BugTraq Mode:
(Page 8 of 1587)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[SYSS-2014-010] FancyFon FAMOC - SQL Injection 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-010
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3140-1] xen security update 2015-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3140-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015

[ more ]  [ reply ]
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-013
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12

[ more ]  [ reply ]
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-011
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution D

[ more ]  [ reply ]
[SYSS-2014-012] FancyFon FAMOC - Session Fixation 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-012
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Session Fixation (CWE-384)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2

[ more ]  [ reply ]
CVE-2015-0223: anonymous access to qpidd cannot be prevented 2015-01-26
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

anonymous access to qpidd cannot be prevented

CVE-2015-0223 CVS: 5.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

An attacker can gain

[ more ]  [ reply ]
CVE-2015-0224: qpidd can be crashed by unauthenticated user 2015-01-26
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

qpidd can be crashed by unauthenticated user

CVE-2015-0224 CVS: 7.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

In CVE-2015-0203 it w

[ more ]  [ reply ]
[CORE-2015-0002] - Android WiFi-Direct Denial of Service 2015-01-26
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Android WiFi-Direct Denial of Service

1. *Advisory Information*

Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-servic
e
Dat

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2015-0001 2015-01-26
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisor

[ more ]  [ reply ]
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========
[REWTERZ-20140103] - Rewterz - Security Advisory
========================================================================
========

Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Product: S

[ more ]  [ reply ]
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========
[REWTERZ-20140102] - Rewterz - Security Advisory
========================================================================
========

Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability
Product: ServiceDesk

[ more ]  [ reply ]
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========

[REWTERZ-20140101] - Rewterz - Security Advisory

========================================================================
========

Title: ManageEngine ServiceDesk SQL Injection Vulnerability
Product: ServiceDesk Plus

[ more ]  [ reply ]
[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days 2015-01-22
Hafez Kamal (aphesz hackinthebox org)
Hi guys - Happy New Year!

Just a reminder that the first selection round for submissions to HITB
Security Conference 2015 in Amsterdam is closing at the end of January!
That's T - 10 days and counting!!!

===

Date: 26th - 29th May 2015
Venue: De Beurs van Berlage
Event Website: http://conference.h

[ more ]  [ reply ]
PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PhotoSync 1.1.3 Android - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Program-O v2.4.6 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1414

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
14

[ more ]  [ reply ]
CVE-2015-1180-xss-eventsentry 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1180-xss-eventsentry

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface
Affected Software : EventSentry
Affected Versions: 3.1.0 and possibly below
Vendor Homepage : http://eventsentry.com/
Vulnerability Type : Cross-

[ more ]  [ reply ]
CVE-2015-1179-xss-mango-automation-scada 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1179-xss-mango-automation-scada

Information
-----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software
Affected Software : Mango Automation
Affected Versions: 2.4.0 and possibly below
Vendor Homepage : http://infiniteautomation.com/
V

[ more ]  [ reply ]
CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1178-xss-x-cart-ecommerce

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in X-CART e-Commerce software
Affected Software : X-Cart
Affected Versions: 5.1.8 and possibly below
Vendor Homepage : https://www.x-cart.com
Vulnerability Type : Cross-site Scr

[ more ]  [ reply ]
CVE-2015-1177-xss-exponent 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1177-xss-exponent

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Exponent CMS
Affected Software : Exponent
Affected Versions: 2.3.2 and possibly below
Vendor Homepage : http://www.exponentcms.org/
Vulnerability Type : Cross-site Scripting
Severity

[ more ]  [ reply ]
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP 2015-01-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150122-0 >
=======================================================================
title: Multiple critical vulnerabilities
products: Symantec Data Center Security: Server Advanced (SDCS:SA)
Symantec Cr

[ more ]  [ reply ]
CVE-2015-1176-xss-osticket 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1176-xss-osticket

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in osTicket Ticket system
Affected Software : osTicket
Affected Versions: 1.9.4 and possibly below
Vendor Homepage : http://osticket.com/
Vulnerability Type : Cross-site Scripting
Sever

[ more ]  [ reply ]
[slackware-security] samba (SSA:2015-020-01) 2015-01-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2015-020-01)

New samba packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.1

[ more ]  [ reply ]
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities 2015-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1413

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll 2015-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1415

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600

CVE-ID:
=======
CVE-2014-9600

Release

[ more ]  [ reply ]
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass 2015-01-21
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the

[ more ]  [ reply ]
PhotoSync v1.1.3 Android - Command Inject Vulnerability 2015-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PhotoSync v1.1.3 Android - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
[oCERT-2015-001] JasPer input sanitization errors 2015-01-21
Andrea Barisani (lcars ocert org)

#2015-001 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by an off-by-one error in a buffer boundary check in
jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as
multiple un

[ more ]  [ reply ]
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-01-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04550240

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04550240
Version: 1

HPSBUX03235 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3134-1] sympa security update 2015-01-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3134-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 20, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3133-1] privoxy security update 2015-01-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3133-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 20, 2015

[ more ]  [ reply ]
(Page 8 of 1587)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus