BugTraq Mode:
(Page 3 of 1547)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Multiple Vulnerabilities in Parallels® Plesk Sitebuilder 2014-07-23
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
# Author : alieye
# vendor : http://www.parallels.com/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# inurl::2006/Sites ext:aspx
# inurl::20

[ more ]  [ reply ]
[SECURITY] [DSA 2985-1] mysql-5.5 security update 2014-07-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2985-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 22, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2984-1] acpi-support security update 2014-07-22
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2984-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
July 22, 2014

[ more ]  [ reply ]
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability 2014-07-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1101

Barracuda Networks Security ID (BNSEC): BNSEC-2361
http://www.barracuda.com

[ more ]  [ reply ]
[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information 2014-07-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04370307

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04370307
Version: 1

HPSBMU03071 re

[ more ]  [ reply ]
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability 2014-07-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=890

Barracuda Networks Security ID (BNSEC): BNSEC-1176
https://www.barracud

[ more ]  [ reply ]
Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 2014-07-22
audit1 a2secure com
We discovered a vulnerability in the Symantec Endpoint Protection Manager web application.

Vulnerability Type: Login Bruteforce

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov (at) a2secure (dot) com [email concealed]
Sisco Barrera sbarrera (at) a2secure (dot) com [email concealed]
Andrea Bodei abo

[ more ]  [ reply ]
Cross-site Scripting in EventLog Analyzer 9.0 build #9000 2014-07-22
audit1 a2secure com
We discovered a vulnerability in the EventLog Analyzer web application.

Vulnerability Type: Cross-site Scripting

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov (at) a2secure (dot) com [email concealed]
Sisco Barrera sbarrera (at) a2secure (dot) com [email concealed]
Andrea Bodei abodei (at) a2secure (dot) co [email concealed]

[ more ]  [ reply ]
[oCERT-2014-004] Ansible input sanitization errors 2014-07-22
Andrea Barisani (lcars ocert org)

#2014-004 Ansible input sanitization errors

Description:

The Ansible project is an open source configuration management platform.

The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an attacker is
able to control ce

[ more ]  [ reply ]
Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin 2014-07-21
president isaca ie
ISACA Ireland is seeking innovated session proposals that will engage an audience of information security, assurance. audit, privacy, governance, risk and compliance professionals. Speakers should offer real-world examples, ?war stories?, case studies, successes and failures, examples of actual tool

[ more ]  [ reply ]
[SECURITY] [DSA 2983-1] drupal7 security update 2014-07-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2983-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014

[ more ]  [ reply ]
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation 2014-07-18
KoreLogic Disclosures (disclosures korelogic com)
Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Ac

[ more ]  [ reply ]
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation 2014-07-18
KoreLogic Disclosures (disclosures korelogic com)
Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Blu

[ more ]  [ reply ]
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update 2014-07-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2982-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014

[ more ]  [ reply ]
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. 2014-07-18
Jordan Sissel (jordan sissel elasticsearch com)
Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments

[ more ]  [ reply ]
[SECURITY] [DSA 2981-1] polarssl security update 2014-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2981-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014

[ more ]  [ reply ]
CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure 2014-07-18
i amroot (i amroot com)
Product: Nessus
Vendor: Tenable Network Securityâ??
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampe

[ more ]  [ reply ]
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability 2014-07-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability

EMC Identifier: ESA-2014-074

CVE Identifier: CVE-2014-2519

Severity Rating: CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)

Affected products:

? EMC R

[ more ]  [ reply ]
Microsoft MSN HBE - Blind SQL Injection Vulnerability 2014-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft MSN HBE - Blind SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1183

Video: http://www.vulnerability-lab.com/get_content.php?id=1282

Vulnerability Magazine: http://vulnerability-db

[ more ]  [ reply ]
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703) 2014-07-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=751

https://www.barracuda.com/support/knowledgebase/501600000013lXe
Barracuda Networks

[ more ]  [ reply ]
[SECURITY] [DSA 2980-1] openjdk-6 security update 2014-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2980-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2979-1] fail2ban security update 2014-07-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2979-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
July 17, 2014

[ more ]  [ reply ]
Ignore the amount customers confirm is no security vulnerability according to PayPal 2014-07-17
Jan Kechel (jan kechel de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

**********************
Title:
**********************
Transfer any amount regardless of what customer confirmed

**********************
Short description:
**********************
In PayPal Express Checkout the Online-Shop can transfer
any amount, no

[ more ]  [ reply ]
IP.Board 3.4 cross-site scripting in Referer header 2014-07-16
stormhacker hotmail com
+--------------------------------------------------------------------
+
+ IP.Board 3.4 cross-site scripting in Referer header
+
+--------------------------------------------------------------------
+ vendor site........: http://www.invisionpower.com
+ Affected Software .: IP.Board 3.4
+ Class ......

[ more ]  [ reply ]
[SECURITY] [DSA 2765-2] davfs regression update 2014-07-16
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2765-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
July 16, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability 2014-07-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

Advisory ID: ciscosa-20140716-cm

Revision 1.0

For Public Release 2014 July 16 16:00 UTC (GMT)

Summary

A vulnerability in the web server used in multiple Cisco Wireless Residen

[ more ]  [ reply ]
[HITB-Announce] REMINDER: #HITB2014KUL CFP Deadline: 1st August 2014-07-17
Hafez Kamal (aphesz hackinthebox org)
The deadline to submit your papers for the LAST AND FINAL HITB
Security Conference in Malaysia is just around the corner!

HITBSecConf2014 - Malaysia takes place at Intercontinental Kuala Lumpur
from October 13th - 16th (13th / 14th = training // 15th / 16th =
conference)

http://conference.hitb.org

[ more ]  [ reply ]
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone 2014-07-16
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140716-3 >
=======================================================================
title: Multiple critical vulnerabilities
product: Bitdefender GravityZone
vulnerable versio

[ more ]  [ reply ]
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway 2014-07-16
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140716-2 >
=======================================================================
title: Multiple vulnerabilities
product: Citrix NetScaler Application Delivery Controller

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in e107 2014-07-16
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23220
Product: e107
Vendor: e107
Vulnerable Version(s): 2.0 alpha2 and probably prior
Tested Version: 2.0 alpha2
Advisory Publication: June 18, 2014 [without technical details]
Vendor Notification: June 18, 2014
Vendor Patch: June 27, 2014
Public Disclosure: July 16, 2014
Vulner

[ more ]  [ reply ]
(Page 3 of 1547)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus