BugTraq Mode:
(Page 5 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ MDVSA-2015:008 ] pwgen 2015-01-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:008
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:007 ] unrtf 2015-01-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:007
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:006 ] mediawiki 2015-01-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:006
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2015-01-06
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468121

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468121
Version: 3

HPSBMU03118 r

[ more ]  [ reply ]
[SECURITY] [DSA 3120-1] mantis security update 2015-01-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3120-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 06, 2015

[ more ]  [ reply ]
Brother MFC Administration Reflected Cross-Site Scripting 2015-01-07
vulns dionach com
Class Cross-Site Scripting
Remote Yes
Disclosed 9th October 2014
Published 7th January 2015
Credit Dave Daly of Dionach (vulns (at) dionach (dot) com [email concealed])
Confirmed Vulnerable Brother MFC-J4410DW with F/W Versions J and K

The printer administration web application on Brother MFC-J4410DW model printers with firmwa

[ more ]  [ reply ]
Self-XSS in Microsoft Dynamics CRM 2013 SP1 2015-01-07
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23245
Product: Microsoft Dynamics CRM 2013 SP1
Vendor: Microsoft Corporation
Vulnerable Version(s): (6.1.1.132) (DB 6.1.1.132) and probably prior
Tested Version: (6.1.1.132) (DB 6.1.1.132)
Advisory Publication: December 29, 2014 [without technical details]
Vendor Notification: Dece

[ more ]  [ reply ]
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities 2015-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1392

Release Date:
=============
2015-01-06

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[ MDVSA-2015:005 ] subversion 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:005
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities

EMC Identifier: ESA-2014-180

CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639

Severity Rating: See below for individual scores f

[ more ]  [ reply ]
[SECURITY] [DSA 3119-1] libevent security update 2015-01-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3119-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 06, 2015

[ more ]  [ reply ]
[ MDVSA-2015:001 ] c-icap 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:001
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:002 ] pcre 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:002
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Open-Xchange Security Advisory 2015-01-05 2015-01-05
Martin Heiland (martin heiland open-xchange com)
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35512 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.6.1 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version

[ more ]  [ reply ]
[SECURITY] [DSA 3118-1] strongswan security update 2015-01-05
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3118-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
January 05, 2015

[ more ]  [ reply ]
[ MDVSA-2015:003 ] ntp 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:003
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:004 ] php 2015-01-05
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:004
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 11 of the ManageOwnage series. For previous parts, see [1].

This time we have two remote code execution via file upload (and
directory traversal) on several ManageEngine products - Service Desk
Plus, Asset Explorer, Support Center and IT360.

The first vulnerability can only be ex

[ more ]  [ reply ]
[KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
------
Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
------------------------------------------------------------------------
------

[-] Software Link:

http://www.symantec.com/web-gateway/

[-

[ more ]  [ reply ]
[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.mantisbt.org/

[-] Affected Vers

[ more ]  [ reply ]
[KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------------------
Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
---------------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and pro

[ more ]  [ reply ]
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[ more ]  [ reply ]
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
-------------------------------------------------------------------
Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
-------------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably

[ more ]  [ reply ]
[SECURITY] [DSA 3117-1] php5 security update 2014-12-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3117-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 31, 2014

[ more ]  [ reply ]
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31
Pedro Ribeiro (pedrib gmail com) (1 replies)
Hi,

This is part 10 of the ManageOwnage series. For previous parts, see [1].

This time we have a vulnerability that allows an unauthenticated user
to create an administrator account, which can then be used to execute
code on all devices managed by Desktop Central (desktops, servers,
mobile devices

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in order to prevent the possible execution of a rogue program like
"C:\Program.exe" or "C:\Program Files\Microsoft.exe", on x64 also
"C:\Program Files.exe" or "C:\Program Files (x86)\Microsoft.exe",
due to the beginner's error of using unquoted pathnames containing
spaces (see <https://cwe.

[ more ]  [ reply ]
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability

EMC Identifier: ESA-2014-179

CVE Identifier: CVE-2014-4634

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected

[ more ]  [ reply ]
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability

EMC Identifier: ESA-2014-158

CVE Identifier: CVE-2014-4630

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

[ more ]  [ reply ]
[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3116-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 30, 2014

[ more ]  [ reply ]
(Page 5 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus