BugTraq Mode:
(Page 9 of 1580)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability 2014-12-09
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2014-0013
Synopsis: VMware vCloud Automation Center product updates address a
critical remote privilege escalation vu

[ more ]  [ reply ]
[CVE-2014-8340] phpTrafficA SQL injection 2014-12-09
Daniël Geerts (dgeerts nikhef nl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: phpTrafficA
Product page: http://soft.zoneo.net/phpTrafficA/
Affected versions: Up to and including 2.3 (latest as of writing).

Description:
An SQL injection exists in Php/Functions/log_function.php, line 933:
$sql3 ="INSERT INTO `${table}_ho

[ more ]  [ reply ]
[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04516572

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04516572
Version: 1

HPSBGN03208 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04518999

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04518999
Version: 1

HPSBGN03222 r

[ more ]  [ reply ]
Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 2014-12-09
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability in Subrion CMS
Affected Software : Subrion CMS
Affected Versions: 3.2.2 and possibly below
Vendor Homepage : http://www.subrion.org/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2014-9120
N

[ more ]  [ reply ]
[SECURITY] [DSA 3093-1] linux security update 2014-12-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3093-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487558

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487558
Version: 2

HPSBST03154 re

[ more ]  [ reply ]
[SECURITY] [DSA 3094-1] bind9 security update 2014-12-08
Giuseppe Iuculano (iuculano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3094-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
December 08, 2014

[ more ]  [ reply ]
[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds 2014-12-08
jlk apache org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds

CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.3, 4.4

Description:
Apache CloudStack may be configured

[ more ]  [ reply ]
[ANN] Apache Struts 2.3.20 GA release available with security fix 2014-12-08
Lukasz Lenart (lukaszlenart apache org)
The Apache Struts group is pleased to announce that Apache Struts
2.3.20 is available as a "General Availability" release. The GA
designation is our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is desig

[ more ]  [ reply ]
CFP: InfoSec SouthWest 2015 (ISSW) 2014-12-08
Tod Beardsley (todb packetfu com)
I'm pleased to announce the Call For Papers for InfoSec Southwest 2015!

If you are interested in speaking at this year's event in Austin, Texas,
on April 11 or April 12, 2015, please take a look our submission
requirements at http://2015.infosecsouthwest.com/cfp.html .

Once you've decided to parti

[ more ]  [ reply ]
CMS Made Simple PHP Code Injection Vulnerability (All versions) 2014-12-06
sahm post com
# CMS Made Simple PHP Code Injection Vulnerability (All versions)
# 2014-12-02
# SAHM (@post.com)
# cmsmadesimple.org
# All versions
---exploit
A malicious attacker can intrude every CMSMS-installed website by taking the following steps:
Open the /install folder from the URL (The cms doesn't force

[ more ]  [ reply ]
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-05
Shawn (citypw gmail com)
Hi Agostino,

I don't think this issue impact on Grsecurity/PaX, which
Hardened-Gentoo is using PaX.

On Fri, Dec 5, 2014 at 7:10 PM, Agostino Sarubbo <ago (at) gentoo (dot) org [email concealed]> wrote:
> On Gentoo (Hardened) I always get form
> ./get_offset2lib:
>
> Offset2lib (libc): 0x0
>
>
> --
> Agostino Sarubbo
> Gentoo

[ more ]  [ reply ]
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) 2014-12-06
Security Explorations (contact security-explorations com)

Hello All,

We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.

There are more issues pending verification - we estimate them to be in
the range of 30+ in total.

Quick summary of our developments so far:
- we bypassed GAE whitelis

[ more ]  [ reply ]
[SECURITY] [DSA 3091-1] getmail4 security update 2014-12-07
Giuseppe Iuculano (iuculano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3091-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
December 07, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3092-1] icedove security update 2014-12-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3092-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 07, 2014

[ more ]  [ reply ]
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass) 2014-12-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1339

[VU#666988] US CERT

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articl

[ more ]  [ reply ]
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities 2014-12-05
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2014-0012
Synopsis: VMware vSphere product updates address security
vulnerabilities
Issue date: 2

[ more ]  [ reply ]
Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-04
Hector Marco (hecmargi upv es)
Hi,

This is a disclosure of a weakness of the ASLR Linux implementation.
The problem appears when the executable is PIE compiled and it has an
address leak belonging to the executable. We named this weakness:
offset2lib.

In this scenario, an attacker is able to de-randomize all mmapped
areas (libr

[ more ]  [ reply ]
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information 2014-12-05
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04510081

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04510081
Version: 1

HPSBGN03205 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-12-05
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04517477

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04517477
Version: 1

HPSBUX03218 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3090-1] iceweasel security update 2014-12-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3090-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3089-1] jasper security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3089-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
[oCERT-2014-009] JasPer input sanitization errors 2014-12-04
Andrea Barisani (lcars ocert org)

#2014-009 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by two heap-based buffer overflows which can lead to
arbitrary code execution. The vulnerability is present in functions
jpc_dec_cp_setfrom

[ more ]  [ reply ]
[SECURITY] [DSA 3088-1] qemu-kvm security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3088-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3087-1] qemu security update 2014-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3087-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014

[ more ]  [ reply ]
Re: Slider Revolution/Showbiz Pro shell upload exploit 2014-12-04
assistenz crm-br com
Thank you for this information! Is there already a fix?

[ more ]  [ reply ]
CVE-2014-9215 - SQL Injection in PBBoard CMS 2014-12-04
tien d tran itas vn
Vulnerability title: SQL Injection in PBBoard CMS
CVE: CVE-2014-9215
CMS: PBBoard
Vendor: Power bulletin board - http://www.pbboard.info/
Product: http://sourceforge.net/projects/pbboard/files/PBBoard_v3.0.1/PBBoard_v3.
0.1.zip/download
Affected version: Version 3.0.1 (updated on 13/09/2014) and befo

[ more ]  [ reply ]
APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 2014-12-03
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1

Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and
addresses the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v1

[ more ]  [ reply ]
[SECURITY] [DSA 3086-1] tcpdump security update 2014-12-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3086-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 03, 2014

[ more ]  [ reply ]
(Page 9 of 1580)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus