BugTraq Mode:
(Page 12 of 1570)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) 2014-10-01
Michal Zalewski (lcamtuf coredump cx)
Good morning! This is kinda long.

== Background ==

If you are not familiar with the original bash function export
vulnerability (CVE-2014-6271), you may want to have a look at this
article:

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impac
t.html

Well, long story short: the

[ more ]  [ reply ]
[ MDVSA-2014:193 ] xerces-j2 2014-10-01
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:193
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:192 ] perl-Email-Address 2014-10-01
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:192
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 3041-1] xen security update 2014-10-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3041-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 01, 2014

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in Textpattern 2014-10-01
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23223
Product: Textpattern
Vendor: http://textpattern.com/
Vulnerable Version(s): 4.5.5 and probably prior
Tested Version: 4.5.5
Advisory Publication: July 9, 2014 [without technical details]
Vendor Notification: July 9, 2014
Vendor Patch: September 20, 2014
Public Disclosure: Oc

[ more ]  [ reply ]
Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin 2014-10-01
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23232
Product: Photo Gallery WordPress plugin
Vendor: http://web-dorado.com/
Vulnerable Version(s): 1.1.30 and probably prior
Tested Version: 1.1.30
Advisory Publication: September 10, 2014 [without technical details]
Vendor Notification: September 10, 2014
Vendor Patch: September

[ more ]  [ reply ]
FreePBX (All Versions) RCE 2014-10-01
rob thomas schmoozecom com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We would like to announce that a significant security vulnerability has been discovered in all current versions of FreePBX.

A CVE has been requested from Mitre, but has yet to be provided.

Further details as they come to hand will be available from ht

[ more ]  [ reply ]
NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities 2014-10-01
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VMware Security Advisory

Advisory ID: VMSA-2014-0010
Synopsis: VMware product updates address critical Bash
security vulnerabilities
Issue date: 2014-09-30
Updated on: 2014-09-30 (Initial Advisory)
CVE numbers: CVE-2014-6271, CVE-201

[ more ]  [ reply ]
[security bulletin] HPSBHF03119 rev.1 - HP DreamColor Display running Bash Shell, Remote Code Execution 2014-10-01
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468293

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468293
Version: 1

HPSBHF03119 re

[ more ]  [ reply ]
[SECURITY] [DSA 3040-1] rsyslog security update 2014-09-30
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3040-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/
September 30, 2014

[ more ]  [ reply ]
[security bulletin] HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-09-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 1

HPSBGN03117 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities 2014-09-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04463322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04463322
Version: 1

HPSBMU03112 r

[ more ]  [ reply ]
[security bulletin] HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation 2014-09-30
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04048122

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04048122
Version: 1

HPSBST02958 r

[ more ]  [ reply ]
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability 2014-09-30
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability 2014-09-30
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=870

PayPal Security UID: Roc83bl

Release Date:
=============
2014-09-24

Vulnerability Laboratory ID (VL

[ more ]  [ reply ]
PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability 2014-09-30
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=844

PayPal Security UID: CabdfGa

Release Date:
=============
2014-09-23

Vulnerability Laboratory ID

[ more ]  [ reply ]
London DEFCON - September 30th 2014 2014-09-30
Major Malfunction (majormal pirate-radio org)
Yes, that's tonight!

Apologies for the late notice - I've been travelling. A lot.

In the meantime, The Phoenix finished their refurb and is back up and
running, and looking pretty swanky, so I'm looking forward to seeing
what's new... Let's hope they haven't changed the beer! :)

We don't have a

[ more ]  [ reply ]
[slackware-security] bash (SSA:2014-272-01) 2014-09-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bash (SSA:2014-272-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2014-271-03) 2014-09-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2014-271-03)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2014-271-02) 2014-09-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2014-271-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[ MDVSA-2014:191 ] perl-XML-DT 2014-09-29
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:191
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Moab Authentication Bypass (insecure message signing) [CVE-2014-5376] 2014-09-29
john fitzpatrick mwrinfosecurity com
##[Moab Authentication Bypass (insecure message signing) : CVE-2014-5376]##

Software: Moab
Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8
CVE Reference: CVE-2014-5376
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)

[ more ]  [ reply ]
Moab User Impersonation [CVE-2014-5375] 2014-09-29
john fitzpatrick mwrinfosecurity com
##[Moab User Impersonation : CVE-2014-5375]##

Software: Moab
Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8.
CVE Reference: CVE-2014-5375
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk

[ more ]  [ reply ]
Moab Authentication Bypass [CVE-2014-5300] 2014-09-29
john fitzpatrick mwrinfosecurity com
##[Moab Authentication Bypass : CVE-2014-5300]##

Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Resolved

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2014-271-01) 2014-09-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2014-271-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 2014-09-27
Pedro Ribeiro (pedrib gmail com)
Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload

[ more ]  [ reply ]
[SECURITY] [DSA 3038-1] libvirt security update 2014-09-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3038-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3039-1] chromium-browser security update 2014-09-28
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3039-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
September 28, 2014

[ more ]  [ reply ]
Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon 2014-09-27
Aditya Gupta (adi0x90 gmail com)
Hello everyone,

I'm glad to announce that, I'll be running a 2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

Al

[ more ]  [ reply ]
WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies 2014-09-27
ML (marialemos72 gmail com)
------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The Wo

[ more ]  [ reply ]
(Page 12 of 1570)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus