BugTraq Mode:
(Page 8 of 1609)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% 2015-04-21
Hector Marco-Gisbert (hecmargi upv es)
A security issue in Linux ASLR implementation which affects some AMD processors
has been found. The issue affects to all Linux process even if they are not
using shared libraries (statically compiled).

The problem appears because some mmapped objects (VDSO, libraries, etc.) are
poorly randomized

[ more ]  [ reply ]
Linux ASLR mmap weakness: Reducing entropy by half 2015-04-21
Hector Marco-Gisbert (hecmargi upv es)
A bug in Linux ASLR implementation has been found. The issue is that the mmap
base address for processes is not properly randomized on some architectures due
to an improper bit-mask manipulation. Affected systems have reduced the mmap
area entropy of the processes by half.

The number of possible

[ more ]  [ reply ]
[security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information 2015-04-21
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04626982

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04626982
Version: 1

HPSBGN03305 re

[ more ]  [ reply ]
GoAutoDial 3.3 multiple vulnerabilities 2015-04-21
root localhost com
Affected software: GoAutoDial
Affected version: 3.3-1406088000 (GoAdmin) and previous releases of GoAutodial 3.3
Associated CVEs: CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845
Vendor advisory: http://goautodial.org/news/21

Abstract:
Multiple vulnerabilties exist in the GoAutodial 3.3 o

[ more ]  [ reply ]
Google Analytics by Yoast stored XSS #2 2015-04-21
Jouko Pynnonen (jouko iki fi)
OVERVIEW
==========

Google Analytics by Yoast is one of the most popular WordPress
plug-ins with over 7 million downloads and "1+ million" active
installs. Last month Yoast patched a stored XSS we reported in the
plug-in. Shortly after this we identified another bug of a similar
severity. The secon

[ more ]  [ reply ]
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1314

Release Date:
=============
2015-03-23

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1453

Video: http://www.vulnerability-lab.com/get_content.php?id=1454

View: https://www.youtube

[ more ]  [ reply ]
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1228

Release Date:
=============
2015-03-25

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1227

Release Date:
=============
2015-03-24

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1215

Release Date:
=============
2015-03-23

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1445

Release Date:
=============
2015-03-12

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1447

Release Date:
=============
2015-03-13

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Mobile Drive HD v1.8 - File Include Web Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobile Drive HD v1.8 - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1446

Release Date:
=============
2015-03-11

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1444

Release Date:
=============
2015-03-10

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
[security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2015-04-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04636829

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04636829
Version: 1

HPSBMU03321 re

[ more ]  [ reply ]
[SECURITY] [DSA 3230-1] django-markupfield security update 2015-04-20
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3230-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
April 20, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3229-1] mysql-5.5 security update 2015-04-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3229-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
April 19, 2015

[ more ]  [ reply ]
Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation 2015-04-19
lem nikolas gmail com
-=[Advanced Information Security Corp]=-

Author: Nicholas Lemonias
Report Date: 2/4/2015
Email: lem.nikolas (at) gmail (dot) com [email concealed]

Introduction
==========
During a source-code audit of the OpenSSL v1.0.2a (Latest)
implementation for linux; conducted internally by the Advance

[ more ]  [ reply ]
CVE-2014-7953 Android backup agent code execution 2015-04-17
Imre RAD (imre rad search-lab hu)
Android backup agent arbitrary code execution
---------------------------------------------

The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
pac

[ more ]  [ reply ]
CVE-2014-7951 adb backup archive path traversal file overwrite 2015-04-17
Imre RAD (imre rad search-lab hu)
ADB backup archive path traversal file overwrite
------------------------------------------------

Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.

By modifying tar headers to contain ../../ like patterns it is

[ more ]  [ reply ]
CVE-2014-7954 MTP path traversal vulnerability in Android 2015-04-17
Imre RAD (imre rad search-lab hu)
MTP path traversal vulnerability in Android 4.4
-----------------------------------------------

doSendObjectInfo() method of the MtpServer class implemented in
frameworks/av/media/mtp/MtpServer.cpp does not validate the name
parameter of the incoming MTP packet at all.

It is possible to upload fil

[ more ]  [ reply ]
112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges 2015-04-17
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable
with RCE with root privileges
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x00.txt.asc
Date published: 2015-04-17
Vendors contacted: Kr

[ more ]  [ reply ]
Lychee 2.7.1 remote code execution 2015-04-16
Filippo Cavallarin (filippo cavallarin segment technology)
Advisory ID: SGMA15-002
Title: Lychee remote code execution
Product: Lychee
Version: 2.7.1 and probably prior
Vendor: lychee.electerious.com
Vulnerability type: Remote Code Execution
Risk level: High
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-04-12
Vendor fix:

[ more ]  [ reply ]
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability 2015-04-16
prathan ptr gmail com
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /

[ more ]  [ reply ]
[SECURITY] [DSA 3228-1] ppp security update 2015-04-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3228-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
April 16, 2015

[ more ]  [ reply ]
[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities 2015-04-16
alex_haynes outlook com
Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities
Product: Landesk Management Suite
Vulnerable Versions: 9.5 (and possible previous versions), 9.6
Tested Version: 9.5
Advisory Publication: 16/04/2015
Latest Update: 16/04/2015
Vulnerability Type: Cross-site request forgery [CWE-352

[ more ]  [ reply ]
Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability 2015-04-16
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 16/04/2015

Oracle Outside In ibpsd2.dll PSD File Processing

Buffer Overflow Vulnerability

==================================================

[ more ]  [ reply ]
[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities 2015-04-15
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574207

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574207
Version: 1

HPSBMU03264 re

[ more ]  [ reply ]
[SECURITY] [DSA 3227-1] movabletype-opensource security update 2015-04-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3227-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
April 15, 2015

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability 2015-04-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

Advisory ID: cisco-sa-20150415-csd

Revision 1.0

For Public Release 2015 April 15 16:00 UTC (GMT)

+-------------------------------------------------------

[ more ]  [ reply ]
(Page 8 of 1609)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus