BugTraq Mode:
(Page 5 of 1556)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
WWW File Share Pro v7.0 - Denial of Service Vulnerability 2014-09-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WWW File Share Pro v7.0 - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1310

Video: http://www.vulnerability-lab.com/get_content.php?id=1309

http://cwe.mitre.org/data/definitions/121.h

[ more ]  [ reply ]
Avira License Application - Cross Site Request Forgery Vulnerability 2014-09-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Avira License Application - Cross Site Request Forgery Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1302

Video: http://www.vulnerability-lab.com/get_content.php?id=1301

Release Date:
=============
201

[ more ]  [ reply ]
SSH host key fingerprint - through HTTPS 2014-09-01
John Leo (johnleo checkssh com) (2 replies)
This tool displays SSH host key fingerprint - through HTTPS.

SSH is about security; host key matters a lot here; and you can know for sure by using this tool. It means you know precisely how to answer this question:
The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established.
RSA k

[ more ]  [ reply ]
Re: SSH host key fingerprint - through HTTPS 2014-09-01
Chris Nehren cnehren+bugtraq (at) pobox (dot) com [email concealed] (cnehren+bugtraq pobox com)
Re: SSH host key fingerprint - through HTTPS 2014-09-01
Micha Borrmann (micha borrmann syss de)
[SECURITY] [DSA 2987-2] openjdk-7 regression update 2014-08-31
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2987-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
August 31, 2014

[ more ]  [ reply ]
CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia 2014-09-01
liezelle sdiwc info
All registered papers will be included in SDIWC Digital Library, and in
the proceedings of the conference.

The Third International Conference on Informatics & Applications
(ICIA2014)
October 8-10, 2014 - Kuala Terengganu, Malaysia | icia2014 (at) sdiwc (dot) net [email concealed]
http://sdiwc.net/conferences/2014/icia2014/

[ more ]  [ reply ]
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) 2014-08-30
jesus ramirez pichardo gmail com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a serious security vulnerability in the Slideshow Gallery
> plugin. This bug allows an attacker to upload any php file remotely to
> the vulnerable website (administrator by default).
>
> I have tested and verified that having the current vers

[ more ]  [ reply ]
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) 2014-08-30
jesus ramirez pichardo gmail com
WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.

Vendor Homepage: http://tribulant.com/
Software: Slideshow Gallery
Version: 1.4.6
Software Link: http://downloads.wordpress.org/plugin/slideshow-gallery.1.4.6.zip
Tested on: Windows 7 OS, Wordpress 3.

[ more ]  [ reply ]
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities 2014-08-29
sales prochatrooms com
Date: 12 Aug 2014

A software update for the Text Chat Room & Audio/Video Chat Room (v8.2.0) is now available to download in the Pro Chat Rooms customer area that addresses this security issue.

We would like to express our thanks to Mike Manzotti @ Dionach Ltd who assisted us with this update.

[ more ]  [ reply ]
Sierra Library Services Platform Multiple Vulnerability Disclosure 2014-08-28
Romano, Christian (cromano caanes com)
Product: Sierra Library Services Platform
Vendor: Innovative Interfaces Inc
Vulnerable Version: 1.2_3
Tested Version: 1.2_3
Vendor Notification: June 19, 2014
Public Disclosure: August 26, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5136
Risk Level: Medium
CVSSv2 B

[ more ]  [ reply ]
Re: SaaS Marketing platform Hubspot export vulnerability 2014-08-28
security hubspot com
We at HubSpot take the concerns of the security community seriously, and continuously work to improve our posture in this ever-changing field. We do have predefined roles in the application which allow our customers to segment users permissions based on their role. These horizontal permissions are q

[ more ]  [ reply ]
[SECURITY] [DSA 3014-1] squid3 security update 2014-08-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3014-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 28, 2014

[ more ]  [ reply ]
SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting 2014-08-28
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140828-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: F5 BIG-IP
vulnerable version: <= 11.5.1

[ more ]  [ reply ]
Aerohive Hive Manager and Hive OS Multiple Vulnerabilities 2014-08-28
Disclosure (Disclosure security-assessment com)
( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / / \/ | \\ \__( <_> ) Y Y /______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq

[ more ]  [ reply ]
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert 2014-08-27
Pedro Ribeiro (pedrib gmail com)
Hi,

You can read the usernames and MD5 hashed passwords of all the users
in the Device Expert application by sending an unauthenticated
request.
I am releasing this as a 0 day as ManageEngine have responded that
they do not consider this a priority and won't fix it in the near
future unless a custo

[ more ]  [ reply ]
[SECURITY] [DSA 3013-1] s3ql security update 2014-08-27
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3013-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weiemr
August 27, 2014

[ more ]  [ reply ]
Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30) 2014-08-27
jackie sdiwc info
ICETC2014: International Conference on Education Technologies and
Computers

Technically co-sponsored by IEEE Poland Section
Lodz University of Technology, Lodz, Poland
September 22-24, 2014
http://goo.gl/axpR5f

The International Conference on Education Technologies and Computers
(ICETC2014) will

[ more ]  [ reply ]
[SECURITY] [DSA 3012-1] eglibc security update 2014-08-27
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3012-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
August 27, 2014

[ more ]  [ reply ]
SaaS Marketing platform Hubspot export vulnerability 2014-08-27
ehoward novacoast com
Hubspot is a widely used SaaS marketing platform to email all your customers, collect data about them and attract new customers. It's is common practice to keep customer lists in Hubspot to send newsletters or other email communication. Hubspot has hardcoded roles that grant users access to various

[ more ]  [ reply ]
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks 2014-08-27
Fernando Gont (fgont si6networks com)
Folks,

FYI: <https://www.rfc-editor.org/rfc/rfc7359.txt>

Best regards,
Fernando Gont

-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor@

[ more ]  [ reply ]
Mathematica10.0.0 on Linux /tmp/MathLink vulnerability 2014-08-27
paul szabo sydney edu au
The problem reported for Mathematica is present still at version 10.0.0
for the GUI interface (the command-line interface may be "safe").

Cheers,

Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

---

[ more ]  [ reply ]
Encore Discovery Solution Multiple Vulnerability Disclosure 2014-08-27
Romano, Christian (cromano caanes com)
Product: Encore Discovery Solution
Vendor: Innovative Interfaces Inc
Vulnerable Version: 4.3
Tested Version: 4.3
Vendor Notification: June 19, 2014
Public Disclosure: August 26, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-5127
Risk Level: Medium
CVSSv2 Base Score: 4.3 (A

[ more ]  [ reply ]
ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability 2014-08-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability

EMC Identifier: ESA-2014-081

CVE Identifier: CVE-2014-4619

Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification 2014-08-26
advisories (advisories lsexperts de)
=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 ===

Grand MA 300 Fingerprint Reader - Weak Pin Verification
------------------------------------------------------------------------

Affected Versions
=================
Grand MA 300/ID with firmware 6.60

Issue Overview
========

[ more ]  [ reply ]
ntopng 1.2.0 XSS injection using monitored network traffic 2014-08-25
Steffen Bauch (mail steffenbauch de)
ntopng 1.2.0 XSS injection using monitored network traffic

ntopng is the next generation version of the original ntop, a network
traffic probe and monitor that shows the network usage, similar to what
the popular top Unix command does.

The web-based frontend of the software is vulnerable to inje

[ more ]  [ reply ]
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities 2014-08-25
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 2

HPSBMU03076 r

[ more ]  [ reply ]
[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc. 2014-08-25
WorldCIST (worldcist aisti eu)
------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015.
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

WORKSHOP FORM

[ more ]  [ reply ]
MEHR Automation System Arbitrary File Download Vulnerability(persian portal) 2014-08-25
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
# Author : alieye
# vendor : http://shakhesrayane.ir/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# intext:"Poshtibani@

[ more ]  [ reply ]
DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config 2014-08-25
cseye_ut yahoo com
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config
# Author : alieye
# vendor : http://dnnsoftware.com/
# Contact : cseye_ut (at) yahoo (dot) com [email concealed]
# Risk : High
# Class: Remote
#
# Google Dork:
# inurl:ctl/+inurl:/tab
# inurl:

[ more ]  [ reply ]
(Page 5 of 1556)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus