BugTraq Mode:
(Page 10 of 1546)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
Bug in bash <= 4.3 [security feature bypassed] 2014-06-03
Hector Marco (hecmargi upv es)
Hi everyone,

Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.

We think that this is a security issue because in some circumstances
the bash security feature could be bypassed allowing the bash to be a
valid target shell in an attac

[ more ]  [ reply ]
Re: [oss-security] Bug in bash <= 4.3 [security feature bypassed] 2014-06-04
Jose Carlos Luna Duran (jose carlos luna gmail com)
In my opinion the drop of privs in bash was mostly a "help" measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this as the problem that could be
exploited by that would really be in the original program that does
not drop privs before invokin

[ more ]  [ reply ]
CVE-2014-1226 s3dvt Root shell (still) 2014-06-03
Hector Marco (hecmargi upv es)
CVE-2014-1226 s3dvt Root shell (still)

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

The s3dvt developers forgot to review all the code. There is still a
vulnerable function as in the previous CVE-2013-6825. At the date

[ more ]  [ reply ]
CVE-2013-6825 DCMTK Root Privilege escalation 2014-06-03
Hector Marco (hecmargi upv es)
CVE-2013-6825 DCMTK Root Privilege escalation

About DCMTK:

DCMTK is a collection of libraries and applications implementing large parts
the DICOM standard. It includes software for examining, constructing and
converting DICOM image files, handling offline media, sending and receiving
images over a

[ more ]  [ reply ]
CVE-2013-6876 s3dvt Root shell 2014-06-03
Hector Marco (hecmargi upv es)
CVE-2013-6876 s3dvt Root shell

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain
a root shell.

Details, patches, discussion and strategy to exploit at:

[ more ]  [ reply ]
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability 2014-06-03
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1271

Release Date:
=============
2014-06-02

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1270

Release Date:
=============
2014-05-30

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
TigerCom My Assistant v1.1 iOS - File Include Vulnerability 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
TigerCom My Assistant v1.1 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1268

Release Date:
=============
2014-05-23

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1267

Release Date:
=============
2014-05-23

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
AllReader v1.0 iOS - Multiple Web Vulnerabilities 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AllReader v1.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1269

Release Date:
=============
2014-05-26

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Files Desk Pro v1.4 iOS - File Include Web Vulnerability 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Files Desk Pro v1.4 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1266

Release Date:
=============
2014-05-16

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
NG WifiTransfer Pro 1.1 - File Include Vulnerability 2014-06-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
NG WifiTransfer Pro 1.1 - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1260

Release Date:
=============
2014-04-28

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues 2014-06-03
advisories (advisories lsexperts de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=== LSE Leading Security Experts GmbH - Security Advisory 2014-05-22 ===

F*EX (Frams' Fast File EXchange) - Multiple Issues
- - ---------------------------------------------------------------------

Affected Versions
=================
F*EX (Frams' Fast

[ more ]  [ reply ]
CVE-2013-6825 DCMTK Root Privilege escalation 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2013-6825 DCMTK Root Privilege escalation

About DCMTK:

DCMTK is a collection of libraries and applications implementing large parts
the DICOM standard. It includes software for examining, constructing and
converting DICOM image files, handling offline media, sending and receiving
images over a

[ more ]  [ reply ]
FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS) 2014-06-02
Robin Bailey (Robin Bailey dionach com)
Class Cross-Site Scripting
Remote Yes
Published 2nd June 2014
Credit Robin Bailey of Dionach (vulns (at) dionach (dot) com [email concealed])
Vulnerable FCKeditor <= 2.6.10

FCKeditor is prone to a reflected cross-site scripting (XSS) vulnerability due to inadequately sanitised user input. An attacker may leverage this issue

[ more ]  [ reply ]
VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own) 2014-06-02
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker"
Sandbox Bypass (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to c

[ more ]  [ reply ]
[FD] CVE-2013-6876 s3dvt Root shell 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2013-6876 s3dvt Root shell

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain
a root shell.

Details, patches, discussion and strategy to exploit at:

[ more ]  [ reply ]
ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability 2014-06-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2014-032

CVE Identifier: CVE-2014-2502

Severity Rating: CVSS Score ? 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA

[ more ]  [ reply ]
CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2843
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulne

[ more ]  [ reply ]
CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2233
===================
"Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulnerability

[ more ]  [ reply ]
CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2232
===================
"Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulnerability affe

[ more ]  [ reply ]
CVE-2014-1226 s3dvt Root shell (still) 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2014-1226 s3dvt Root shell (still)

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

The s3dvt developers forgot to review all the code. There is still a
vulnerable function as in the previous CVE-2013-6825. At the date

[ more ]  [ reply ]
[SECURITY] [DSA 2942-1] typo3-src security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2942-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Jun 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2944-1] gnutls26 security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2944-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2014

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2014-152-01) 2014-06-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2014-152-01)

New mariadb packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-

[ more ]  [ reply ]
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress 2014-06-01
Yarubo Internet Security Scan (no-reply yarubo com)
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
=========================================================

Program: Participants Database <= 1.5.4.8
Severity: Unauthenticated attacker can fully compromise the Wordpress
installation
Permalink: http://www.yarubo.com/advisorie

[ more ]  [ reply ]
[SECURITY] [DSA 2941-1] lxml security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2941-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Jun 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2943-1] php5 security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2943-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2939-1] chromium-browser security update 2014-05-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2939-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
May 31, 2014

[ more ]  [ reply ]
(Page 10 of 1546)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus