BugTraq Mode:
(Page 14 of 1563)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
[SECURITY] [DSA 3006-1] xen security update 2014-08-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3006-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2014

[ more ]  [ reply ]
Outlook.com for Android fails to validate server certificates 2014-08-17
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Outlook.com for Android fails to validate server certificates
------------------------------------------------------------------------

Yorick Koster, April 2014

-----------------------------------------------------------------

[ more ]  [ reply ]
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request 2014-08-17
tekwizz123 riseup net
Exploit Details
------------------
Senkas Kolibri WebServer 2.0 (available at http://www.senkas.com/kolibri/download.php) is vulnerable to RCE via an overly long POST request.

Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the

[ more ]  [ reply ]
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe",
part of Apple's iCloudServices (see <https://www.apple.com/icloud/>), is
configured to be started as (COM) server via SvcHost.Exe.

Unfortunately the developers of this (COM) server (and of course their QA
too) did

[ more ]  [ reply ]
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the following command lines associated with the URL protocols of
Windows Live Mail 2011 (15.4.3538.513)

WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:"%1"
WLMail.Url.news=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1"
WLMail.Url.nntp=C:\P

[ more ]  [ reply ]
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Apple Software Update\SoftwareUpdate.exe", part
of Apple's Software Update and installed together with iTunes,
QuickTime and other of Apple's crap for Windows, is periodically
called with the argument "-task".

This invokes the COM server {91A9E6A9-3935-4A37-AFBA-F0904B166

[ more ]  [ reply ]
[SECURITY] [DSA 3005-1] gpgme1.0 security update 2014-08-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3005-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2014

[ more ]  [ reply ]
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 2014-08-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

Safari 6.1.6 and Safari 7.0.6 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impac

[ more ]  [ reply ]
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04399728

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04399728
Version: 1

HPSBMU03090 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04397114

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04397114
Version: 1

HPSBHF03088 r

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in Jamroom 2014-08-13
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23224
Product: Jamroom
Vendor: Talldude Networks, LLC
Vulnerable Version(s): 5.2.6 and probably prior
Tested Version: 5.2.6
Advisory Publication: July 23, 2014 [without technical details]
Vendor Notification: July 23, 2014
Vendor Patch: July 23, 2014
Public Disclosure: August 13,

[ more ]  [ reply ]
[oCERT-2014-006] Ganeti insecure archive permission 2014-08-12
Andrea Barisani (lcars ocert org)

#2014-006 Ganeti insecure archive permission

Description:

Ganeti, an open source virtualisation manager, suffers from an insecure file
permission vulnerability that leads to sensitive information disclosure.

The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the
current confi

[ more ]  [ reply ]
BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04] 2014-08-12
security (security modzero ch)
---------------------------------------------------------------------

modzero  Security Advisory:  BlackBerry  Z 10  -  Storage and  Access
File-Exchange Authentication By-Pass [MZ-13-04]

---------------------------------------------------------------------

---------------------------------

[ more ]  [ reply ]
CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service 2014-08-12
Gregory Pickett (gpickett71 yahoo com)

Title
===================
Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service

Summary
===================
Opendaylight (www.opendaylight.com) is vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service via an External Entity Injection (XXE). 

[ more ]  [ reply ]
Apache Cordova 3.5.1: CVE-2014-3502 update 2014-08-11
Marcel Kinard (cmarcelk gmail com)
The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.ht
ml

Android Platform Release: 04 Aug 2014

CVE-2014-3502: Cordova apps can potentially le

[ more ]  [ reply ]
[security bulletin] HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information 2014-08-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398968

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398968
Version: 1

HPSBMU03089 re

[ more ]  [ reply ]
[SECURITY] [DSA 2984-2] acpi-support regression update 2014-08-11
Raphael Geissert (geissert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2984-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Raphael Geissert
August 11, 2014

[ more ]  [ reply ]
IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915) 2014-08-11
Jamie Riden (jamie riden gmail com)
Two classes of persistent XSS issues we reported in IBM Maximo a month
or two back are now fixed:

http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-
vulnerabilities-reported/

Individual bulletins linked from the above, but tl;dr is I would
suggest patching, as this could conce

[ more ]  [ reply ]
[SECURITY] [DSA 3004-1] kde4libs security update 2014-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3004-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3003-1] libav security update 2014-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3003-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3002-1] wireshark security update 2014-08-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3002-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 10, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3001-1] wordpress security update 2014-08-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3001-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 09, 2014

[ more ]  [ reply ]
MITKRB5-SA-2014-001 Buffer overrun in kadmind with LDAP backend 2014-08-09
Benjamin Kaduk (kaduk MIT EDU)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

MITKRB5-SA-2014-001

MIT krb5 Security Advisory 2014-001
Original release: 2014-08-07
Last update: 2014-08-07

Topic: Buffer overrun in kadmind with LDAP backend

CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C

CVSSv2 Base Score: 8.5

[ more ]  [ reply ]
[SECURITY] [DSA 3000-1] krb5 security update 2014-08-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3000-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 09, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 2999-1] drupal7 security update 2014-08-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2999-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 09, 2014

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2014-220-01) 2014-08-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2014-220-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities 2014-08-08
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04355095

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04355095
Version: 1

HPSBMU03062 r

[ more ]  [ reply ]
[ MDVSA-2014:158 ] openssl 2014-08-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:158
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2014:159 ] wireshark 2014-08-08
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:159
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability 2014-08-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-055: EMC Network Configuration Manager (NCM) Report Advisor Session Fixation Vulnerability

EMC Identifier: ESA-2014-055

CVE Identifier: CVE-2014-2509

Severity Rating: CVSS v2 Base Score: 6.9 (AV:A/AC:M/Au:N/C:C/I:P/A:P)

Affected p

[ more ]  [ reply ]
(Page 14 of 1563)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus