BugTraq Mode:
(Page 3 of 1545)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Weak Local Database Credentials in Infoblox Network Automation 2014-07-09
nate depthsecurity com
Product: Network Automation
? NetMRI
? Switch Port Manager
? Automation Change Manager
? Security Device Controller

Vendor: InfoBlox
Vulnerable Version(s): 6.4.X.X-6.8.4.X
Tested Version: 6.8.2.11

Vendor Notification: May 12th, 2014
Public Disclosure: July 9th, 2014

Vulnerability Type: OS Comma

[ more ]  [ reply ]
OS Command Injection Infoblox Network Automation 2014-07-09
nate depthsecurity com
Product: Network Automation, licensed as:
? NetMRI
? Switch Port Manager
? Automation Change Manager
? Security Device Controller

Vendor: Infoblox
Vulnerable Version(s): 6.4.X.X-6.8.4.X
Tested Version: 6.8.2.11

Vendor Notification: May 12th, 2014
Vendor Patch Avail

[ more ]  [ reply ]
[ MDVSA-2014:132 ] libxfont 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:132
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:131 ] file 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:131
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:129 ] ffmpeg 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:129
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:130 ] php 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:130
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:128 ] iodine 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:128
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:127 ] gnupg 2014-07-09
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:127
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Android NFC Service Denial of Service 2014-07-09
vuln nipc org cn
Android NFC Service Denial of Service

------------------------------------------------------------------
I. Summary

NFC Service is a process of Android OS for providing access to NFC functionality, allowing

applications to read NDEF message in NFC tags. A flaw has beend found in NFC Service impl

[ more ]  [ reply ]
CVE-2014-4331 OctavoCMS reflected XSS vulnerability 2014-07-09
andreu antonio gmail com
This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter.

Current release on their demo site is vulnerable, same as other few sites I could find.

PoC: http://demo.octavocms.com/admin/viewer.php?src=%22%3E%3C/img%3E%3Ch2%3ET
his%20is%20a

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager 2014-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID: cisco-sa-20140702-cucdm

Revision 2.0

Last Updated 2014 July 8 21:14 UTC (GMT)

For Public Release 2014 July 2 16:00 UTC (GMT)

Summary
=======

Cisco Unified Comm

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:17.kmem 2014-07-08
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:17.kmem Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 2974-1] php5 security update 2014-07-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2974-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information 2014-07-08
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04363613

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04363613
Version: 1

HPSBMU03065 re

[ more ]  [ reply ]
[ MDVSA-2014:126 ] phpmyadmin 2014-07-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:126
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX 2014-07-08
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Runtime Linker Allows Privilege Escalation Via
Arbitrary File Writes in IBM AIX
CVE: CVE-2014-3074
Vendor: IBM
Product: AIX
Affected version: AIX 6.1 and 7.1 and VIOS 2.2.*
Reported by: Tim Brown

Details:
It has been identified that the runtime linker allows privilege
escalatio

[ more ]  [ reply ]
Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit 2014-07-08
Sumit Siddharth (sid notsosecure com)
A small blog on how a web based SQLi can be abused to obtain privilege
escalation and ultimately remote code execution against Oracle Database:

http://www.notsosecure.com/blog/2014/07/08/abusing-oracles-create-databa
se-l
ink-privilege-for-fun-and-profit/

Thanks
Sid

Founder/Director
NotSoSecure

[ more ]  [ reply ]
[security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access 2014-07-08
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04343424

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04343424
Version: 1

HPSBGN03050 re

[ more ]  [ reply ]
[SECURITY] [DSA 2973-1] vlc security update 2014-07-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2973-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 07, 2014

[ more ]  [ reply ]
ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability 2014-07-07
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability

EMC Identifier: ESA-2014-057

CVE Identifier: CVE-2014-2510

Severity Rating: CVSS v2 Base Score: 8 (AV:N/AC:L/Au:S/C:C/I:P/A:P)

Affected products:

[ more ]  [ reply ]
ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities 2014-07-07
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities

EMC Identifier: ESA-2014-064

CVE Identifier: CVE-2014-2513, CVE-2014-2514

Severity Rating: CVSS v2 Base Score: Refer below for scores for each CVE.

Affecte

[ more ]  [ reply ]
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1277

Release Date:
=============
2014-07-04

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
[SECURITY] CVE-2014-3503 Apache Syncope 2014-07-07
Francesco Chicchiriccò (ilgrosso apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3503: Insecure Random implementations used to generate passwords in
Apache Syncope

Severity: Major

Vendor: The Apache Software Foundation

Versions Affected:

This vulnerability affects all versions of Apache Syncope 1.1.x prior to
1.1.8

[ more ]  [ reply ]
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Yahoo! Bug Bounty #25 Flickr API - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1132

Release Date:
=============
2014-07-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability 2014-07-07
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1050

PayPal Security UID: Pq115cey

Release Date:
=============
2014

[ more ]  [ reply ]
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1278

PayPal Inc Security UID: cDc49dT

Release Date:
=============
2014-06-04

Vulnerability Laboratory

[ more ]  [ reply ]
Backdoor access to Techboard/Syac devices 2014-07-07
roberto paleari emaze net
[ADVISORY INFORMATION]
Title: Backdoor access to Techboard/Syac devices
Discovery date: 02/04/2014
Release date: 07/07/2014
Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html
Credits: Roberto Paleari (@rpaleari),
Luca Giancane (luca.giancane (at) emaze (dot) net [email concealed])

[VULNERABILITY IN

[ more ]  [ reply ]
{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities. 2014-07-07
Madhu Akula (madhu akula hotmail com)


# Title: Multiple Stored Cross Site Scripting Vulnerabilities
# Author: Madhu Akula
# Vendor Homepage: http://www.ocsinventory-ng.org/en/
# Software Link: http://www.ocsinventory-ng.org/en/download/
# Tested on: Chrome, Mozilla

Reporter Name : Madhu Akula

Product : OCS-Inventory NG

Version :

[ more ]  [ reply ]
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries 2014-07-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Apples current iTunes 11.2.2 for Windows comes with the following
COMPLETELY outdated and vulnerable 3rd party libraries (as part of
AppleApplicationSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!
the current versio

[ more ]  [ reply ]
CVE-2014-3863 - Stored XSS in JChatSocial 2014-07-07
Teodor Lupan (teodor lupan safetech ro)
CVE-2014-3863
===================
"Stored Cross-Site Scripting (XSS)" (CWE-79) vulnerability in
"JChatSocial" Joomla extension.

Vendor
===================
Joomla! Extensions Store

Product
===================
JChatSocial: the Joomla live chat
"JChatSocial is a powerful chat system for Joomla with a

[ more ]  [ reply ]
(Page 3 of 1545)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus