BugTraq Mode:
(Page 14 of 1564)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
ToorCon 16 Call For Papers! 2014-08-20
h1kari toorcon org
TOORCON 16 CALL FOR PAPERS

It's that time of year again! ToorCon 16 is coming so get your code finished and submit a talk this time around. We're letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge Sem

[ more ]  [ reply ]
ArcGIS for Server Vulnerability Disclosure 2014-08-20
Romano, Christian (cromano caanes com)
Product: ArcGIS for Server
Vendor: ESRI
Vulnerable Version: 10.1.1
Tested Version: 10.1.1
Vendor Notification: June 19, 2014
Public Disclosure: August 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-5121
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N

[ more ]  [ reply ]
CVE-2014-4973 - Privilege Escalation in ESET Windows Products 2014-08-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Privilege Escalation in ESET Windows Products
CVE: CVE-2014-4973
Vendor: ESET
Product: ESET Windows Products
Affected version: v5.0 - 7.0 (Firewall Module Build 1183 (20140214) and
earlier)
Fixed version: v6 - v7 (Firewall Module Build 1212 (20140609))
Reported by: Kyriakos Econ

[ more ]  [ reply ]
SQL Injection Vulnerability in ArticleFR 2014-08-20
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23225
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 3.0.4 and probably prior
Tested Version: 3.0.4
Advisory Publication: July 23, 2014 [without technical details]
Vendor Notification: July 23, 2014
Public Disclosure: August 20, 2014
Vulnerability Type: SQL I

[ more ]  [ reply ]
CVE-2014-5307 - Privilege Escalation in Panda Security Products 2014-08-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-5307
Vendor: Panda Security
Product: Multiple
Affected version: Panda 2014 Products
Fixed version: Hotfix hft131306s24_r1
Reported by: Kyriakos Economou

Details:

Latest, and possibly earlier builds, of the PavTPK.sys kernel

[ more ]  [ reply ]
[SECURITY] [DSA 3007-1] cacti security update 2014-08-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3007-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2014

[ more ]  [ reply ]
Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities 2014-08-20
CERT telekom de
Deutsche Telekom CERT Advisory [DTC-A-20140820-001]

Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Recommend

[ more ]  [ reply ]
ICETC2014 - IEEE Extended Submission until Aug. 28, 2014 2014-08-20
jackie sdiwc info
Apologies for cross-posting.
Kindly forward to those who may be of interest.
=======================================================================
International Conference on Education Technologies and Computers
(ICETC2014)
Lodz University of Technology, Lodz, Poland

[ more ]  [ reply ]
[security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04404655

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04404655
Version: 1

HPSBUX03095 SS

[ more ]  [ reply ]
[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398943

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398943
Version: 1

HPSBUX03092 SS

[ more ]  [ reply ]
[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398922

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398922
Version: 1

HPSBUX03091 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401858

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401858
Version: 1

HPSBMU03101 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access 2014-08-19
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401666

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401666
Version: 1

HPSBMU03094 re

[ more ]  [ reply ]
[Call For Papers] RiseCON - Rosario, Argentina 2014-08-19
Info RiseCON (info risecon org)
RiseCON - Rosario Information Security Conference 2014
www.risecon.org
Fechas: 6 y 7 de noviembre de 2014
Locación: Plataforma Lavarden (Av Mendoza 1085) - Rosario, Santa Fe, Argentina

RiseCON es el primer y mayor evento de seguridad informática y hacking
realizado en la ciudad de Rosario, con

[ more ]  [ reply ]
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities 2014-08-19
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

EMC Identifier: ESA-2014-071

CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641

Severity Rating: CVSS v2 Base Score: See below for individual scores

[ more ]  [ reply ]
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability 2014-08-19
Jacopo Cappellato (jacopoc apache org)
CVE-2014-0232: Apache OFBiz Cross-site scripting (XSS) vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 11.04.01 to 11.04.04
Apache OFBiz 12.04.01 to 11.04.03
The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected

Desc

[ more ]  [ reply ]
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-079

CVE Identifier: See below for individual CVEs

Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE

Affecte

[ more ]  [ reply ]
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability

EMC Identifier: ESA-2014-067

CVE Identifier: CVE-2014-2515

Severity: CVSSv2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Documentum D2 3.1 and

[ more ]  [ reply ]
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-059

CVE Identifier: CVE-2014-2511

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected products:

? EMC WebTop 6

[ more ]  [ reply ]
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities 2014-08-18
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities

EMC Identifier: ESA-2014-073

CVE Identifier: CVE-2014-2518

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected products:

? EMC Do

[ more ]  [ reply ]
[SECURITY] [DSA 3006-1] xen security update 2014-08-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3006-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2014

[ more ]  [ reply ]
Outlook.com for Android fails to validate server certificates 2014-08-17
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Outlook.com for Android fails to validate server certificates
------------------------------------------------------------------------

Yorick Koster, April 2014

-----------------------------------------------------------------

[ more ]  [ reply ]
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request 2014-08-17
tekwizz123 riseup net
Exploit Details
------------------
Senkas Kolibri WebServer 2.0 (available at http://www.senkas.com/kolibri/download.php) is vulnerable to RCE via an overly long POST request.

Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the

[ more ]  [ reply ]
Beginners error: Apple's iCloudServices for Windows run rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe",
part of Apple's iCloudServices (see <https://www.apple.com/icloud/>), is
configured to be started as (COM) server via SvcHost.Exe.

Unfortunately the developers of this (COM) server (and of course their QA
too) did

[ more ]  [ reply ]
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the following command lines associated with the URL protocols of
Windows Live Mail 2011 (15.4.3538.513)

WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /mailurl:"%1"
WLMail.Url.news=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe /newsurl:"%1"
WLMail.Url.nntp=C:\P

[ more ]  [ reply ]
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more) 2014-08-16
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

"C:\Program Files\Apple Software Update\SoftwareUpdate.exe", part
of Apple's Software Update and installed together with iTunes,
QuickTime and other of Apple's crap for Windows, is periodically
called with the argument "-task".

This invokes the COM server {91A9E6A9-3935-4A37-AFBA-F0904B166

[ more ]  [ reply ]
[SECURITY] [DSA 3005-1] gpgme1.0 security update 2014-08-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3005-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2014

[ more ]  [ reply ]
APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 2014-08-13
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

Safari 6.1.6 and Safari 7.0.6 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4
Impac

[ more ]  [ reply ]
[security bulletin] HPSBMU03090 rev.1 - HP SiteScope, running Apache Struts, Remote Execution of Arbitrary Code 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04399728

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04399728
Version: 1

HPSBMU03090 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-08-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04397114

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04397114
Version: 1

HPSBHF03088 r

[ more ]  [ reply ]
(Page 14 of 1564)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus