BugTraq Mode:
(Page 8 of 1593)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench 2015-02-25
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site
Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated atta

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:05.bind 2015-02-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:05.bind Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp 2015-02-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
N.E.T. E-Commerce Group Cross Site Scripting Vulnerability 2015-02-24
iedb team gmail com
Cross Site Scripting Vulnerability In N.E.T. E-Commerce Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
[SECURITY] [DSA 3170-1] linux security update 2015-02-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3160-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Ben Hutchings
February 23, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3169-1] eglibc security update 2015-02-23
Aurelien Jarno (aurel32 debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-3169-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Aurelien Jarno
February 23, 2015 ht

[ more ]  [ reply ]
[SECURITY] [DSA 3168-1] ruby-redcloth security update 2015-02-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3168-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
February 22, 2015

[ more ]  [ reply ]
CVE-2014-8487: Kony EMM insecurity Direct Object Reference 2015-02-22
michael hendrickx helpag com
------------------------------------------------------------------------

Product: Enterprise Mobile Management
Vendor: Kony
Vulnerable Version(s): Kony EMM 1.2 and probably older versions
Tested Version: Drupal Kony EMM 1.2
Advisory Publication: 24 December 2014
Vendor Notification: 8 December 20

[ more ]  [ reply ]
[SECURITY] [DSA 3167-1] sudo security update 2015-02-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3167-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3166-1] e2fsprogs security update 2015-02-22
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3166-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
February 22, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3165-1] xdg-utils security update 2015-02-22
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3165-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
February 21, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3171-1] samba security update 2015-02-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3171-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3164-1] typo3-src security update 2015-02-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3164-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2015

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation 2015-02-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the MSDN documents the BRAINDEAD behaviour of the functions
CreateProcess() <https://msdn.microsoft.com/en-us/library/ms682425.aspx>,
CreateProcessAsUser() <https://msdn.microsoft.com/en-us/library/ms682429.aspx>
CreateProcessWithLogonW() <https://msdn.microsoft.com/en-us/library/ms682431.a

[ more ]  [ reply ]
Stored XSS Vulnerability in ADPlugg Wordpress Plugin 2015-02-21
kingkaustubh me com
=====================================================
Stored XSS Vulnerability in ADPlugg Wordpress Plugin
=====================================================

. contents:: Table Of Content

Overview
========

* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin
* Author: Kaustubh G. P

[ more ]  [ reply ]
[security bulletin] HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties 2015-02-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04554677

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04554677
Version: 1

HPSBUX03240 SS

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability 2015-02-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150220-ipv6

Revision 1.0

For Public Release 2015 February 20 16:30 UTC (GMT)

+---------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS) 2015-02-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574882

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574882
Version: 1

HPSBPV03266 re

[ more ]  [ reply ]
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released iTunes 12.1.1 for Windows still comes with
outdated and VULNERABLE 3rd party libraries and vulnerable
command lines:

In AppleMobileDeviceSupport.msi:

* libeay32.dll and ssleay32.dll 0.9.8za from 2014-06-05

The current version is 0.9.8ze and has 21 security fixes
whi

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in order to prevent the start of the defunct USENET news client
(alias "Windows Mail") that Microsoft installs with Windows 7
and later versions of Windows as "Microsoft Outlook NewsReader",
the installation of all editions of Microsoft Office 2010 which
include Microsoft Outlook 2010 as we

[ more ]  [ reply ]
[SECURITY] [DSA 3163-1] libreoffice security update 2015-02-19
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3163-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 19, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3162-1] bind9 security update 2015-02-18
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3162-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
February 18, 2015

[ more ]  [ reply ]
PHP Code Execution in jui_filter_rules Parsing Library 2015-02-18
Timo Schmid (tschmid ernw de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

PHP Code Execution in jui_filter_rules Parsing Library
======================================================
Researcher: Timo Schmid <tschmid (at) ernw (dot) de [email concealed]>

Description
===========
jui_filter_rules[1] is a jQuery plugin which allows users to generate

[ more ]  [ reply ]
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 2015-02-18
sven bsddaemon org
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

----------------------------------------------------------------

Product Information:

Software: Piwigo

Tested Version: 2.7.3, released on 9 January 2015

Vulnerability Type: SQL Injection (CWE-89)

Download link: http://piwigo.org/basics/d

[ more ]  [ reply ]
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite 2015-02-18
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite

During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files of

[ more ]  [ reply ]
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilitiesþ 2015-02-17
Rehan Ahmed (knight_rehan hotmail com)
========================================================

I. Overview

========================================================

Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in

Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allo

[ more ]  [ reply ]
NetGear WNDR Authentication Bypass / Information Disclosure 2015-02-17
Peter Adkins (peter adkins kernelpicnic net)
>> NetGear WNDR Authentication Bypass / Information Disclosure

Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

Access:
----
Local network; unauthenticated access.
Remote network; unauthenticated access*.

Tracking and identifiers:
----
CVE - Mitre contacted; not yet allocated.

Pl

[ more ]  [ reply ]
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability 2015-02-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1226

eBay Inc. Bug Bounty Program ID: EIBBP-27288

Vulnerability Magazine: http://

[ more ]  [ reply ]
CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher 2015-02-17
kingkaustubh me com
# Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin
# Author: Kaustubh G. Padwad
# CVE-ID : CVE-2015-1614
# Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/
# Severity: Medium

# Description:
# Vulnerable Parameter: Alternate text,Caption,Cu

[ more ]  [ reply ]
[slackware-security] sudo (SSA:2015-047-03) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] sudo (SSA:2015-047-03)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
(Page 8 of 1593)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus