BugTraq Mode:
(Page 10 of 1569)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[security bulletin] HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution 2014-10-08
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472866

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472866
Version: 1

HPSBMU03127 r

[ more ]  [ reply ]
[SECURITY] [DSA 3048-1] apt security update 2014-10-08
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3048-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
October 08, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2014-10-08
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa

Revision 1.0

For Public Release 2014 October 8 16:00 UTC (GMT)

Summary
+======

Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerab

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-032: SAP BusinessObjects Persistent Cross
Site Scripting

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to attack other users of

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-031: SAP Business Objects Information
Disclosure via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to obtain information

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-020: SAP Business Objects Information
Disclosure

1. Impact on Business
=====================

A malicious user can discover information relating to valid users
using a vulnerable Business Objects Enterpris

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-020: SAP Business Objects Denial of
Service via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely shut down t

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing
Authorization Check

1. Impact on Business
=====================

By exploiting this vulnerability an authenticated attacker will be able
to abuse of functionality that sho

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross
Site Scripting Vulnerabilities

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to attack o

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-028: SAP HANA Web-based Development
Workbench Code Injection

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely compr

[ more ]  [ reply ]
Two XSS in Contact Form DB WordPress plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23233
Product: Contact Form DB WordPress plugin
Vendor: Michael Simpson
Vulnerable Version(s): 2.8.13 and probably prior
Tested Version: 2.8.13
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: September 25,

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23234
Product: EWWW Image Optimizer WordPress plugin
Vendor: Shane Bishop
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: September 24,

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: October 7, 2

[ more ]  [ reply ]
[SECURITY] [DSA 3047-1] rsyslog security update 2014-10-08
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3047-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
October 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04441391

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04441391
Version: 1

SUPPORT COMMUN

[ more ]  [ reply ]
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! 2014-10-07
Pedro Ribeiro (pedrib gmail com)
Hi,

tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a
RCE and the other gets you the domain admin and SQL database creds.
Other minor vulns are also disclosed. Details below.

CERT handled the disclosure for these vulnerabilities (see CERT
VU#121036) and according to them BMC di

[ more ]  [ reply ]
[security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468121

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468121
Version: 2

HPSBMU03118 r

[ more ]  [ reply ]
Multiple vulnerabilities in DrayTek VigorACS SI 2014-10-07
Erik-Paul Dittmer (epdittmer digitalmisfits com)
DrayTek VigorACS SI ( <= 1.3.0)

Vigor ACS-SI Edition is a Central Management System for DrayTek
routers and firewalls,
providing System Integrators or system administration personnel a
real-time integrated
monitoring, configuration and management platform.

-----------------------------------------

[ more ]  [ reply ]
OWTF 1.0 "Lionheart" released! 2014-10-06
Abraham Aranguren (abraham aranguren owasp org)
Dear BugTraq friends,

We are pleased to let you know that OWTF 1.0 "Lionheart" has been released!
Dedicated to the courage and hard work shown by all OWTF contributors,
mentors, everybody that gave us cool ideas, etc. to make this amazing
release happen, to all of you, thank you!

Some links:
- Han

[ more ]  [ reply ]
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 2014-10-06
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Severa

[ more ]  [ reply ]
CA20141001-01: Security Notice for Bash Shellshock Vulnerability 2014-10-06
Williams, James K (Ken Williams ca com)


CA20141001-01: Security Notice for Bash Shellshock Vulnerability

Issued: October 01, 2014

Updated: October 03, 2014

CA Technologies is investigating multiple GNU Bash vulnerabilities,

referred to as the "Shellshock" vulnerabilities, which were publicly

disclosed on September 24-27,

[ more ]  [ reply ]
Multiple Vulnerabilities in Draytek Vigor 2130 2014-10-06
Erik-Paul Dittmer (epdittmer digitalmisfits com)
VIGOR 2130 (firmware < 1.5.4.9)

1.1. Command injection in traceroute functionality

A user can execute arbitrary commands (RCE) on the router by abusing the
traceroute functionality. The interface expects an IP address as input,
but does not validate the input. Just provide the input:
; id
The abov

[ more ]  [ reply ]
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=835

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=705

Release Date:
=============
2014-09-26

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3045-1] qemu security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3045-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3046-1] mediawiki security update 2014-10-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3046-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
October 05, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3044-1] qemu-kvm security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3044-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3042-1] exuberant-ctags security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3042-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code 2014-10-03
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471546
Version: 1

HPSBHF03124 re

[ more ]  [ reply ]
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=869
http://vulnerability-db.com/magazine/articles/2014/09/30/paypal-inc-patc
hed-sev

[ more ]  [ reply ]
(Page 10 of 1569)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus