BugTraq Mode:
(Page 13 of 1562)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >
[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398943

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398943
Version: 1

HPSBUX03092 SS

[ more ]  [ reply ]
[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398922

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398922
Version: 1

HPSBUX03091 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401858

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401858
Version: 1

HPSBMU03101 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401666

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401666
Version: 1

HPSBMU03094 re

[ more ]  [ reply ]
[Call For Papers] RiseCON - Rosario, Argentina 2014-08-19
Info RiseCON (info risecon org)
RiseCON - Rosario Information Security Conference 2014
www.risecon.org
Fechas: 6 y 7 de noviembre de 2014
Locación: Plataforma Lavarden (Av Mendoza 1085) - Rosario, Santa Fe, Argentina

RiseCON es el primer y mayor evento de seguridad informática y hacking
realizado en la ciudad de Rosario, con

[ more ]  [ reply ]
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities 2014-08-19
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

EMC Identifier: ESA-2014-071

CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641

Severity Rating: CVSS v2 Base Score: See below for individual scores

[ more ]  [ reply ]
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability 2014-08-19
Jacopo Cappellato (jacopoc apache org)
CVE-2014-0232: Apache OFBiz Cross-site scripting (XSS) vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 11.04.01 to 11.04.04
Apache OFBiz 12.04.01 to 11.04.03
The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected

Desc

[ more ]  [ reply ]
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-079

CVE Identifier: See below for individual CVEs

Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE

Affecte

[ more ]  [ reply ]
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability

EMC Identifier: ESA-2014-067

CVE Identifier: CVE-2014-2515

Severity: CVSSv2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Documentum D2 3.1 and

[ more ]  [ reply ]
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-059

CVE Identifier: CVE-2014-2511

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected products:

? EMC WebTop 6

[ more ]  [ reply ]
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities

EMC Identifier: ESA-2014-073

CVE Identifier: CVE-2014-2518

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected products:

? EMC Do

[ more ]  [ reply ]
[SECURITY] [DSA 3006-1] xen security update 2014-08-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3006-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2014

[ more ]  [ reply ]
Outlook.com for Android fails to validate server certificates 2014-08-17
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Outlook.com for Android fails to validate server certificates
------------------------------------------------------------------------

Yorick Koster, April 2014

-----------------------------------------------------------------

[ more ]  [ reply ]
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request 2014-08-17
tekwizz123 riseup net
Exploit Details
------------------
Senkas Kolibri WebServer 2.0 (available at http://www.senkas.com/kolibri/download.php) is vulnerable to RCE via an overly long POST request.

Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the

[ more ]  [ reply ]
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe",
part of Apple's iCloudServices (see <https://www.apple.com/icloud/>), is
configured to be started as (COM) server via SvcHost.Exe.

Unfortunately the developers of this (COM) server (and of course their QA
too) did

[ more ]  [ reply ]
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the following command lines associated with the URL protocols of
Windows Live Mail 2011 (15.4.3538.513)

WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:"%1"
WLMail.Url.news=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1"
WLMail.Url.nntp=C:\P

[ more ]  [ reply ]
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Apple Software Update\SoftwareUpdate.exe", part
of Apple's Software Update and installed together with iTunes,
QuickTime and other of Apple's crap for Windows, is periodically
called with the argument "-task".

This invokes the COM server {91A9E6A9-3935-4A37-AFBA-F0904B166

[ more ]  [ reply ]
[SECURITY] [DSA 3005-1] gpgme1.0 security update 2014-08-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3005-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2014

[ more ]  [ reply ]
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 2014-08-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

Safari 6.1.6 and Safari 7.0.6 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impac

[ more ]  [ reply ]
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04399728

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04399728
Version: 1

HPSBMU03090 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04397114

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04397114
Version: 1

HPSBHF03088 r

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in Jamroom 2014-08-13
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23224
Product: Jamroom
Vendor: Talldude Networks, LLC
Vulnerable Version(s): 5.2.6 and probably prior
Tested Version: 5.2.6
Advisory Publication: July 23, 2014 [without technical details]
Vendor Notification: July 23, 2014
Vendor Patch: July 23, 2014
Public Disclosure: August 13,

[ more ]  [ reply ]
[oCERT-2014-006] Ganeti insecure archive permission 2014-08-12
Andrea Barisani (lcars ocert org)

#2014-006 Ganeti insecure archive permission

Description:

Ganeti, an open source virtualisation manager, suffers from an insecure file
permission vulnerability that leads to sensitive information disclosure.

The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the
current confi

[ more ]  [ reply ]
BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04] 2014-08-12
security (security modzero ch)
---------------------------------------------------------------------

modzero  Security Advisory:  BlackBerry  Z 10  -  Storage and  Access
File-Exchange Authentication By-Pass [MZ-13-04]

---------------------------------------------------------------------

---------------------------------

[ more ]  [ reply ]
CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service 2014-08-12
Gregory Pickett (gpickett71 yahoo com)

Title
===================
Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service

Summary
===================
Opendaylight (www.opendaylight.com) is vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service via an External Entity Injection (XXE). 

[ more ]  [ reply ]
Apache Cordova 3.5.1: CVE-2014-3502 update 2014-08-11
Marcel Kinard (cmarcelk gmail com)
The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.ht
ml

Android Platform Release: 04 Aug 2014

CVE-2014-3502: Cordova apps can potentially le

[ more ]  [ reply ]
[security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information 2014-08-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398968

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398968
Version: 1

HPSBMU03089 re

[ more ]  [ reply ]
[SECURITY] [DSA 2984-2] acpi-support regression update 2014-08-11
Raphael Geissert (geissert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2984-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Raphael Geissert
August 11, 2014

[ more ]  [ reply ]
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915) 2014-08-11
Jamie Riden (jamie riden gmail com)
Two classes of persistent XSS issues we reported in IBM Maximo a month
or two back are now fixed:

http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-
vulnerabilities-reported/

Individual bulletins linked from the above, but tl;dr is I would
suggest patching, as this could conce

[ more ]  [ reply ]
[SECURITY] [DSA 3004-1] kde4libs security update 2014-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3004-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014

[ more ]  [ reply ]
(Page 13 of 1562)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus