BugTraq Mode:
(Page 5 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
WK UDID v1.0.1 iOS - Command Inject Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WK UDID v1.0.1 iOS - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1539

Release Date:
=============
2015-07-01

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Ruxcon 2015 Final Call For Presentations 2015-07-06
cfp ruxcon org au
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th

[ more ]  [ reply ]
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 2015-07-03
Alessandro Zala (Alessandro Zala csnc ch)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Sub

[ more ]  [ reply ]
SQL Injection in easy2map wordpress plugin v1.24 2015-07-02
Larry W. Cashdollar (larry0 me com)
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory:

[ more ]  [ reply ]
ipTIME n104r3 vulnerable to CSRF and XSS attacks 2015-07-02
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-
CSRF-and-XSS

[ more ]  [ reply ]
[SECURITY] [DSA 3299-1] stunnel4 security update 2015-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3299-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015

[ more ]  [ reply ]
ToorCon 17 Call For Papers! 2015-07-01
h1kari (h1kari toorcon org)
TOORCON 17 CALL FOR PAPERS

It's that time of year again! ToorCon 17 is coming so get your code
finished and submit a talk this time around. We're letting you decide
if you want to be a part of our 50-minute talks on Saturday, 20-minute
talks on Sunday, and 75-minute talks for our Deep Knowledge Sem

[ more ]  [ reply ]
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.

QuickTime 7.7.7, QuickTime.msi

unquoted pathname of executables in command line

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell

[ more ]  [ reply ]
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) 2015-07-01
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please find a text-only version below sent to security mailing-lists.

The complete version on exploits about my last advisory of ipTIME
products is posted here:

https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-ipt
ime-router-

[ more ]  [ reply ]
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Isilon OneFS 7.2.0

[ more ]  [ reply ]
Path Traversal in BlackCat CMS 2015-07-01
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1

[ more ]  [ reply ]
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

[ more ]  [ reply ]
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected pro

[ more ]  [ reply ]
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

CVE Identifier: CVE-2015-0551, CVE-2015-4524

Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs

Affected products:

? EMC Documentu

[ more ]  [ reply ]
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1538

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1463

EIBBP-31602

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
=======

[ more ]  [ reply ]
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1431

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects 2015-07-01
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary command

[ more ]  [ reply ]
APPLE-SA-2015-06-30-6 iTunes 12.2 2015-07-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-6 iTunes 12.2

iTunes 12.2 is now available and addresses the following:

WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected appli

[ more ]  [ reply ]
[SECURITY] [DSA 3298-1] jackrabbit security update 2015-06-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3298-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Markus Koschany
July 01, 2015

[ more ]  [ reply ]
APPLE-SA-2015-06-30-5 QuickTime 7.7.7 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

QuickTime 7.7.7 is now available and addresses the following:

QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application

[ more ]  [ reply ]
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root p

[ more ]  [ reply ]
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite

[ more ]  [ reply ]
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 t

[ more ]  [ reply ]
APPLE-SA-2015-06-30-1 iOS 8.4 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile ap

[ more ]  [ reply ]
Google Chrome Address Spoofing (Request For Comment) 2015-06-30
David Leo (david leo deusen co uk)
Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace('http://www.ora

[ more ]  [ reply ]
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP 2015-06-29
Fernando Muñoz (fernando null-life com)
TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]

Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e.,

[ more ]  [ reply ]
[SECURITY] [DSA 3297-1] unattended-upgrades security update 2015-06-29
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3297-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015

[ more ]  [ reply ]
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities 2015-06-29
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt

Vendor:
=======================
community.novius-os.org

Product:
===============================================================
novius-os.5.0

[ more ]  [ reply ]
CollabNet Subversion Edge indes local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)
# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "listViewItem" parameter of the "index" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora

[ more ]  [ reply ]
(Page 5 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus