BugTraq Mode:
(Page 9 of 1551)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability 2014-07-07
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability

EMC Identifier: ESA-2014-057

CVE Identifier: CVE-2014-2510

Severity Rating: CVSS v2 Base Score: 8 (AV:N/AC:L/Au:S/C:C/I:P/A:P)

Affected products:

[ more ]  [ reply ]
ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities 2014-07-07
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities

EMC Identifier: ESA-2014-064

CVE Identifier: CVE-2014-2513, CVE-2014-2514

Severity Rating: CVSS v2 Base Score: Refer below for scores for each CVE.

Affecte

[ more ]  [ reply ]
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Org WonderApplications v8.3 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1277

Release Date:
=============
2014-07-04

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
[SECURITY] CVE-2014-3503 Apache Syncope 2014-07-07
Francesco Chicchiriccò (ilgrosso apache org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3503: Insecure Random implementations used to generate passwords in
Apache Syncope

Severity: Major

Vendor: The Apache Software Foundation

Versions Affected:

This vulnerability affects all versions of Apache Syncope 1.1.x prior to
1.1.8

[ more ]  [ reply ]
Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Yahoo! Bug Bounty #25 Flickr API - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1132

Release Date:
=============
2014-07-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability 2014-07-07
Vulnerability Lab (admin vulnerability-lab com)
Document Title:
===============
Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1050

PayPal Security UID: Pq115cey

Release Date:
=============
2014

[ more ]  [ reply ]
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability 2014-07-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1278

PayPal Inc Security UID: cDc49dT

Release Date:
=============
2014-06-04

Vulnerability Laboratory

[ more ]  [ reply ]
Backdoor access to Techboard/Syac devices 2014-07-07
roberto paleari emaze net
[ADVISORY INFORMATION]
Title: Backdoor access to Techboard/Syac devices
Discovery date: 02/04/2014
Release date: 07/07/2014
Advisory URL: http://blog.emaze.net/2014/07/backdoor-techboardsyac.html
Credits: Roberto Paleari (@rpaleari),
Luca Giancane (luca.giancane (at) emaze (dot) net [email concealed])

[VULNERABILITY IN

[ more ]  [ reply ]
{CVE-ID request} - OCS-Inventory-NG Multiple Stored Cross Site Scripting Vulnerabilities. 2014-07-07
Madhu Akula (madhu akula hotmail com)


# Title: Multiple Stored Cross Site Scripting Vulnerabilities
# Author: Madhu Akula
# Vendor Homepage: http://www.ocsinventory-ng.org/en/
# Software Link: http://www.ocsinventory-ng.org/en/download/
# Tested on: Chrome, Mozilla

Reporter Name : Madhu Akula

Product : OCS-Inventory NG

Version :

[ more ]  [ reply ]
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries 2014-07-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Apples current iTunes 11.2.2 for Windows comes with the following
COMPLETELY outdated and vulnerable 3rd party libraries (as part of
AppleApplicationSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!
the current versio

[ more ]  [ reply ]
CVE-2014-3863 - Stored XSS in JChatSocial 2014-07-07
Teodor Lupan (teodor lupan safetech ro)
CVE-2014-3863
===================
"Stored Cross-Site Scripting (XSS)" (CWE-79) vulnerability in
"JChatSocial" Joomla extension.

Vendor
===================
Joomla! Extensions Store

Product
===================
JChatSocial: the Joomla live chat
"JChatSocial is a powerful chat system for Joomla with a

[ more ]  [ reply ]
Re: Android KeyStore Stack Buffer Overflow (CVE-2014-3100) 2014-07-07
a blas actisec com
Hi,

We have just released an App to check if your device is affected by this bug:

https://play.google.com/store/apps/details?id=com.actisec.keystorescanne
r

Thanks.
Arturo

[ more ]  [ reply ]
[SECURITY] [DSA 2972-1] linux security update 2014-07-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2972-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 06, 2014

[ more ]  [ reply ]
Lime Survey 2-05+ Multiple Vulnerabilities 2014-07-06
g-damore outlook com
Lime Survey Multiple Vulnerabilities
=======================================================================

[ADVISORY INFORMATION]
Title: Lime Survey Multiple Vulnerabilities
Discovery date: 02/07/2014
Release date: 03/07/2014
Vendor Homepage: www.limesurvey.org
Version: Lime Survey 2.0

[ more ]  [ reply ]
[security bulletin] HPSBMU03051 rev.2 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information 2014-07-03
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04345210

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04345210
Version: 2

HPSBMU03051 r

[ more ]  [ reply ]
POC2014 Call for Paper 2014-07-03
pocadm gmail com
The 9th international hacking and security conference "POC2014? will be held
in Seoul, Korea on November 6 ~ 7.
POC is one of the very small number of best technical ?hacking? conferences.
POC always tries to to show real hacking and security, because POC believes
that showing talks much more than

[ more ]  [ reply ]
[security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04355129

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04355129
Version: 1

HPSBMU03059 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04357076

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04357076
Version: 1

HPSBMU03064 re

[ more ]  [ reply ]
[SECURITY] [DSA 2971-1] dbus security update 2014-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2971-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager 2014-07-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID: cisco-sa-20140702-cucdm

Revision 1.0

For Public Release 2014 July 2 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary

[ more ]  [ reply ]
[security bulletin] HPSBMU03055 rev.1 - HP Smart Update Manager (HP SUM) running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information 2014-07-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04349175

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04349175
Version: 1

HPSBMU03055 r

[ more ]  [ reply ]
Cross-Site Request Forgery (CSRF) in Kanboard 2014-07-02
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23217
Product: Kanboard
Vendor: http://kanboard.net/
Vulnerable Version(s): 1.0.5 and probably prior
Tested Version: 1.0.5
Advisory Publication: May 28, 2014 [without technical details]
Vendor Notification: May 28, 2014
Vendor Patch: June 30, 2014
Public Disclosure: July 2, 2014

[ more ]  [ reply ]
CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" 2014-07-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3149
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "Invision Power IP.Board" product

Vendor
===================
Invision Power Services Inc.

Product
===================
IP.Board
"IP.Board is the lead

[ more ]  [ reply ]
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in EMC Documentum eRoom 2014-07-01
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory 20140701-0
=======================================================================
title: Stored cross-site scripting vulnerabilities
product: EMC Documentum eRoom
vulnerable ver

[ more ]  [ reply ]
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection 2014-06-30
info fereidani com
Document Title:
======================
Kerio Control <= 8.3.1 Boolean-based blind SQL Injection

Primary Informations:
======================

Product Name: Kerio Control
Software Description: Kerio Control brings together multiple capabilities
including a network firewall and router, intrusion d

[ more ]  [ reply ]
ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities 2014-06-30
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-060: EMC Documentum eRoom Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-060

CVE Identifier: CVE-2014-2512

Severity Rating: CVSS v2 Base Score: 8 (AV:N/AC:L/Au:S/C:C/I:P/A:P)

Affected products:

? EMC Doc

[ more ]  [ reply ]
APPLE-SA-2014-06-30-4 Apple TV 6.1.2 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-4 Apple TV 6.1.2

Apple TV 6.1.2 is now available and addresses the following:

Apple TV
Available for: Apple TV 2nd generation and later
Impact: An application could cause the device to unexpectedly
restart
Description: A null po

[ more ]  [ reply ]
APPLE-SA-2014-06-30-3 iOS 7.1.2 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-3 iOS 7.1.2

iOS 7.1.2 is now available and addresses the following:

Certificate Trust Policy
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Update to the certificate trust polic

[ more ]  [ reply ]
[security bulletin] HPSBST03000 rev.4 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information 2014-06-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04260637

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04260637
Version: 4

HPSBST03000 re

[ more ]  [ reply ]
APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update 2014-003 2014-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-06-30-2 OS X Mavericks 10.9.4 and Security Update
2014-003

OS X Mavericks 10.9.4 and Security Update 2014-003 are now available
and address the following:

Certificate Trust Policy
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7

[ more ]  [ reply ]
(Page 9 of 1551)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus