BugTraq Mode:
(Page 7 of 1529)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update 2014-03-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2885-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 26, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2884-1] libyaml security update 2014-03-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2884-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 26, 2014

[ more ]  [ reply ]
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516) 2014-03-26
Roee Hay (roeeh il ibm com)
Hi,

We have recently discovered a series of vulnerabilities in Firefox for Android
that allows a malicious application to successfully derandomize
the Firefox profile directory name in a practical amount of time
and then leak sensitive data (such as cookies and cached
information) which reside in t

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-ipv6

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary
=======

A vulnerability in the implementation of the IP version 6 (IPv

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software SSL VPN Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-ios-sslvpn

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary
=======

A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of C

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software Network Address Translation Vulnerabilities

Advisory ID: cisco-sa-20140326-nat

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary

The Cisco IOS Software implementation of the Network Address Translation (NAT)

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-ikev2

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary
=======

A vulnerability in the Internet Key Exchange Vers

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-sip

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary
=======

A vulnerability in the Session Initiation Protocol (SIP

[ more ]  [ reply ]
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability 2014-03-26
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability

Advisory ID: cisco-sa-20140326-RSP72010GE

Revision 1.0

For Public Release 2014 March 26 16:00 UTC (GMT)

Summary
=======

A vulnerability i

[ more ]  [ reply ]
ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability 2014-03-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability

EMC Identifier: ESA-2014-015

CVE Identifier: CVE-2014-0623

Severity Rating: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Affected Products:

RSA Authentica

[ more ]  [ reply ]
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own) 2014-03-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing
Use-after-free (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Mozilla Firefox is a free and open-source web browser developed for
Windows, OS X, and Linux, w

[ more ]  [ reply ]
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own) 2014-03-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter"
Use-after-free (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Google Chrome is a freeware web browser developed by Google. Chrome
version 28 and beyond uses

[ more ]  [ reply ]
VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own) 2014-03-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Google Chrome Clipboard Format Processing
Sandbox Escape (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Google Chrome is a freeware web browser developed by Google. Chrome
version 28 and beyond uses the

[ more ]  [ reply ]
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access 2014-03-26
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04126368

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04126368
Version: 1

HPSBST02968 re

[ more ]  [ reply ]
Web Egg Hunting Game - Hacky Easter 2014-03-26
Ivan Buetler (ivan buetler csnc ch)
I would like to make you aware of a web-based egg hunting game - HACKY
EASTER 2014 IS STARTED!

The game comes with three components
1) web app
2) iOS app
3) Android app

24 easter eggs are waiting for you. In order to find them, you'll need to
solve hacking challenges.
The easter eggs contain a QR

[ more ]  [ reply ]
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code 2014-03-25
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iNote: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04122007

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04122007
Version: 2

HPSBMU02967 r

[ more ]  [ reply ]
CVE-2013-6955 Synology DSM remote code execution 2014-03-25
tiamat451 gmail com
Products Affected By CVE-2013-6955
Diskstation Manager
4.0
4.2
4.3 4.3-3810
Vendor: Synology
Status: Patched

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data

[ more ]  [ reply ]
[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13 2014-03-25
Eric Flokstra (erp flokstra gmail com)
=================================================
Title: SQL injection in InterWorx Control Panel
Product: InterWorx Web Control Panel
Vendor: InterWorx LLC
Tested Version: 5.0.13 build 574
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-2531
Solution Status: Fixed in Version 5.0.

[ more ]  [ reply ]
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently) 2014-03-25
Dieyu (dieyu dieyu org)
Origin:
Visit http://technet.microsoft.com/en-us/security/bulletin/ms14-010
Check "Acknowledgments" for "CVE-2014-0293".
It says "Dieyu" and links to my website http://dieyu.org/

Technical Details:
showModalDialog to keep script running, HTTP redirecting to target domain.
Then script will run in ta

[ more ]  [ reply ]
[oCERT-2014-002] Xalan-Java insufficient secure processing 2014-03-24
Andrea Barisani (lcars ocert org)

#2014-002 Xalan-Java insufficient secure processing

Description:

The Xalan-Java library is a popular XSLT processor from the Apache Software
Foundation.

The library implements the Java API for XML Processing (JAXP) which supports a
secure processing feature for interpretive and XSLCT processors.

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability 2014-03-24
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140324-004]

Summary:
An Off-by-one memory access was found in the web gui of nagios.

A patch was applied to the core master branch of nagios (http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03e
d73ff4c9612a866/).
This resolution is announc

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk 2014-03-24
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140324-002]

Summary:
Several vulnerabilities were found in check_mk version 1.2.2p2.

The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - Stored Cross-Site Scripting (XSS) (via URL)
3 - Stored Cross-Site Scripting (XSS) (via external data,

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga 2014-03-24
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140324-003]

Summary:
Two vulnerabilities were found in icinga version 1.9.1.

These vulnerabilities are:
1) several buffer overflows
2) Off-by-one memory access

Recommendations:
Updates available and need to be installed:
- Icinga 1.10.2 Bug Fix Release
- I

[ more ]  [ reply ]
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability 2014-03-24
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability

EMC Identifier: ESA-2014-011

CVE Identifier: CVE-2014-0628

Severity Rating: CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:N/I:N/A:C)

Affected Products:

RSA BSAFE Micro

[ more ]  [ reply ]
[SECURITY] [DSA 2873-2] file regression update 2014-03-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2873-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 24, 2014

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti 2014-03-24
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140324-001]

Summary:
Three vulnerabilities were found in cacti version 0.8.7g.

The vulnerabilities are:
1) Stored Cross-Site Scripting (XSS) (via URL)
2) Missing CSRF (Cross-Site Request Forgery) token allows execution of arbitrary commands
3) The use of

[ more ]  [ reply ]
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting 2014-03-24
Daniel Marques (daniel codalabs net)
==========================================================

php-font-lib - Subset maker (make_subset.php) Reflected Cross-site Scripting

Revision 1.0

==========================================================

Author: Daniel C. Marques (@0xc0da)

Release date: 2014-03-23

Reference: http://codalab

[ more ]  [ reply ]
c0c0n 2014 | The cy0ps c0n - Call For Papers & Call For Workshops 2014-03-24
c0c0n International Information Security Conference (c0c0n is-ra org)

            ___        ___          ___   ___  __ _  _   
           / _ \      / _ \        |__ \ / _ \/_ | || | 
       ___| | | | ___| | | |_ __      ) | | | || | || |_
      / __| | | |/ __| | | | '_ \    / /| | | || |__   _|
     | (__| |_| |

[ more ]  [ reply ]
[SECURITY] [DSA 2883-1] chromium-browser security update 2014-03-24
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2883-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
March 23, 2014

[ more ]  [ reply ]
NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation 2014-03-21
NCC Group Research (research nccgroup com)
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
~.~.
Vulnerability Summary
~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
~.~.

Title Nessus Authenticated Scan - Local Privilege Escalation
Release Date 20 March 2014
Reference

[ more ]  [ reply ]
(Page 7 of 1529)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus