BugTraq Mode:
(Page 6 of 1552)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ MDVSA-2014:142 ] apache 2014-07-30
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:142
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Improper Access Control in ArticleFR 2014-07-30
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23219
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 11.06.2014 and probably prior
Tested Version: 11.06.2014
Advisory Publication: June 11, 2014 [without technical details]
Vendor Notification: June 11, 2014
Public Disclosure: July 30, 2014
Vulnerability Typ

[ more ]  [ reply ]
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529] 2014-07-29
Programa STIC (stic fundacionsadosky org ar)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Security advisory of Programa STIC at Fundación Dr. Manuel Sadosky
www.fundacionsadosky.org.ar

Vulnerabilities in Facebook and Facebook Messenger for Android

1. *Advisory Information*

Title: Vulnerabilities in Facebook and Faceboo

[ more ]  [ reply ]
[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-07-29
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04385138

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04385138
Version: 1

HPSBMU03078 r

[ more ]  [ reply ]
[ MDVSA-2014:141 ] java-1.7.0-openjdk 2014-07-29
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:141
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS 2014-07-29
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory2014-023: HTTP verb tampering issue in SAP_JTECHS

This advisory can be downloaded in PDF format from http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
gain access to beforehand i

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service 2014-07-29
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-024: Hard-coded Username in SAP FI
Manager Self-Service

This advisory can be downloaded in PDF format from http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
gain access to

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass 2014-07-29
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory2014-022: SAP HANA IU5 SDK Authentication Bypass

This advisory can be downloaded in PDF format from http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
gain access to beforehand in

[ more ]  [ reply ]
[ MDVSA-2014:139 ] nss 2014-07-29
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:139
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 2014-07-29
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-026: Missing authorization check in
function modules of BW-SYS-DB-DB4

This advisory can be downloaded in PDF format from http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
g

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool 2014-07-29
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-025: Multiple Cross Site Scripting
Vulnerabilities in SAP HANA XS Administration Tool

This advisory can be downloaded in PDF format from http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Ce

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication 2014-07-29
Onapsis Research Labs (research onapsis com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-021: SAP HANA XS Missing encryption in
form-based authentication

This advisory can be downloaded in PDF format from
http://www.onapsis.com/.

By downloading this advisory from the Onapsis Resource Center, you will
gain ac

[ more ]  [ reply ]
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities 2014-07-29
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2
#37 - Filter Bypass & Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1103

Barracuda Networks Security ID (BNSEC): BNSEC

[ more ]  [ reply ]
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities 2014-07-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1283

Release Date:
=============
2014-07-29

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
[SECURITY] [DSA 2992-1] linux security update 2014-07-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2992-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 29, 2014

[ more ]  [ reply ]
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account 2014-07-28
Stefan Kanthak (stefan kanthak nexgo de)
"Michael Cramer" <mike.cramer (at) outlook (dot) com [email concealed]> wrote:

>I think you're arguing semantics here.

Of course.

> Of course the specifics of how a particular program is executed
> will be different between command line and GUI-based OS'.

Really?
Is there any need for this difference you state?
BTW: what is

[ more ]  [ reply ]
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account 2014-07-28
Stefan Kanthak (stefan kanthak nexgo de)
"Michael Cramer" <mike.cramer (at) outlook (dot) com [email concealed]> wrote:

> sudo make-me-a-sandwich.py
>
>
> How is this different from any other temporary, per-process elevation system?

0. neither sudo nor make-me-a-sandwich.py nor the OS where these programs
typically run have a CreateProcess*() system call which

[ more ]  [ reply ]
[ MDVSA-2014:140 ] owncloud 2014-07-29
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:140
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities 2014-07-28
vulns dionach com
Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities

Class: Input Validation Error
CVE N/A
Remote Yes
Local No
Published 02/07/2014

Credit Raymond Rizk of Dionach (vulns (at) dionach (dot) com [email concealed])
Vendor Kunena
Vulnerable Kunena v3.0.5
Solution Status: Fixed by

[ more ]  [ reply ]
Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities 2014-07-28
vulns dionach com
Kunena forum extension for Joomla multiple SQL injection vulnerabilities

Class: Input Validation Error
CVE: N/A
Remote: Yes
Local: No
Published: 02/07/2014

Credit: Raymond Rizk of Dionach (vulns (at) dionach (dot) com [email concealed])
Vendor: Kunena
Vulnerable: Kunena v3.0.5
Solution Status: Fixed by Vendor

K

[ more ]  [ reply ]
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability 2014-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1118

Barracuda Networks Security ID (BNSEC): BNSEC-1052
https://www.barracuda.com/sup

[ more ]  [ reply ]
[SECURITY] [DSA 2991-1] modsecurity-apache security update 2014-07-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2991-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2014

[ more ]  [ reply ]
[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS) 2014-07-25
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03993467

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03993467
Version: 1

HPSBGN02936 re

[ more ]  [ reply ]
Web Encryption Extension security update 2014-07-25
Ralf Senderek (support senderek ie)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Revision: 1.0
Last Updated: 25 July 2014
First Published: 25 July 2014

Summary:
A security issue was found in the Web Encryption Extension.

Authenticated users are able to modify the content of https request
fie

[ more ]  [ reply ]
[SECURITY] [DSA 2990-1] cups security update 2014-07-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2990-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2014

[ more ]  [ reply ]
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account 2014-07-25
Gynvael Coldwind (gynvael coldwind pl) (1 replies)
So reading the links you provided I semi-agree with you. I think the
problem boils down to this part of your initial e-mail:

> PS: yes, it needs administrative privileges to write C:\Program.exe.
> BUT: all the user account(s) created during Windows setup have
> administrative privileges.

My

[ more ]  [ reply ]
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities 2014-07-25
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1065

Barracuda Networks Security ID (BNSEC): BNSEC-2067
https://www.barracuda.com/support/kn

[ more ]  [ reply ]
Easy file sharing web server - persist XSS in forum msgs 2014-07-25
joseph giron13 gmail com
I saw a posting a month or 2 ago for a BOF in an FTP server belonging to EFS Software here: http://www.securityfocus.com/bid/19243
At first there was no additional details provided and I hunted up and down before finding it after some fuzzing (stack smash in password).

While on the hunt, I found on

[ more ]  [ reply ]
[SECURITY] [DSA 2989-1] apache2 security update 2014-07-24
Stefan Fritsch (sf debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2989-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Stefan Fritsch
July 24, 2014

[ more ]  [ reply ]
(Page 6 of 1552)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus