BugTraq Mode:
(Page 10 of 1587)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update 2015-01-13
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3123-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 13, 2015

[ more ]  [ reply ]
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability 2015-01-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1369

Release Date:
=============
2015-01-06

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities 2015-01-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1400

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information 2015-01-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04537915

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04537915
Version: 1

HPSBMU03230 re

[ more ]  [ reply ]
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-2 >
=======================================================================
title: Cross-Site Request Forgery
product: Kodi/XBMC
vulnerable version: XBMC/Kodi <=14
fixed version: no fixed version available

[ more ]  [ reply ]
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-1 >
=======================================================================
title: Privilege Escalation & XSS & Missing Authentication
product: Ansible Tower
vulnerable version: <=2.0.2
fixed version: >=2.0.5

[ more ]  [ reply ]
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user 2015-01-13
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

Apache Qpid's qpidd can be crashed by authenticated user

CVE-2015-0203 CVS: 5.2

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

Certain u

[ more ]  [ reply ]
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: snom IP phones
vulnerable version: all firmware versions <8.7.5.15, all firmware branche

[ more ]  [ reply ]
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" 2015-01-13
DiéyÇ? (dieyu dieyu org)
Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to "Acknowledgments" part and search for "CVE-2014-6365"
It says "Dieyu" - that's me.

Technical Details:
"Internet Explorer XSS Filter Bypass Vulnerability" is done by...
1. Inject "a href" link into target page.
(Not script,

[ more ]  [ reply ]
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution 2015-01-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04533737

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04533737
Version: 1

HPSBOV03228 re

[ more ]  [ reply ]
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-13
Peter Lapp (lappsec gmail com)
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15.

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec (at) gmail (dot) com [email concealed]
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5

[ more ]  [ reply ]
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-12
Peter Lapp (lappsec gmail com)
Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec (at) gmail (dot) com [email concealed]
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6

Summary
=======

The F5 ASM is a web applica

[ more ]  [ reply ]
[SECURITY] [DSA 3126-1] php5 security update 2015-01-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3126-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 12, 2015

[ more ]  [ reply ]
Corel Software DLL Hijacking 2015-01-12
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Corel Software DLL Hijacking

1. *Advisory Information*

Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12

[ more ]  [ reply ]
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:

http://www.example.com/mobiquo/smartbanner/welcome.php?bo

[ more ]  [ reply ]
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via URL

[ more ]  [ reply ]
[ MDVSA-2015:022 ] wireshark 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:022
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:021 ] curl 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:021
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:020 ] libssh 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:020
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1300

Video: http://www.vulnerability-lab.com/get_content.php?id=1335

BugCrowd ID: e8a8ecb81b9bf115226ed2ff0

[ more ]  [ reply ]
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1398

BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0

Acknowledgement (Hall of F

[ more ]  [ reply ]
Blitz CMS Community - SQL Injection Web Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blitz CMS Community - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1403

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
[SECURITY] [DSA 3125-1] openssl security update 2015-01-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3125-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3124-1] otrs2 security update 2015-01-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3124-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 10, 2015

[ more ]  [ reply ]
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities 2015-01-10
Pietro Oliva (pietroliva gmail com)
Vulnerability title: Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5

XSS vulnerability (CVE-2014-7956, authentication is needed):
h

[ more ]  [ reply ]
[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities 2015-01-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04533567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04533567
Version: 1

HPSBOV03227 re

[ more ]  [ reply ]
[ MDVSA-2015:019 ] openssl 2015-01-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:019
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities 2015-01-09
dan montala com
Hi,

I'm from Montala - we head up ResourceSpace development.

Just to add an update - we believe all issues have been fixed in the ResourceSpace Subversion repository. In fact the majority were fixed some time ago however the original submitter was checking against an older version.

We aim to rele

[ more ]  [ reply ]
(Page 10 of 1587)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus