BugTraq Mode:
(Page 6 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3084-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 01, 2014

[ more ]  [ reply ]
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: EntryPass N5200 Credentials Disclosure

EntryPass N5200 Active Network Control Panels allow the unauthenticated
downloading of information that includes the current administrative
username and password.

Details
=======

Product: EntryPass N5200 Active Network Control Panel
Affected Versi

[ more ]  [ reply ]
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf

During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.

Details
=======

[ more ]  [ reply ]
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Information Disclosure in TYPO3 Extension ke_questionnaire

The TYPO3 extension ke_questionnaire stores answered questionnaires in a
publicly reachable directory on the webserver with filenames that are
easily guessable.

Details
=======

Product: ke_questionnaire
Affected Versions: 2.5.

[ more ]  [ reply ]
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com
#############################################################
#
# SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security
#
#############################################################
#
# CVE ID: CVE-2014-3809
# Product: 1830 Photonic Service Switch PSS-32/16/4
# Vendor: Alcatel-Lucent
# S

[ more ]  [ reply ]
[SECURITY] [DSA 3081-1] libvncserver security update 2014-11-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3081-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
November 29, 2014

[ more ]  [ reply ]
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 2014-11-30
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 9 of the ManageOwnage series. For previous parts see [1].

Today we have yet another 0 day - an arbitrary file download
vulnerability that be exploited unauthenticated in NetFlow Analyzer
and authenticated in IT360.
I'm releasing this as a 0 day because ManageEngine have been makin

[ more ]  [ reply ]
[SECURITY] [DSA 3082-1] flac security update 2014-11-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3082-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 30, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3083-1] mutt security update 2014-11-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3083-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 30, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3080-1] openjdk-7 security update 2014-11-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3080-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 29, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3079-1] ppp security update 2014-11-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3079-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 28, 2014

[ more ]  [ reply ]
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) 2014-11-29
john secureli com
author details: John M. (john (at) secureli (dot) com [email concealed])
homepage details: SECURELI.com

Description:

CVE-2014-9034 was published recently, highlighting an issue that ?allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing? due to php

[ more ]  [ reply ]
[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:237
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:236 ] file 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:236
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:235 ] perl-Plack 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:235
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:234 ] libksba 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:234
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

more than 20 years ago Microsoft introduced the NTFS filesystem
(supporting ACLs) and "user profiles" to separate user data
(with emphasis on "data") from the OS and each other.

More than 13 years ago Microsoft introduced "software restriction
policies" alias SAFER (<https://support.micro

[ more ]  [ reply ]
[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04509419

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04509419
Version: 1

HPSBGN03209 re

[ more ]  [ reply ]
[ MDVSA-2014:233 ] wordpress 2014-11-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:233
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 3078-1] libksba security update 2014-11-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3078-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 27, 2014

[ more ]  [ reply ]
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability 2014-11-27
Egidio Romano (research karmainsecurity com)

-----------------------------------------------------------------
Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
-----------------------------------------------------------------

[-] Software Links:

https://www.tuleap.org/
https://www.enalean.com/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
[ MDVSA-2014:232 ] glibc 2014-11-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:232
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:231 ] icecast 2014-11-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:231
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:230 ] kernel 2014-11-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:230
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[security bulletin] HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information 2014-11-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04507568

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04507568
Version: 1

HPSBGN03202 re

[ more ]  [ reply ]
[SECURITY] [DSA 3077-1] openjdk-6 security update 2014-11-26
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3077-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 26, 2014

[ more ]  [ reply ]
[ MDVSA-2014:229 ] libvncserver 2014-11-26
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:229
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
CVE-2014-5439 - Root shell on Sniffit [with exploit] 2014-11-26
Hector Marco (hecmargi upv es)
CVE-2014-5439 - Root shell on Sniffit

Sniffit is a packet sniffer and monitoring tool.

The attacker can create a specially-crafted sniffit configuration file,
which is able
to bypass all three protection mechanisms:

- Non-eXecutable bit NX
- Stack Smashing Protector SSP
- Address Spa

[ more ]  [ reply ]
Сross-Site Request Forgery (CSRF) in xEpan 2014-11-26
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23240
Product: xEpan
Vendor: Xavoc Technocrats Pvt. Ltd.
Vulnerable Version(s): 1.0.1 and probably prior
Tested Version: 1.0.1
Advisory Publication: October 22, 2014 [without technical details]
Vendor Notification: October 22, 2014
Public Disclosure: November 26, 2014
Vulnerabili

[ more ]  [ reply ]
[ MDVSA-2014:228 ] phpmyadmin 2014-11-26
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:228
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
(Page 6 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus