BugTraq Mode:
(Page 6 of 1580)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[oCERT-2014-011] UnZip input sanitization errors 2014-12-22
Andrea Barisani (lcars ocert org)

#2014-011 UnZip input sanitization errors

Description:

The UnZip tool is an open source extraction utility for archives compressed in
the zip format.

The unzip command line tool is affected by heap-based buffer overflows within
the CRC32 verification, the test_compr_eb() and the getZip64Data() f

[ more ]  [ reply ]
[slackware-security] php (SSA:2014-356-02) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2014-356-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.3

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2014-356-01) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2014-356-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[slackware-security] xorg-server (SSA:2014-356-03) 2014-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2014-356-03)

New xorg-server packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 2014-12-19
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Importa

[ more ]  [ reply ]
TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 2014-12-19
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Important

[ more ]  [ reply ]
Facebook BB #18 - IDOR Issue & Privacy Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook BB #18 - IDOR Issue & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1371

Facebook Security ID: 219208937

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
=

[ more ]  [ reply ]
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
iBackup v10.0.0.45 - Privilege Escalation Vulnerability 2014-12-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iBackup v10.0.0.45 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor 2014-12-19
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF

[ more ]  [ reply ]
APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 2014-12-18
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .

[ more ]  [ reply ]
[oCERT-2014-012] JasPer input sanitization errors 2014-12-18
Andrea Barisani (lcars ocert org)
#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A spe

[ more ]  [ reply ]
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,

[ more ]  [ reply ]
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3

[ more ]  [ reply ]
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336

CVE-ID:
=======
CVE-2014-9336

Release Date:
=

[ more ]  [ reply ]
E-Journal CMS (ID) - Multiple Web Vulnerabilities 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
E-Journal CMS (ID) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1380

Release Date:
=============
2014-12-17

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1368

Facebook Security ID: 219162244

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL

[ more ]  [ reply ]
Apple iOS v8.x - Message Context & Privacy Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS v8.x - Message Context & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1346

Video: http://www.vulnerability-lab.com/get_content.php?id=1350

Release Date:
=============
2014-12-16

Vu

[ more ]  [ reply ]
Jease CMS v2.11 - Persistent UI Web Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Jease CMS v2.11 - Persistent UI Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1373

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780

CVE-ID:
=======
CVE-2014-8780

Release Date:
=======

[ more ]  [ reply ]
Morfy CMS v1.05 - Command Execution Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Morfy CMS v1.05 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1367

https://github.com/Awilum/monstra-cms/issues/351

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185

CVE

[ more ]  [ reply ]
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1372

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334

CVE-ID:
=======
CVE-2014-9334

Release Date:
=

[ more ]  [ reply ]
Cross-Site Scripting (XSS) in Revive Adserver 2014-12-17
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23242
Product: Revive Adserver
Vendor: http://www.revive-adserver.com/
Vulnerable Version(s): 3.0.5 and probably prior
Tested Version: 3.0.5
Advisory Publication: November 12, 2014 [without technical details]
Vendor Notification: November 12, 2014
Vendor Patch: December 17, 2014

[ more ]  [ reply ]
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache 2014-12-17
Tobias Glemser (tglemser secuvera de)
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

Affected Products
W3 Total Cache 0.9.4 (older releases have not been tested)

"The only WordPress Performance Optimization (WPO) framework;
designed to improve user experience and page speed. (..)
W3 Total Cache improves the user

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:30.unbound 2014-12-17
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:30.unbound Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities 2014-12-17
Matteo Beccati (php beccati com)
========================================================================

Revive Adserver Security Advisory REVIVE-SA-2014-002
------------------------------------------------------------------------

http://www.revive-adserver.com/security/revive-sa-2014-002
----------------------

[ more ]  [ reply ]
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04512907

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04512907
Version: 1

HPSBMU03217 re

[ more ]  [ reply ]
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530690

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530690
Version: 1

HPSBOV03226 re

[ more ]  [ reply ]
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530570

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530570
Version: 1

HPSBOV03225 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04518605

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04518605
Version: 1

HPSBMU03221 re

[ more ]  [ reply ]
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1320

Video: http://www.vulnerability-lab.com/get_content.php?id=1332

Release Date:
=============
2014-12-02

Vu

[ more ]  [ reply ]
(Page 6 of 1580)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus