BugTraq Mode:
(Page 7 of 1588)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04560440

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04560440
Version: 1

HPSBGN03247 re

[ more ]  [ reply ]
[SECURITY] [DSA 3149-1] condor security update 2015-02-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3149-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
February 02, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04553906

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04553906
Version: 1

HPSBMU03239 re

[ more ]  [ reply ]
[SECURITY] [DSA 3150-1] vlc security update 2015-02-02
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3150-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 02, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04552143

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04552143
Version: 1

HPSBMU03236 r

[ more ]  [ reply ]
Fork CMS 3.8.3 - XSS Vulnerability 2015-02-02
ITAS Team (itas team itas vn)
# Exploit Title: Fork CMS 3.8.3 - XSS Vulnerability
# Vendor: http://www.fork-cms.com
# Download link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released
# CVE ID: CVE-2014-9470
# Vulnerability: Cross-Site Scripting
# Affected version: Fork 3.8.3
# Fixed version: Fork 3.8

[ more ]  [ reply ]
Microweber 0.95 - SQL Injection Vulnerability 2015-02-02
ITAS Team (itas team itas vn)
# Exploit Title: Microweber 0.95 - SQL Injection Vulnerability
# Vendor: https://microweber.com/
# Download link: https://microweber.com/download
(https://github.com/microweber/microweber)
# CVE ID: CVE-2014-9464
# Vulnerability: SQL Injection
# Affected version: Version 0.95 b

[ more ]  [ reply ]
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities 2015-02-02
ITAS Team (itas team itas vn)
# Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection
Vulnerabilities
# Vendor: http://www.sefrengo.org/
# Download link: http://forum.sefrengo.org/index.php?showtopic=3368
(https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317
cc99
0785cce

[ more ]  [ reply ]
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 2015-01-31
Onur Yilmaz (onur netsparker com)
Information
------------
Advisory by Netsparker.
Name: XSS Vulnerability in Banner Effect Header
Affected Software : Banner Effect Header
Affected Versions: 1.2.7 and possibly below
Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/
Vulnerability Type : Cross-site Scripting
Severi

[ more ]  [ reply ]
[SECURITY] [DSA 3148-1] chromium-browser end of life 2015-01-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3148-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
January 31, 2015

[ more ]  [ reply ]
Major Internet Explorer Vulnerability - NOT Patched 2015-01-31
David Leo (david leo deusen co uk)
Deusen just published code and description here:
http://www.deusen.co.uk/items/insider3show.3362009741042107/
which demonstrates the serious security issue.

Summary
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk can be changed by external domain.

How To Use
1. Close t

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you 2015-01-31
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on Windows, the command line an application receives can differ
from the command line the calling application supplies to
CreateProcess*().

The documentation of GetCommandLine()
<https://msdn.microsoft.com/en-us/library/ms683156.aspx> tells:

| Note The name of the executable in the comma

[ more ]  [ reply ]
[security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities 2015-01-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530690

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530690
Version: 2

HPSBOV03226 re

[ more ]  [ reply ]
[SECURITY] [DSA 3147-1] openjdk-6 security update 2015-01-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3147-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3146-1] requests security update 2015-01-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3146-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
January 30, 2015

[ more ]  [ reply ]
ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability 2015-01-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability

EMC Identifier: ESA-2015-006

CVE Identifier: CVE-2014-4632

Severity Rating: CVSSv2 Base Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

? EMC Avamar Dat

[ more ]  [ reply ]
[SECURITY] [DSA 3145-1] privoxy security update 2015-01-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3145-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 30, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3144-1] openjdk-7 security update 2015-01-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3144-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 29, 2015

[ more ]  [ reply ]
NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability 2015-01-29
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2015-0002
Synopsis: VMware vSphere Data Protection product update addresses a
certificate validatio

[ more ]  [ reply ]
Symantec Encryption Management Server < 3.2.0MP6 - Remote Command Injection 2015-01-30
Paul Craig (lists vantagepoint sg)
Vantage Point Security Advisory 2014-007
========================================

Title: Symantec Encryption Management Server - Remote Command Injection
ID: VP-2014-007
Vendor: Symantec
Affected Product: Symantec Encryption Gateway
Affected Versions: < 3.2.0 MP6
Product Website: http://www.symante

[ more ]  [ reply ]
Unauthenticated Reflected XSS vulnarbility in Asus RT-N10 Plus router 2015-01-29
kingkaustubh me com
#####################################
Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
Author: Kaustubh G. Padwad
Product: ASUS Router RT-N10 Plus
Firmware: 2.1.1.1.70
Severity: HIGH
Auth: Not requierd

# Description:
Vulnerable Parameter: flag=
# Vulnerability Class:
Cross Si

[ more ]  [ reply ]
Reflected XSS vulnarbility in Asus RT-N10 Plus Router 2015-01-29
kingkaustubh me com
#####################################
Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
Author: Kaustubh G. Padwad
Product: ASUS Router RT-N10 Plus
Firmware: 2.1.1.1.70
Severity: Medium
Auth: Requierd

# Description:
Vulnerable Parameter: flag=
# Vulnerability Class:
Cross Site

[ more ]  [ reply ]
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities 2015-01-29
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities

EMC Identifier: ESA-2015-002

CVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137, CV

[ more ]  [ reply ]
Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385 2015-01-29
Onur Yilmaz (onur netsparker com)
Information
------------
Advisory by Netsparker
Name: XSS Vulnerability in Blubrry PowerPress
Affected Software : Blubrry PowerPress
Affected Versions: 6.0 and possibly below
Vendor Homepage : https://wordpress.org/plugins/powerpress/
Vulnerability Type : Cross-site Scripting
Severity : Important
CV

[ more ]  [ reply ]
CVE-2014-8779: SSH Host keys on Pexip Infinity 2015-01-29
giles pexip com
Summary
=======

The operating system used by Pexip Infinity does not create unique SSH
host keys on deployment of new Management and Conferencing Nodes, using
fixed host keys instead. Host keys are used to verify the identity of
the remote host when connecting to it over SSH. These keys are contain

[ more ]  [ reply ]
[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360) 2015-01-28
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 12 of the ManageOwnage series. For previous parts, see [1].

This time we have an arbitrary file download, directory content
disclosure and blind SQL injection vulnerabilities in ManageEngine
OpManager, Applications Manager and IT360.

I've pushed two new Metasploit modules into th

[ more ]  [ reply ]
Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability 2015-01-28
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: GNU glibc gethostbyname Function Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20150128-ghost

Revision 1.0

For Public Release 2015 January 28 22:30 UTC (GMT)

+---------------------------------------------------------

[ more ]  [ reply ]
AST-2015-001: File descriptor leak when incompatible codecs are offered 2015-01-28
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2015-001

Product Asterisk
Summary File descriptor leak when incompatible codecs are
offered

[ more ]  [ reply ]
[slackware-security] glibc (SSA:2015-028-01) 2015-01-28
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] glibc (SSA:2015-028-01)

New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
and 14.1 to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation 2015-01-29
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2015-001 : Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation

Title: Microsoft Windows Server 2003 SP2 Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2015-001
Publication Date: 2015.01.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-201

[ more ]  [ reply ]
(Page 7 of 1588)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus