BugTraq Mode:
(Page 4 of 1565)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) 2014-10-17
simo morxploit com
Title: Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: September 1 2014
Published: October 17 2014
MorXploit Research
http://www.MorXploit.com
Software: Elastix
Version: Elastix 2.4.0 Stable
Vendor url: http:/

[ more ]  [ reply ]
APPLE-SA-2014-10-16-5 OS X Server v2.2.5 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-5 OS X Server v2.2.5

OS X Server v2.2.5 is now available and addresses the following:

Server
Available for: OS X Mountain Lion v10.8.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known

[ more ]  [ reply ]
APPLE-SA-2014-10-16-4 OS X Server v3.2.2 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server
Available for: OS X Mavericks v10.9.5 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are

[ more ]  [ reply ]
APPLE-SA-2014-10-16-6 iTunes 12.0.1 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-6 iTunes 12.0.1

iTunes 12.0.1 is now available and addresses the following:

iTunes
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead

[ more ]  [ reply ]
APPLE-SA-2014-10-16-3 OS X Server v4.0 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-3 OS X Server v4.0

OS X Server v4.0 is now available and addresses the following:

BIND
Available for: OS X Yosemite v10.10 or later
Impact: Multiple vulnerabilities in BIND, the most serious of which
may lead to a denial of servi

[ more ]  [ reply ]
APPLE-SA-2014-10-16-2 Security Update 2014-005 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-2 Security Update 2014-005

Security Update 2014-005 is now available and addresses the
following:

Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker may be able to decrypt data

[ more ]  [ reply ]
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 2014-10-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

OS X Yosemite v10.10 is now available and addresses the following:

802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to aut

[ more ]  [ reply ]
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 2014-10-16
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

1. **Advisory Information**

Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service
Vulnerability
Advisory ID: CORE-2014-0007
Advisory URL: ht

[ more ]  [ reply ]
[SECURITY] [DSA 3053-1] openssl security update 2014-10-16
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3053-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
October 16, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability 2014-10-16
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20120126-ironport

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20120126-ironport

Revision 2.0

Last U

[ more ]  [ reply ]
[SECURITY] [DSA 3052-1] wpa security update 2014-10-16
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3052-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
October 15, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS) 2014-10-15
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472444
Version: 1

HPSBMU03126 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution 2014-10-15
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471538
Version: 1

HPSBHF03125 re

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2014-288-01) 2014-10-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2014-288-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
Bypassing blacklists based on IPy 2014-10-15
Nicolas Grégoire (nicolas gregoire agarri fr)

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses
and networks" (https://github.com/haypo/python-ipy). This library is
sometimes used to implement blacklists forbidding internal, private or
loopback addresses.

Using octal encoding (supported by urllib2), it is possible to by

[ more ]  [ reply ]
[SECURITY] [DSA 3051-1] drupal7 security update 2014-10-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3051-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014

[ more ]  [ reply ]
Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability 2014-10-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Advisory ID: cisco-sa-20141015-poodle

Revision 1.0

For Public Release 2014 October 15 17:30 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability 2014-10-15
Stefan Horst (stefan horst sektioneins de)
SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Applic

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software 2014-10-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Advisory ID: cisco-sa-20141015-vcs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20141015-

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability 2014-10-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

Advisory ID: cisco-sa-20141015-mcu

Revision 1.0

For Public Release 2014 October 15 16:00 UTC (GMT)

+-----------------------------------------------------------

[ more ]  [ reply ]
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces 2014-10-15
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20141015-0 >
=======================================================================
title: Potential Cross-Site Scripting
product: ADF Faces
vulnerable version: 12.1.2.0

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin 2014-10-15
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: October 2, 2014
Public

[ more ]  [ reply ]
Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin 2014-10-15
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: September 29, 2

[ more ]  [ reply ]
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability 2014-10-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1129

PayPal Security UID: TM13a2uL

Release Date:
=============
2014-10-14

Vulnerabilit

[ more ]  [ reply ]
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities 2014-10-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1303

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability 2014-10-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=940
http://www.vulnerability-lab.com/get_content.php?id=1274

Release Date:
=============
2014-10-02

Vulnerabil

[ more ]  [ reply ]
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability 2014-10-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=983

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
[SECURITY] [DSA 3049-1] wireshark security update 2014-10-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3049-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2014

[ more ]  [ reply ]
[SE-2014-01] Breaking Oracle Database through Java exploits (details) 2014-10-14
Security Explorations (contact security-explorations com)

Hello All,

Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.

We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for g

[ more ]  [ reply ]
(Page 4 of 1565)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus