BugTraq Mode:
(Page 11 of 1552)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
Backdoor access to Techboard/Syac devices 2014-07-07
roberto paleari emaze net
[ADVISORY INFORMATION]
Title: Backdoor access to Techboard/Syac devices
Discovery date: 02/04/2014
Release date: 07/07/2014
Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html
Credits: Roberto Paleari (@rpaleari),
Luca Giancane (luca.giancane (at) emaze (dot) net [email concealed])

[VULNERABILITY IN

[ more ]  [ reply ]
{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities. 2014-07-07
Madhu Akula (madhu akula hotmail com)


# Title: Multiple Stored Cross Site Scripting Vulnerabilities
# Author: Madhu Akula
# Vendor Homepage: http://www.ocsinventory-ng.org/en/
# Software Link: http://www.ocsinventory-ng.org/en/download/
# Tested on: Chrome, Mozilla

Reporter Name : Madhu Akula

Product : OCS-Inventory NG

Version :

[ more ]  [ reply ]
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries 2014-07-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Apples current iTunes 11.2.2 for Windows comes with the following
COMPLETELY outdated and vulnerable 3rd party libraries (as part of
AppleApplicationSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!
the current versio

[ more ]  [ reply ]
CVE-2014-3863 - Stored XSS in JChatSocial 2014-07-07
Teodor Lupan (teodor lupan safetech ro)
CVE-2014-3863
===================
"Stored Cross-Site Scripting (XSS)" (CWE-79) vulnerability in
"JChatSocial" Joomla extension.

Vendor
===================
Joomla! Extensions Store

Product
===================
JChatSocial: the Joomla live chat
"JChatSocial is a powerful chat system for Joomla with a

[ more ]  [ reply ]
Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100) 2014-07-07
a blas actisec com
Hi,

We have just released an App to check if your device is affected by this bug:

https://play.google.com/store/apps/details?id=com.actisec.keystorescanne
r

Thanks.
Arturo

[ more ]  [ reply ]
[SECURITY] [DSA 2972-1] linux security update 2014-07-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2972-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 06, 2014

[ more ]  [ reply ]
Lime Survey 2-05+ Multiple Vulnerabilities 2014-07-06
g-damore outlook com
Lime Survey Multiple Vulnerabilities
=======================================================================

[ADVISORY INFORMATION]
Title: Lime Survey Multiple Vulnerabilities
Discovery date: 02/07/2014
Release date: 03/07/2014
Vendor Homepage: www.limesurvey.org
Version: Lime Survey 2.0

[ more ]  [ reply ]
[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information 2014-07-03
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04345210

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04345210
Version: 2

HPSBMU03051 r

[ more ]  [ reply ]
POC2014 Call for Paper 2014-07-03
pocadm gmail com
The 9th international hacking and security conference "POC2014? will be held
in Seoul, Korea on November 6 ~ 7.
POC is one of the very small number of best technical ?hacking? conferences.
POC always tries to to show real hacking and security, because POC believes
that showing talks much more than

[ more ]  [ reply ]
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04355129

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04355129
Version: 1

HPSBMU03059 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04357076

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04357076
Version: 1

HPSBMU03064 re

[ more ]  [ reply ]
[SECURITY] [DSA 2971-1] dbus security update 2014-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2971-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager 2014-07-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID: cisco-sa-20140702-cucdm

Revision 1.0

For Public Release 2014 July 2 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary

[ more ]  [ reply ]
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04349175

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04349175
Version: 1

HPSBMU03055 r

[ more ]  [ reply ]
Cross-Site Request Forgery (CSRF) in Kanboard 2014-07-02
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23217
Product: Kanboard
Vendor: http://kanboard.net/
Vulnerable Version(s): 1.0.5 and probably prior
Tested Version: 1.0.5
Advisory Publication: May 28, 2014 [without technical details]
Vendor Notification: May 28, 2014
Vendor Patch: June 30, 2014
Public Disclosure: July 2, 2014

[ more ]  [ reply ]
CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" 2014-07-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3149
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "Invision Power IP.Board" product

Vendor
===================
Invision Power Services Inc.

Product
===================
IP.Board
"IP.Board is the lead

[ more ]  [ reply ]
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom 2014-07-01
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory 20140701-0
=======================================================================
title: Stored cross-site scripting vulnerabilities
product: EMC Documentum eRoom
vulnerable ver

[ more ]  [ reply ]
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection 2014-06-30
info fereidani com
Document Title:
======================
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection

Primary Informations:
======================

Product Name: Kerio Control
Software Description: Kerio Control brings together multiple capabilities
including a network firewall and router, intrusion d

[ more ]  [ reply ]
ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities 2014-06-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-060

CVE Identifier: CVE-2014-2512

Severity Rating: CVSS v2 Base Score: 8 (AV:N/AC:L/Au:S/C:C/I:P/A:P)

Affected products:

? EMC Doc

[ more ]  [ reply ]
APPLE-SA-2014-06-30-4 Apple TV 6.1.2 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-4 Apple TV 6.1.2

Apple TV 6.1.2 is now available and addresses the following:

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An application could cause the device to unexpectedly
restart
Description: A null po

[ more ]  [ reply ]
APPLE-SA-2014-06-30-3 iOS 7.1.2 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-3 iOS 7.1.2

iOS 7.1.2 is now available and addresses the following:

Certificate Trust Policy
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust polic

[ more ]  [ reply ]
[security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information 2014-06-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260637

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260637
Version: 4

HPSBST03000 re

[ more ]  [ reply ]
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update
2014-003

OS X Mavericks 10.9.4 and Security Update 2014-003 are now available
and address the following:

Certificate Trust Policy
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7

[ more ]  [ reply ]
APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5

Safari 6.1.5 and Safari 7.0.5 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impac

[ more ]  [ reply ]
SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS 2014-06-30
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140630-0 >
=======================================================================
title: Multiple severe vulnerabilities
product: IBM Algorithmics RICOS
vulnerable version:

[ more ]  [ reply ]
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities 2014-06-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-046

CVE Identifier: CVE-2014-2506, CVE-2014-2507, CVE-2014-2508

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected p

[ more ]  [ reply ]
ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability 2014-06-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-055: EMC Network Configuration Manager (NCM) Session Fixation Vulnerability

EMC Identifier: ESA-2014-055

CVE Identifier: CVE-2014-2509

Severity Rating: CVSS v2 Base Score: 6.9 (AV:A/AC:M/Au:N/C:C/I:P/A:P)

Affected products:

? E

[ more ]  [ reply ]
[SECURITY] [DSA 2970-1] cacti security update 2014-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2970-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2969-1] libemail-address-perl security update 2014-06-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2969-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
June 27, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information 2014-06-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04349789

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04349789
Version: 1

HPSBMU03056 r

[ more ]  [ reply ]
(Page 11 of 1552)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus