BugTraq Mode:
(Page 5 of 1587)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBMU03224 rev.1 - HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows, Remote Elevation of Privilege 2015-02-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04526330

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04526330
Version: 1

HPSBMU03224 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information 2015-02-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04565855

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04565855
Version: 1

HPSBGN03253 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03235 SSRT101750 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-02-06
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04550240

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04550240
Version: 2

HPSBUX03235 SS

[ more ]  [ reply ]
[security bulletin] HPSBUX03166 SSRT101489 rev.2 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass 2015-02-06
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04511778

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04511778
Version: 2

HPSBUX03166 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3155-1] postgresql-9.1 security update 2015-02-06
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3155-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
February 06, 2015

[ more ]  [ reply ]
[ MDVSA-2015:037 ] vorbis-tools 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:037
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS) 2015-02-06
ayman abdelaziz helpag com
About the Product:
BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses.

Advisory Details:

During a Penetration testing, Help AG auditor (Ayman Abdelaziz) discovered the following:
1) Store

[ more ]  [ reply ]
[ MDVSA-2015:035 ] libvirt 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:035
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:036 ] python-django 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:036
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:034 ] jasper 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:034
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:033 ] java-1.7.0-openjdk 2015-02-06
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:033
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
LG On Screen Phone authentication bypass (CVE-2014-8757) 2015-02-06
Imre Rad (imre rad search-lab hu)
LG On Screen Phone authentication bypass vulnerability
------------------------------------------------------
SEARCH-LAB Ltd. discovered a serious security vulnerability in the On
Screen Phone protocol used by LG Smart Phones. A malicious attacker is
able to bypass the authentication phase of the ne

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-06
David Leo (david leo deusen co uk)
'could you share the contents of "1.php"?'
Sure:
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>

"I'm assuming it is a delayed re-direct to the target's domain?"
Exactly. :-)

"the cloudflare scripts"
It's been tested without them.

Kind Regards,

On 2015/2/6 2:31, Bar

[ more ]  [ reply ]
[SECURITY] [DSA 3154-1] ntp security update 2015-02-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3154-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 05, 2015

[ more ]  [ reply ]
[ MDVSA-2015:031 ] busybox 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:031
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:032 ] php 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:032
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability 2015-02-05
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability

EMC Identifier: EMC-2015-012

CVE Identifier: CVE-2015-0519

Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

? EMC Capt

[ more ]  [ reply ]
[ MDVSA-2015:029 ] binutils 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:029
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:030 ] bugzilla 2015-02-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:030
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
CVE-2015-1172 Wordpress-theme remote arbitrary code 2015-02-05
borg servernet se
Product: holding_pattern
Vendor: Liftux
Vulnerable Version(s): 0.6 and prior
Tested Version: 0.6
Advisory Publication: January 18, 2015
Vendor Notification: January 14, 2015
Public Disclosure: January 18, 2015
Vulnerability Type: Exec Code
Authentication: Not required to exploit
CVE Reference: CVE-2

[ more ]  [ reply ]
[SECURITY] [DSA 2978-2] libxml2 security update 2015-02-06
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2978-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 06, 2015

[ more ]  [ reply ]
[oCERT-2015-002] e2fsprogs input sanitization errors 2015-02-05
Andrea Barisani (lcars ocert org)

#2015-002 e2fsprogs input sanitization errors

Description:

The e2fsprogs package is a set of open source utilities for ext2, ext3 and
ext4 filesytems.

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor informati

[ more ]  [ reply ]
RE: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
Dimitris Strevinas (d strevinas obrela com)
Ben, we have reproduced the vulnerability in many occasion.
First of all, at least to steal the session it is no matter if
X-Frame-Option is set to deny/same-origin.
Secondly, we were able to easily bypass the alert popup. It is not needed if
you implement the "waiting" logic with a synchronous AJAX

[ more ]  [ reply ]
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" 2015-02-05
David Leo (david leo deusen co uk)
1.
"Spartan - vulnerable (Windows 10)"
http://www.deusen.co.uk/items/insider3show.3362009741042107/SpartanWin10
_screenshot.png
Thanks to Zaakiy Siddiqui!

2.
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Many asked for it.

3.
It's Universal XSS, as we tested:
Not onl

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
David Leo (david leo deusen co uk)
"is this entirely an IE flaw"
Yes.

"is it tied to the use of Cloudflare"
No.

"I tried to reproduce... was unsuccessful"
Likely, this detail is missing:
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Please tell us whether you reproduce(with the PHP code).

"am I corr

[ more ]  [ reply ]
Re: Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
kingkaustubh me com
Here is the exact conversation

ASUS CASEID=RTM20150115204498-295 Please click here if you wish to reply this mail!

Dear Kaustubh,

Thank you for the information, we really appreciate your feedback.

To improve our customers experience we have forwarded your information to related dept., the conc

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability 2015-02-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability

Advisory ID: cisco-sa-20150204-wbx

Revision 1.0
For Public Release 2015 February 4 16:00 UTC (GMT)

- ----------------------------------------------------------------

[ more ]  [ reply ]
Bitdefender Internet Security - 2015-02-04
jerold v00d00sec com
There seems to be some security issues with the way Bitdefender Internet Security 2015 software (Build 18.20.0.1429) interacts with its myBitdefender online portal.

Issues:

1) Possible partial information disclosure privacy issue of users' myBitdefender account credentials when using the SAFEGO fu

[ more ]  [ reply ]
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities 2015-02-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

EMC Identifier: ESA-2015-010

CVE Identifier: CVE-2015-0517, CVE-2015-0518

Affected products:

? EMC Documentum D2 3.1 and all patch versions

? EMC Documentum D2 3.1 SP1 and all patch

[ more ]  [ reply ]
(Page 5 of 1587)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus