BugTraq Mode:
(Page 10 of 1546)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
CVE-2013-6825 DCMTK Root Privilege escalation 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2013-6825 DCMTK Root Privilege escalation

About DCMTK:

DCMTK is a collection of libraries and applications implementing large parts
the DICOM standard. It includes software for examining, constructing and
converting DICOM image files, handling offline media, sending and receiving
images over a

[ more ]  [ reply ]
FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS) 2014-06-02
Robin Bailey (Robin Bailey dionach com)
Class Cross-Site Scripting
Remote Yes
Published 2nd June 2014
Credit Robin Bailey of Dionach (vulns (at) dionach (dot) com [email concealed])
Vulnerable FCKeditor <= 2.6.10

FCKeditor is prone to a reflected cross-site scripting (XSS) vulnerability due to inadequately sanitised user input. An attacker may leverage this issue

[ more ]  [ reply ]
VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker" Sandbox Bypass (Pwn2Own) 2014-06-02
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Adobe Acrobat & Reader XI-X "AcroBroker"
Sandbox Bypass (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to c

[ more ]  [ reply ]
[FD] CVE-2013-6876 s3dvt Root shell 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2013-6876 s3dvt Root shell

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

A vulnerability in s3dvt for versions prior to 0.2.2 allows to obtain
a root shell.

Details, patches, discussion and strategy to exploit at:

[ more ]  [ reply ]
ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability 2014-06-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2014-032

CVE Identifier: CVE-2014-2502

Severity Rating: CVSS Score ? 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA

[ more ]  [ reply ]
CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2843
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulne

[ more ]  [ reply ]
CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2233
===================
"Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulnerability

[ more ]  [ reply ]
CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite" 2014-06-01
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-2232
===================
"Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite"

Vendor
===================
infoware GmbH

Product
===================
MapSuite

Affected versions
===================
This vulnerability affe

[ more ]  [ reply ]
CVE-2014-1226 s3dvt Root shell (still) 2014-06-02
Hector Marco (hecmargi upv es)
CVE-2014-1226 s3dvt Root shell (still)

About s3dvt:

s3dvt is part of the 3d network display server which can be used as
3d desktop environment.

Vulnerability:

The s3dvt developers forgot to review all the code. There is still a
vulnerable function as in the previous CVE-2013-6825. At the date

[ more ]  [ reply ]
[SECURITY] [DSA 2942-1] typo3-src security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2942-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Jun 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2944-1] gnutls26 security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2944-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2014

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2014-152-01) 2014-06-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2014-152-01)

New mariadb packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mariadb-

[ more ]  [ reply ]
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress 2014-06-01
Yarubo Internet Security Scan (no-reply yarubo com)
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
=========================================================

Program: Participants Database <= 1.5.4.8
Severity: Unauthenticated attacker can fully compromise the Wordpress
installation
Permalink: http://www.yarubo.com/advisorie

[ more ]  [ reply ]
[SECURITY] [DSA 2941-1] lxml security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2941-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
Jun 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2943-1] php5 security update 2014-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2943-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2939-1] chromium-browser security update 2014-05-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2939-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
May 31, 2014

[ more ]  [ reply ]
Google Compute Engine Multiple DOS Vulnerabilities 2014-05-30
Scott T. Cameron (routehero gmail com)
Google Compute Engine VMs Multiple Remote Denial of Service Vulnerabilities
------------------------------------------------------------------------
----------------------------

Overview
------------

Google Compute Engine (GCE) is a "cloud"-based, virtualized
platform-as-a-service. Users may "rent

[ more ]  [ reply ]
Google Compute Engine - Lateral Compromise 2014-05-30
Scott T. Cameron (routehero gmail com)
A user who creates a GCE VM with compute-rw privileges, who
subsequently has that single VM compromised, can lead to a global
compromise of all VMs inside of the account.

VMs created in the web UI, by default, come with compute-rw privileges.

Googleâ??s account manager fetches ssh keys from the

[ more ]  [ reply ]
NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation 2014-05-30
\VMware Security Response Center\ (security vmware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
VMware Security Advisory

Advisory ID: VMSA-2014-0005
Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address
a guest privilege escalation
Issue date: 2014-05-2

[ more ]  [ reply ]
Mybb Sendthread Page Denial of Service Vulnerability 2014-05-29
iedb team gmail com
Denial of Service Vulnerability In Mybb 1.6.13 and old version

#!/usr/bin/perl
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
OpenCart 1.5.6.4 Directory Traversal Vulnerability 2014-05-29
iedb team gmail com (1 replies)
Directory Traversal Vulnerability In OpenCart 1.5.6.4 and old version

#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@

[ more ]  [ reply ]
Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability 2014-06-01
Henri Salo (henri nerv fi)
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines 2014-05-28
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

for MANY years now Microsofts own documentation for CreateProcess*()
<http://msdn.microsoft.com/library/cc144175.aspx> resp.
<http://msdn.microsoft.com/library/cc144101.aspx> says:

| Note: If any element of the command string contains or might contain

[ more ]  [ reply ]
[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: SQL Injection in webEdition CMS File Browser

RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for examp

[ more ]  [ reply ]
[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in webEdition CMS Installer Script

RedTeam Pentesting discovered a remote command execution vulnerability
in the installer script of the webEdition CMS during a penetration test.
If the installer script is not manually removed after installation,
attackers cannot

[ more ]  [ reply ]
Multiple vulnerabilities in Sharetronix 2014-05-28
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23214
Product: Sharetronix
Vendor: Blogtronix, LLC
Vulnerable Version(s): 3.3 and probably prior
Tested Version: 3.3
Advisory Publication: May 7, 2014 [without technical details]
Vendor Notification: May 7, 2014
Vendor Patch: May 27, 2014
Public Disclosure: May 28, 2014
Vulnerab

[ more ]  [ reply ]
SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress 2014-05-28
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140528-0 >
=======================================================================
title: Root Backdoor & Unauthenticated access to voice recordings
product: NICE Recording eX

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability 2014-05-28
LSE Leading Security Experts GmbH \(Security Advisories\) (advisories lsexperts de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 ===

Check_MK - Arbitrary File Disclosure Vulnerability
- --------------------------------------------------

Affected Versions
=================
Linux versions of Check_MK equal

[ more ]  [ reply ]
[SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2938-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2937-1] mod-wsgi security update 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2937-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
(Page 10 of 1546)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus