BugTraq Mode:
(Page 5 of 1580)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
--------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably prior versions.

[ more ]  [ reply ]
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31
Egidio Romano (research karmainsecurity com)
-------------------------------------------------------------------
Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
-------------------------------------------------------------------

[-] Software Link:

http://osclass.org/

[-] Affected Versions:

Version 3.4.2 and probably

[ more ]  [ reply ]
[SECURITY] [DSA 3117-1] php5 security update 2014-12-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3117-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 31, 2014

[ more ]  [ reply ]
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 10 of the ManageOwnage series. For previous parts, see [1].

This time we have a vulnerability that allows an unauthenticated user
to create an administrator account, which can then be used to execute
code on all devices managed by Desktop Central (desktops, servers,
mobile devices

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in order to prevent the possible execution of a rogue program like
"C:\Program.exe" or "C:\Program Files\Microsoft.exe", on x64 also
"C:\Program Files.exe" or "C:\Program Files (x86)\Microsoft.exe",
due to the beginner's error of using unquoted pathnames containing
spaces (see <https://cwe.

[ more ]  [ reply ]
ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability

EMC Identifier: ESA-2014-179

CVE Identifier: CVE-2014-4634

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected

[ more ]  [ reply ]
ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability

EMC Identifier: ESA-2014-158

CVE Identifier: CVE-2014-4630

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

[ more ]  [ reply ]
[SECURITY] [DSA 3116-1] polarssl security update 2014-12-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3116-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 30, 2014

[ more ]  [ reply ]
Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29
z fedotkin infosec ru
Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7
Advisory ID: -
Author: Zakhar Fedotkin
Affected Software: Wordpress Plugin Cforms II 14.x-14.7 (Release: 12th Nov 2014)
Vendor URL: https://wordpress.org/plugins/cforms2/
Vendor Status: fixed
CVE-ID: -

===================

[ more ]  [ reply ]
[SECURITY] [DSA 3115-1] pyyaml security update 2014-12-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3115-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 29, 2014

[ more ]  [ reply ]
nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)
Namaste Ninjas,

Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and

[ more ]  [ reply ]
[SECURITY] [DSA 3113-1] unzip security update 2014-12-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3113-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 28, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3114-1] mime-support security update 2014-12-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3114-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 29, 2014

[ more ]  [ reply ]
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1386

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239

CVE-ID:
=======
CVE-2014-2239

Release Date:
==

[ more ]  [ reply ]
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1377

Release Date:
=============
2014-12-25

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1358

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1363

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1387

Release Date:
=============
2014-12-24

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #17 - Migrate Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1370

Facebook Security ID: 216850649

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2014

[ more ]  [ reply ]
DRAM unreliable under specific access patern 2014-12-24
Pavel Machek (pavel ucw cz)
Hi!

It seems that it is easy to induce DRAM bit errors by doing repeated
reads from adjacent memory cells on common hw. Details are at

https://www.ece.cmu.edu/~safari/pubs/kim-isca14.pdf

. Older memory modules seem to work better, and ECC should detect
this. Paper has inner loop that should trigg

[ more ]  [ reply ]
Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24
steffen roesemann1986 gmail com
Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
Advisory ID: SROEADV-2014-03
Author: Steffen Rösemann
Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014)
Vendor URL: http://www.contenido.org/de/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerab

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products

Advisory ID: cisco-sa-20141222-ntpd

Revision 1.1

Last Updated 2014 December 23 13:37 UTC (GMT)

For Public Release 2014 December 22 16:00 UTC (GMT)

+--------------

[ more ]  [ reply ]
[SECURITY] [DSA 3110-1] mediawiki security update 2014-12-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3110-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
December 23, 2014

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3112-1] sox security update 2014-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3112-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2014

[ more ]  [ reply ]
Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 2014-12-23
steffen roesemann1986 gmail com
Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
Advisory ID: SROEADV-2014-02
Author: Steffen Rösemann
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)
Vendor URL: http://www.s9y.org/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerability Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3108-1] ntp security update 2014-12-20
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3108-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 20, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3106-1] jasper security update 2014-12-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3106-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3109-1] firebird2.5 security update 2014-12-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3109-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2014

[ more ]  [ reply ]
(Page 5 of 1580)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus