BugTraq Mode:
(Page 1 of 1556)  1 2 3 4 5 6 7 8 9 10 11  Next >
TP-LINK WDR4300 - Stored XSS & DoS 2014-09-21
ozelisyan gmail com
Advisory Information
===============

Vendors Contacted: TP-LINK
Vendor Patched: Yes, Firmware 140916
System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.
Versions Affected: 130617 , possibly earlier
CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728

Vulnerab

[ more ]  [ reply ]
Strength and Weakness of Methods to Confirm SSH Host Key 2014-09-22
John Leo (johnleo checkssh com)
Monkeysphere
(advice from maxigas)
"verify your SSH key through the OpenPGP web of trust"
Strength: OpenPGP is cool if you REALLY know how to use it.
Weakness: "vote counting scheme" does not sound too cool.

"use of an organization's own HTTPS site"
(advice from Stephanie Daugherty)
In my personal

[ more ]  [ reply ]
[SECURITY] [DSA 3030-1] mantis security update 2014-09-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3030-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 20, 2014

[ more ]  [ reply ]
CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product 2014-09-20
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-5516
===================
"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability
in "KonaKart Storefront Application" Enterprise Java eCommerce product

Vendor
===================
DS Data Systems (UK) Ltd.

Product
===

[ more ]  [ reply ]
[SECURITY] [DSA 3029-1] nginx security update 2014-09-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3029-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
September 20, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3025-2] apt regression update 2014-09-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3025-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
September 18, 2014

[ more ]  [ reply ]
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations 2014-09-18
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2014-010

Product Asterisk
Summary Remote crash when handling out of call message in
certain dialplan configurations

[ more ]  [ reply ]
AST-2014-009: Remote crash based on malformed SIP subscription requests 2014-09-18
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2014-009

Product Asterisk
Summary Remote crash based on malformed SIP subscription
requests

[ more ]  [ reply ]
CVE ID Syntax Change - Deadline Approaching 2014-09-18
Christey, Steven M. (coley mitre org)

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as

[ more ]  [ reply ]
Oracle Corporation MyOracle - Persistent Vulnerability 2014-09-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin (at) vulnerability-lab (dot) com- [email concealed]001:2014

http://vulnerability-db.com/magazi

[ more ]  [ reply ]
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw 2014-09-18
VSR Advisories (advisories vsecurity com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=

Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Fla

[ more ]  [ reply ]
APPLE-SA-2014-09-17-6 OS X Server 2.2.3 2014-09-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description:

[ more ]  [ reply ]
APPLE-SA-2014-09-17-5 OS X Server 3.2.1 2014-09-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

OS X Server 3.2.1 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Descripti

[ more ]  [ reply ]
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 2014-09-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:

apache_mod_php
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vul

[ more ]  [ reply ]
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1 2014-09-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Safari 6.2 and Safari 7.1 are now available and address the
following:

Safari
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker with a privileged network position ma

[ more ]  [ reply ]
CVE ID Syntax Change - Deadline Approaching 2014-09-17
Christey, Steven M. (coley mitre org)

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as

[ more ]  [ reply ]
APPLE-SA-2014-09-17-7 Xcode 6.0.1 2014-09-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-7 Xcode 6.0.1

Xcode 6.0.1 is now available and addresses the following:

subversion
Available for: OS X Mavericks v10.9.4 or later
Impact: A malicious attacker may be able to cause Subversion
to terminate unexpectedly
Description:

[ more ]  [ reply ]
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw 2014-09-18
VSR Advisories (advisories vsecurity com)
hope that it will help promote public safety. This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose. Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequentia

[ more ]  [ reply ]
[SECURITY] [DSA 3028-1] icedove security update 2014-09-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3028-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3027-1] libav security update 2014-09-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3027-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014

[ more ]  [ reply ]
APPLE-SA-2014-09-17-2 Apple TV 7 2014-09-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-2 Apple TV 7

Apple TV 7 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a W

[ more ]  [ reply ]
APPLE-SA-2014-09-17-1 iOS 8 2014-09-17
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-09-17-1 iOS 8

iOS 8 is now available and addresses the following:

802.1X
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker can obtain WiFi credentials
Description: An attac

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in MODX Revolution 2014-09-17
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23229
Product: MODX Revolution
Vendor: MODX
Vulnerable Version(s): 2.3.1-pl and probably prior
Tested Version: 2.3.1-pl
Advisory Publication: August 20, 2014 [without technical details]
Vendor Notification: August 20, 2014
Vendor Patch: September 11, 2014
Public Disclosure: Septe

[ more ]  [ reply ]
Path Traversal in webEdition 2014-09-17
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23227
Product: webEdition
Vendor: webEdition e.V.
Vulnerable Version(s): 6.3.8.0 (SVN-Revision: 6985) and probably prior
Tested Version: 6.3.8.0 (SVN-Revision: 6985)
Advisory Publication: August 6, 2014 [without technical details]
Vendor Notification: August 6, 2014
Vendor Patch

[ more ]  [ reply ]
MIUI Torch Open Vulnerability 2014-09-17
vuln nipc org cn
MIUI Torch Open Vulnerability
I. Summary
com.android.systemui is the corresponding package of MiuiSystemUI.apk, a MIUI system application that manages user

interface and other functions. When started by NFC tag, the torch in NFC mobile phone will be open automatically.
------------------------

[ more ]  [ reply ]
MIUI Wifi Connection Message Vulnerability 2014-09-17
vuln nipc org cn
MIUI Wifi Connection Message Vulnerability

I. Summary
Wifi Connection Message is written to a NFC tag, which can be touched by a NFC mobile phone for connecting wireless AP

automatically. A logic flaw has been found in MIUI that is a Android ROM. The flaw can be used to turn on wifi, with the

h

[ more ]  [ reply ]
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC) 2014-09-17
vuln nipc org cn
I. Summary
Bluetooth Pairing Packet is written to a NFC tag, which can be touched by a NFC mobile phone for bluetooth pairing. A logic flaw has been found in some

versions of Andorid mobile phone. The flaw can cause NFC phones'bluetooth turned on, regardless of whether the pairing succeeds or not.

[ more ]  [ reply ]
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow 2014-09-16
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Delphi and C++ Builder VCL library Heap Buffer Overflow

1. *Advisory Information*

Title: Delphi and C++ Builder VCL library Heap Buffer Overflow
Advisory ID: CORE-2014-0006
Advisory URL:
http://www.coresecurity.com/advisories/del

[ more ]  [ reply ]
[SECURITY] [DSA 3026-1] dbus security update 2014-09-16
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3026-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
September 16, 2014

[ more ]  [ reply ]
(Page 1 of 1556)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus