BugTraq Mode:
(Page 10 of 1580)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection 2014-12-03
Ewerson Guimarães (Crash) - Dclabs (crash dclabs com br)
Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130

Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?fai
lrefer=<script></scrip

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2014-337-01) 2014-12-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2014-337-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3085-1] wordpress security update 2014-12-03
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3085-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
December 03, 2014

[ more ]  [ reply ]
F5 BIGIP - (OLD!) Persistent XSS in ASM Module 2014-12-02
jplopezy gmail com

Description
-----------

The f5 is a "load balancer" which has several modules, one of them called ASM works as a WAF (firewall application). The asm allow create security policy
to protect a web site for example.

For it have some methods

Create a policy automatically (recommended) <- BAD IDEA
C

[ more ]  [ reply ]
ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability

EMC Identifier: ESA-2014-160

CVE Identifier: CVE-2014-4631

Severity Rating: CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products:

RSA Adapti

[ more ]  [ reply ]
ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability 2014-12-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability

EMC Identifier: ESA-2014-156

CVE Identifier: CVE-2014-4629

Severity Rating: CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:P/A:C)

Affected product

[ more ]  [ reply ]
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress 2014-12-02
Henri Salo (henri nerv fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin cm-download-manager
Plugin page: https://wordpress.org/plugins/cm-download-manager/
Vendor: CreativeMindsSolutions http://cminds.com/
Vulnerability Type: CWE-79: Cross-site scripting
Vulnerable Versions: 2.0.6 and below
Fixed V

[ more ]  [ reply ]
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components 2014-12-02
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager
Mobile Device Management Components

During a penetration test, RedTeam Pentesting discovered that several
IBM Endpoint Manager Components are based on Ruby on Rails and use
static secret_token values. With these value

[ more ]  [ reply ]
[SECURITY] [DSA 3084-1] openvpn security update 2014-12-01
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3084-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 01, 2014

[ more ]  [ reply ]
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: EntryPass N5200 Credentials Disclosure

EntryPass N5200 Active Network Control Panels allow the unauthenticated
downloading of information that includes the current administrative
username and password.

Details
=======

Product: EntryPass N5200 Active Network Control Panel
Affected Versi

[ more ]  [ reply ]
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf

During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.

Details
=======

[ more ]  [ reply ]
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire 2014-12-01
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Information Disclosure in TYPO3 Extension ke_questionnaire

The TYPO3 extension ke_questionnaire stores answered questionnaires in a
publicly reachable directory on the webserver with filenames that are
easily guessable.

Details
=======

Product: ke_questionnaire
Affected Versions: 2.5.

[ more ]  [ reply ]
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4 2014-12-01
Stephan Rickauer swisscom com
#############################################################
#
# SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security
#
#############################################################
#
# CVE ID: CVE-2014-3809
# Product: 1830 Photonic Service Switch PSS-32/16/4
# Vendor: Alcatel-Lucent
# S

[ more ]  [ reply ]
[SECURITY] [DSA 3081-1] libvncserver security update 2014-11-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3081-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
November 29, 2014

[ more ]  [ reply ]
[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360 2014-11-30
Pedro Ribeiro (pedrib gmail com) (1 replies)
Hi,

This is part 9 of the ManageOwnage series. For previous parts see [1].

Today we have yet another 0 day - an arbitrary file download
vulnerability that be exploited unauthenticated in NetFlow Analyzer
and authenticated in IT360.
I'm releasing this as a 0 day because ManageEngine have been makin

[ more ]  [ reply ]
[SECURITY] [DSA 3082-1] flac security update 2014-11-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3082-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 30, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3083-1] mutt security update 2014-11-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3083-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 30, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3080-1] openjdk-7 security update 2014-11-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3080-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 29, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3079-1] ppp security update 2014-11-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3079-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 28, 2014

[ more ]  [ reply ]
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) 2014-11-29
john secureli com
author details: John M. (john (at) secureli (dot) com [email concealed])
homepage details: SECURELI.com

Description:

CVE-2014-9034 was published recently, highlighting an issue that ?allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing? due to php

[ more ]  [ reply ]
[ MDVSA-2014:237 ] perl-Mojolicious 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:237
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:236 ] file 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:236
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:235 ] perl-Plack 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:235
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:234 ] libksba 2014-11-28
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:234
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 22): no DEP in Windows' filesystem (and ASLR barely used) 2014-11-27
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

more than 20 years ago Microsoft introduced the NTFS filesystem
(supporting ACLs) and "user profiles" to separate user data
(with emphasis on "data") from the OS and each other.

More than 13 years ago Microsoft introduced "software restriction
policies" alias SAFER (<https://support.micro

[ more ]  [ reply ]
[security bulletin] HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information 2014-11-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04509419

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04509419
Version: 1

HPSBGN03209 re

[ more ]  [ reply ]
[ MDVSA-2014:233 ] wordpress 2014-11-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:233
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 3078-1] libksba security update 2014-11-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3078-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 27, 2014

[ more ]  [ reply ]
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability 2014-11-27
Egidio Romano (research karmainsecurity com)

-----------------------------------------------------------------
Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
-----------------------------------------------------------------

[-] Software Links:

https://www.tuleap.org/
https://www.enalean.com/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
(Page 10 of 1580)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus