ]  [ reply ]
Elasticsearch vulnerability CVE-2015-1427 2015-02-11
Kevin Kluge (kevin kluge elasticsearch com)
Summary:
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.

We have been assign

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability 2015-02-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Secure Access Control System SQL Injection Vulnerability

Advisory ID: cisco-sa-20150211-csacs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20150211-csacs

Revision 1.0

For Public Release 2015 February 11 16:00

[ more ]  [ reply ]
Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability 2015-02-11
sn 1dn eu
============================================================
- Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability
- Vulnerable Version: 2.8.8 and probably prior
-Tested Version:2.8.8
- Vendor Notification: 20 November 2014
- Vendor Patch: 20 November 2014
-Vulnerabil

[ more ]  [ reply ]
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) 2015-02-11
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

yesterday Microsoft published the security advisory 3004375
<https://technet.microsoft.com/en-us/library/security/3004375>
announcing an update which enables Windows 7 and newer to log
the command lines used to start processes to the event log.

If you want to have this functionality on old

[ more ]  [ reply ]
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) 2015-02-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1427

Release Date:
=============
2015-01-29

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability 2015-02-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1355

Release Date:
=============
2015-02-09

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability 2015-02-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1416

Release Date:
=============
2015-02-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
(Page 9 of 1593)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus