BugTraq Mode:
(Page 2 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[oCERT-2014-012] JasPer input sanitization errors 2014-12-18
Andrea Barisani (lcars ocert org)
#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A spe

[ more ]  [ reply ]
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,

[ more ]  [ reply ]
SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager 2014-12-18
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3

[ more ]  [ reply ]
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336

CVE-ID:
=======
CVE-2014-9336

Release Date:
=

[ more ]  [ reply ]
E-Journal CMS (ID) - Multiple Web Vulnerabilities 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
E-Journal CMS (ID) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1380

Release Date:
=============
2014-12-17

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1368

Facebook Security ID: 219162244

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL

[ more ]  [ reply ]
Apple iOS v8.x - Message Context & Privacy Vulnerability 2014-12-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS v8.x - Message Context & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1346

Video: http://www.vulnerability-lab.com/get_content.php?id=1350

Release Date:
=============
2014-12-16

Vu

[ more ]  [ reply ]
Jease CMS v2.11 - Persistent UI Web Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Jease CMS v2.11 - Persistent UI Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1373

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780

CVE-ID:
=======
CVE-2014-8780

Release Date:
=======

[ more ]  [ reply ]
Morfy CMS v1.05 - Command Execution Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Morfy CMS v1.05 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1367

https://github.com/Awilum/monstra-cms/issues/351

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185

CVE

[ more ]  [ reply ]
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability 2014-12-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1372

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334

CVE-ID:
=======
CVE-2014-9334

Release Date:
=

[ more ]  [ reply ]
Cross-Site Scripting (XSS) in Revive Adserver 2014-12-17
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23242
Product: Revive Adserver
Vendor: http://www.revive-adserver.com/
Vulnerable Version(s): 3.0.5 and probably prior
Tested Version: 3.0.5
Advisory Publication: November 12, 2014 [without technical details]
Vendor Notification: November 12, 2014
Vendor Patch: December 17, 2014

[ more ]  [ reply ]
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache 2014-12-17
Tobias Glemser (tglemser secuvera de)
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

Affected Products
W3 Total Cache 0.9.4 (older releases have not been tested)

"The only WordPress Performance Optimization (WPO) framework;
designed to improve user experience and page speed. (..)
W3 Total Cache improves the user

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:30.unbound 2014-12-17
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:30.unbound Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities 2014-12-17
Matteo Beccati (php beccati com)
========================================================================

Revive Adserver Security Advisory REVIVE-SA-2014-002
------------------------------------------------------------------------

http://www.revive-adserver.com/security/revive-sa-2014-002
----------------------

[ more ]  [ reply ]
[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04512907

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04512907
Version: 1

HPSBMU03217 re

[ more ]  [ reply ]
[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530690

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530690
Version: 1

HPSBOV03226 re

[ more ]  [ reply ]
[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS) 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530570

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530570
Version: 1

HPSBOV03225 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information 2014-12-16
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04518605

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04518605
Version: 1

HPSBMU03221 re

[ more ]  [ reply ]
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1320

Video: http://www.vulnerability-lab.com/get_content.php?id=1332

Release Date:
=============
2014-12-02

Vu

[ more ]  [ reply ]
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1362

Release Date:
=============
2014-12-04

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1365

Release Date:
=============
2014-12-03

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1357

Release Date:
=============
2014-12-02

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability 2014-12-16
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[SECURITY] [DSA 3105-1] heirloom-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3105-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 16, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3104-1] bsd-mailx security update 2014-12-16
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3104-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 16, 2014

[ more ]  [ reply ]
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface 2014-12-16
Mazin Ahmed (mazen150 hotmail com)
####
# Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
# Author: Mazin Ahmed
##
# Date of Discovering: October 6th, 2014
# Date of Reporting to the Vendor: October 7th, 2014
# Date of Releasing a Patch: December 9th, 2014
##
# Vulnerability Type: Cross-Site Re

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA 2014-12-16
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search
Token Privilege Escalation via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote and potentially
unauthenticated attacker would be able

[ more ]  [ reply ]
"Ettercap 8.0 - 8.1" multiple vulnerabilities 2014-12-16
Nick Sampanis (n sampanis obrela com)
"Ettercap 8.0 - 8.1" multiple vulnerabilities

Description
------------------------------------------------------------
Twelve vulnerabilities exist on ettercap-ng which allow remote denial of
service and possible remote code execution. Specifically, the following
vulnerabilities were identified:
 

[ more ]  [ reply ]
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update) 2014-12-16
Security Explorations (contact security-explorations com)

Hello All,

We would like to provide a status update to the initial
announcement [1] made a week ago regarding our SE-2014-02
security research project targeting Google App Engine
for Java.

Information regarding vulnerabilities and associated PoC
codes (Issues 1-22 / unconfirmed Issues 23-35) was

[ more ]  [ reply ]
CA20141215-01: Security Notice for CA LISA Release Automation 2014-12-15
Williams, Ken (Ken Williams ca com)


-----BEGIN PGP SIGNED MESSAGE-----

CA20141215-01: Security Notice for CA LISA Release Automation

Issued: December 15, 2014

CA Technologies Support is alerting customers to multiple

vulnerabilities in CA Release Automation (formerly CA LISA Release

Automation, change effective 2014-09-

[ more ]  [ reply ]
(Page 2 of 1576)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus