BugTraq Mode:
(Page 11 of 1570)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-020: SAP Business Objects Information
Disclosure

1. Impact on Business
=====================

A malicious user can discover information relating to valid users
using a vulnerable Business Objects Enterpris

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-020: SAP Business Objects Denial of
Service via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely shut down t

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing
Authorization Check

1. Impact on Business
=====================

By exploiting this vulnerability an authenticated attacker will be able
to abuse of functionality that sho

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected Cross
Site Scripting Vulnerabilities

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to attack o

[ more ]  [ reply ]
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection 2014-10-08
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2014-028: SAP HANA Web-based Development
Workbench Code Injection

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would
be able to completely compr

[ more ]  [ reply ]
Two XSS in Contact Form DB WordPress plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23233
Product: Contact Form DB WordPress plugin
Vendor: Michael Simpson
Vulnerable Version(s): 2.8.13 and probably prior
Tested Version: 2.8.13
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: September 25,

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23234
Product: EWWW Image Optimizer WordPress plugin
Vendor: Shane Bishop
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: September 24,

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: October 7, 2

[ more ]  [ reply ]
[SECURITY] [DSA 3047-1] rsyslog security update 2014-10-08
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3047-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
October 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04441391

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04441391
Version: 1

SUPPORT COMMUN

[ more ]  [ reply ]
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! 2014-10-07
Pedro Ribeiro (pedrib gmail com)
Hi,

tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a
RCE and the other gets you the domain admin and SQL database creds.
Other minor vulns are also disclosed. Details below.

CERT handled the disclosure for these vulnerabilities (see CERT
VU#121036) and according to them BMC di

[ more ]  [ reply ]
[security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468121

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468121
Version: 2

HPSBMU03118 r

[ more ]  [ reply ]
Multiple vulnerabilities in DrayTek VigorACS SI 2014-10-07
Erik-Paul Dittmer (epdittmer digitalmisfits com)
DrayTek VigorACS SI ( <= 1.3.0)

Vigor ACS-SI Edition is a Central Management System for DrayTek
routers and firewalls,
providing System Integrators or system administration personnel a
real-time integrated
monitoring, configuration and management platform.

-----------------------------------------

[ more ]  [ reply ]
OWTF 1.0 "Lionheart" released! 2014-10-06
Abraham Aranguren (abraham aranguren owasp org)
Dear BugTraq friends,

We are pleased to let you know that OWTF 1.0 "Lionheart" has been released!
Dedicated to the courage and hard work shown by all OWTF contributors,
mentors, everybody that gave us cool ideas, etc. to make this amazing
release happen, to all of you, thank you!

Some links:
- Han

[ more ]  [ reply ]
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 2014-10-06
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Severa

[ more ]  [ reply ]
CA20141001-01: Security Notice for Bash Shellshock Vulnerability 2014-10-06
Williams, James K (Ken Williams ca com)


CA20141001-01: Security Notice for Bash Shellshock Vulnerability

Issued: October 01, 2014

Updated: October 03, 2014

CA Technologies is investigating multiple GNU Bash vulnerabilities,

referred to as the "Shellshock" vulnerabilities, which were publicly

disclosed on September 24-27,

[ more ]  [ reply ]
Multiple Vulnerabilities in Draytek Vigor 2130 2014-10-06
Erik-Paul Dittmer (epdittmer digitalmisfits com)
VIGOR 2130 (firmware < 1.5.4.9)

1.1. Command injection in traceroute functionality

A user can execute arbitrary commands (RCE) on the router by abusing the
traceroute functionality. The interface expects an IP address as input,
but does not validate the input. Just provide the input:
; id
The abov

[ more ]  [ reply ]
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=835

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=705

Release Date:
=============
2014-09-26

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3045-1] qemu security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3045-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3046-1] mediawiki security update 2014-10-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3046-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
October 05, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3044-1] qemu-kvm security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3044-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3042-1] exuberant-ctags security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3042-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code 2014-10-03
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471546
Version: 1

HPSBHF03124 re

[ more ]  [ reply ]
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=869
http://vulnerability-db.com/magazine/articles/2014/09/30/paypal-inc-patc
hed-sev

[ more ]  [ reply ]
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1329

Release Date:
=============
2014-10-02

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1326

Release Date:
=============
2014-09-30

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway 2014-10-03
mirko casadei gmail com
########################################
#Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway
#Date: 02/10/2014
#CVE-ID: CVE-2014-7278
#Product: ZyXEL SBG3300-N series
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below (tested)
#Patc

[ more ]  [ reply ]
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway 2014-10-03
mirko casadei gmail com
########################################
#Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway
#Date: 02/10/2014
#CVE-ID: CVE-2014-7277
#Product: ZyXEL SBG3300-N series
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below

[ more ]  [ reply ]
[ MDVSA-2014:195 ] libvirt 2014-10-03
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:195
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
(Page 11 of 1570)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus