BugTraq Mode:
(Page 12 of 1547)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress 2014-06-01
Yarubo Internet Security Scan (no-reply yarubo com)
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
=========================================================

Program: Participants Database <= 1.5.4.8
Severity: Unauthenticated attacker can fully compromise the Wordpress
installation
Permalink: http://www.yarubo.com/advisorie

[ more ]  [ reply ]
[SECURITY] [DSA 2941-1] lxml security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2941-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Jun 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2943-1] php5 security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2943-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2939-1] chromium-browser security update 2014-05-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2939-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
May 31, 2014

[ more ]  [ reply ]
Google Compute Engine Multiple DOS Vulnerabilities 2014-05-30
Scott T. Cameron (routehero gmail com)
Google Compute Engine VMs Multiple Remote Denial of Service Vulnerabilities
------------------------------------------------------------------------
----------------------------

Overview
------------

Google Compute Engine (GCE) is a "cloud"-based, virtualized
platform-as-a-service. Users may "rent

[ more ]  [ reply ]
Google Compute Engine - Lateral Compromise 2014-05-30
Scott T. Cameron (routehero gmail com)
A user who creates a GCE VM with compute-rw privileges, who
subsequently has that single VM compromised, can lead to a global
compromise of all VMs inside of the account.

VMs created in the web UI, by default, come with compute-rw privileges.

Googleâ??s account manager fetches ssh keys from the

[ more ]  [ reply ]
NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation 2014-05-30
\VMware Security Response Center\ (security vmware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
VMware Security Advisory

Advisory ID: VMSA-2014-0005
Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address
a guest privilege escalation
Issue date: 2014-05-2

[ more ]  [ reply ]
Mybb Sendthread Page Denial of Service Vulnerability 2014-05-29
iedb team gmail com
Denial of Service Vulnerability In Mybb 1.6.13 and old version

#!/usr/bin/perl
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
OpenCart 1.5.6.4 Directory Traversal Vulnerability 2014-05-29
iedb team gmail com
Directory Traversal Vulnerability In OpenCart 1.5.6.4 and old version

#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines 2014-05-28
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

for MANY years now Microsofts own documentation for CreateProcess*()
<http://msdn.microsoft.com/library/cc144175.aspx> resp.
<http://msdn.microsoft.com/library/cc144101.aspx> says:

| Note: If any element of the command string contains or might contain

[ more ]  [ reply ]
[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: SQL Injection in webEdition CMS File Browser

RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for examp

[ more ]  [ reply ]
[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in webEdition CMS Installer Script

RedTeam Pentesting discovered a remote command execution vulnerability
in the installer script of the webEdition CMS during a penetration test.
If the installer script is not manually removed after installation,
attackers cannot

[ more ]  [ reply ]
Multiple vulnerabilities in Sharetronix 2014-05-28
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23214
Product: Sharetronix
Vendor: Blogtronix, LLC
Vulnerable Version(s): 3.3 and probably prior
Tested Version: 3.3
Advisory Publication: May 7, 2014 [without technical details]
Vendor Notification: May 7, 2014
Vendor Patch: May 27, 2014
Public Disclosure: May 28, 2014
Vulnerab

[ more ]  [ reply ]
SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress 2014-05-28
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140528-0 >
=======================================================================
title: Root Backdoor & Unauthenticated access to voice recordings
product: NICE Recording eX

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability 2014-05-28
LSE Leading Security Experts GmbH \(Security Advisories\) (advisories lsexperts de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 ===

Check_MK - Arbitrary File Disclosure Vulnerability
- --------------------------------------------------

Affected Versions
=================
Linux versions of Check_MK equal

[ more ]  [ reply ]
[SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2938-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2937-1] mod-wsgi security update 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2937-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0119 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.5
- Apache Tomcat 7.0.0 to 7.0.53
- Apache Tomcat 6.0.0 to 6.0.39

Description:
In limited circumstances it was possible for a malicious web applicat

[ more ]  [ reply ]
CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages 2014-05-27
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Unauthenticated Backup and Password Disclosure in
HandsomeWeb SOS Webpages
CVE: CVE-2014-3445
Vendor: HandsomeWeb
Product: SOS Webpages
Affected version: 1.1.11 and earlier
Fixed version: 1.1.12
Reported by: Freakyclown

Details:

The default setup allows an unauthenticated user

[ more ]  [ reply ]
[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org) (1 replies)
CVE-2014-0097 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The code used to parse the request content length header did not chec

[ more ]  [ reply ]
[SECURITY] CVE-2014-0095 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0095 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC2 to 8.0.3

Description:
A regression was introduced in revision 1519838 that caused AJP
requests to hang if an explicit content length of zero was set on the
req

[ more ]  [ reply ]
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0096 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The default servlet allows web applications to define (at multiple
le

[ more ]  [ reply ]
[SECURITY] CVE-2014-0075 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0075 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
It was possible to craft a malformed chunk size as part of a chucked
reque

[ more ]  [ reply ]
call for papers- £Ã£Ó£Ó£Å£²£°£±£´ 2014-05-27
cfp-conf2014.org (cfp-conf2014 org securityfocus com)
Announcement for CSSE2014£ºComputer Science and Software Engineering Related Field International Academic Conference

Welcome to submit papers to CSSE2014
Computer Science and Software Engineering
Hangzhou, China, 2014/10/18, 19

All accepted papers will be published by All accepted
papers will be p

[ more ]  [ reply ]
[security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code 2014-05-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04311273

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04311273
Version: 1

HPSBGN03041 re

[ more ]  [ reply ]
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) 2014-05-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap
Overflow (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to create,

[ more ]  [ reply ]
[security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS) 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04084148

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04084148
Version: 3

HPSBUX02960 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04249113

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04249113
Version: 3

HPSBMU03009 re

[ more ]  [ reply ]
ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities 2014-05-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-021

CVE Identifier: CVE-2014-0639

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products:

RSA Archer ver

[ more ]  [ reply ]
(Page 12 of 1547)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus