BugTraq Mode:
(Page 12 of 1547)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
OpenCart 1.5.6.4 Directory Traversal Vulnerability 2014-05-29
iedb team gmail com
Directory Traversal Vulnerability In OpenCart 1.5.6.4 and old version

#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 15): unquoted arguments in 120 (of 462) command lines 2014-05-28
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

for MANY years now Microsofts own documentation for CreateProcess*()
<http://msdn.microsoft.com/library/cc144175.aspx> resp.
<http://msdn.microsoft.com/library/cc144101.aspx> says:

| Note: If any element of the command string contains or might contain

[ more ]  [ reply ]
[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: SQL Injection in webEdition CMS File Browser

RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for examp

[ more ]  [ reply ]
[RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script 2014-05-28
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution in webEdition CMS Installer Script

RedTeam Pentesting discovered a remote command execution vulnerability
in the installer script of the webEdition CMS during a penetration test.
If the installer script is not manually removed after installation,
attackers cannot

[ more ]  [ reply ]
Multiple vulnerabilities in Sharetronix 2014-05-28
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23214
Product: Sharetronix
Vendor: Blogtronix, LLC
Vulnerable Version(s): 3.3 and probably prior
Tested Version: 3.3
Advisory Publication: May 7, 2014 [without technical details]
Vendor Notification: May 7, 2014
Vendor Patch: May 27, 2014
Public Disclosure: May 28, 2014
Vulnerab

[ more ]  [ reply ]
SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress 2014-05-28
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140528-0 >
=======================================================================
title: Root Backdoor & Unauthenticated access to voice recordings
product: NICE Recording eX

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability 2014-05-28
LSE Leading Security Experts GmbH \(Security Advisories\) (advisories lsexperts de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 ===

Check_MK - Arbitrary File Disclosure Vulnerability
- --------------------------------------------------

Affected Versions
=================
Linux versions of Check_MK equal

[ more ]  [ reply ]
[SECURITY] [DSA 2938-1] Availability of LTS support for Debian 6.0 / squeeze 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2938-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2937-1] mod-wsgi security update 2014-05-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2937-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 27, 2014

[ more ]  [ reply ]
[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0119 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.5
- Apache Tomcat 7.0.0 to 7.0.53
- Apache Tomcat 6.0.0 to 6.0.39

Description:
In limited circumstances it was possible for a malicious web applicat

[ more ]  [ reply ]
CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages 2014-05-27
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Unauthenticated Backup and Password Disclosure in
HandsomeWeb SOS Webpages
CVE: CVE-2014-3445
Vendor: HandsomeWeb
Product: SOS Webpages
Affected version: 1.1.11 and earlier
Fixed version: 1.1.12
Reported by: Freakyclown

Details:

The default setup allows an unauthenticated user

[ more ]  [ reply ]
[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org) (1 replies)
CVE-2014-0097 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The code used to parse the request content length header did not chec

[ more ]  [ reply ]
[SECURITY] CVE-2014-0095 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0095 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC2 to 8.0.3

Description:
A regression was introduced in revision 1519838 that caused AJP
requests to hang if an explicit content length of zero was set on the
req

[ more ]  [ reply ]
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0096 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The default servlet allows web applications to define (at multiple
le

[ more ]  [ reply ]
[SECURITY] CVE-2014-0075 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0075 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
It was possible to craft a malformed chunk size as part of a chucked
reque

[ more ]  [ reply ]
call for papers- £Ã£Ó£Ó£Å£²£°£±£´ 2014-05-27
cfp-conf2014.org (cfp-conf2014 org securityfocus com)
Announcement for CSSE2014£ºComputer Science and Software Engineering Related Field International Academic Conference

Welcome to submit papers to CSSE2014
Computer Science and Software Engineering
Hangzhou, China, 2014/10/18, 19

All accepted papers will be published by All accepted
papers will be p

[ more ]  [ reply ]
[security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code 2014-05-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04311273

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04311273
Version: 1

HPSBGN03041 re

[ more ]  [ reply ]
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) 2014-05-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap
Overflow (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to create,

[ more ]  [ reply ]
[security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS) 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04084148

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04084148
Version: 3

HPSBUX02960 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04249113

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04249113
Version: 3

HPSBMU03009 re

[ more ]  [ reply ]
ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities 2014-05-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-021

CVE Identifier: CVE-2014-0639

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products:

RSA Archer ver

[ more ]  [ reply ]
[SECURITY] [DSA 2936-1] torque security update 2014-05-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2936-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 23, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information 2014-05-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04267775

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04267775
Version: 2

HPSBMU03025 re

[ more ]  [ reply ]
[security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure 2014-05-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102
Version: 8

HPSBMU02995 r

[ more ]  [ reply ]
ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability 2014-05-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability

EMC Identifier: ESA-2014-045

CVE Identifier: CVE-2014-2504

Severity: CVSSv2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Documentum D2

[ more ]  [ reply ]
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 2014-05-21
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impac

[ more ]  [ reply ]
[KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com) (1 replies)
------------------------------------------------------------------------

Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
------------------------------------------------------------------------

[-] Software Link:

http://dotclear.org/

[-] Affected Versions:

Version 2.6.

[ more ]  [ reply ]
[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com)
[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
------------------------------------------------------------------------
-

[-] Software Link:

http://dotclear.org/

[-] Affected Versions:

Version 2

[ more ]  [ reply ]
(Page 12 of 1547)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus