BugTraq Mode:
(Page 15 of 1604)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting 2015-03-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the exploit shown here should be well-known to every
Windows administrator, developer or QA engineer.

In Microsoft's own terms it doesn't qualify as security
vulnerability since UAC is a security feature, not a
security boundary.

Preconditions:

* a user running as "protected Administrat

[ more ]  [ reply ]
[SECURITY] [DSA 3189-1] libav security update 2015-03-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3189-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 15, 2015

[ more ]  [ reply ]
[SE-2014-02] Google App Engine Java security sandbox bypasses (details) 2015-03-16
Security Explorations (contact security-explorations com)

Hello All,

Details of our SE-2014-02 project have been released to the public.
A technical writeup and accompanying Proof of Concept codes can be
found at the following location:

http://www.security-explorations.com/en/SE-2014-02-details.html

In case of Google App Engine for Java, its first laye

[ more ]  [ reply ]
[SECURITY] [DSA 3190-1] putty security update 2015-03-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3190-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 15, 2015

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions 2015-03-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since Microsoft won't -- despite (hopefully not only) my constant
nagging and quite some bug reports about unquoted command lines
for more than a dozen years now -- fix the BRAINDEAD behaviour
of Windows' CreateProcess*() functions to play try&error instead
of returning on error to their ca

[ more ]  [ reply ]
[SECURITY] [DSA 3188-1] freetype security update 2015-03-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3188-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 15, 2015

[ more ]  [ reply ]
Defense in depth -- the Mozilla way: return and exit codes are dispensable 2015-03-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since some time Mozilla Firefox and Thunderbird for Windows come with
a "maintenance service" (running privileged under the SYSTEM account):
<https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service>

The maintenanceservice_installer.exe (which is extracted into the
resp. inst

[ more ]  [ reply ]
[SECURITY] [DSA 3187-1] icu security update 2015-03-15
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3187-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
March 15, 2015

[ more ]  [ reply ]
[ MDVSA-2015:061 ] qemu 2015-03-13
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:061
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:060 ] yaml 2015-03-13
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:060
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:059 ] nss 2015-03-13
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:059
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Serendipity CMS - XSS Vulnerability in Version 2.0 2015-03-13
edric smarterbitbybit com
Serendipity CMS - XSS Vulnerability in Version 2.0

----------------------------------------------------------------

Product Information:

Software: Serendipity CMS
Tested Version: 2.0, released 23.1.2015
Vulnerability Type: Cross-Site Scripting (CWE-79)
Download link: http://www.s9y.org/12.html
De

[ more ]  [ reply ]
[ MDVSA-2015:058 ] kernel 2015-03-13
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:058
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Jolla Phone tel URI Spoofing 2015-03-13
NSO Research (nso-research sotiriu de)

______________________________________________________________________
-------------------------- NSOADV-2015-001 ---------------------------

Jolla Phone tel URI Spoofing
______________________________________________________________________
___________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 3186-1] nss security update 2015-03-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3186-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2015

[ more ]  [ reply ]
Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities 2015-03-12
Rehan Ahmed (knight_rehan hotmail com)
Product: OpenCms
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/opencms-core/issues/304)
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cro

[ more ]  [ reply ]
[security bulletin] HPSBMU03262 rev.1 - HP Version Control Agent running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04571956

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04571956
Version: 1

HPSBMU03262 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03283 rev.1 - HP Virtual Connect Enterprise Manager SDK running OpenSSL on Windows, Remote Disclosure of Information, Denial of Service (DoS) 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04587108

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04587108
Version: 1

HPSBMU03283 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03259 rev.1 - HP Version Control Repository Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04570627

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04570627
Version: 1

HPSBMU03259 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03267 rev.1 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 1

HPSBMU03267 r

[ more ]  [ reply ]
WPML WordPress plug-in SQL injection etc. 2015-03-12
Jouko Pynnonen (jouko iki fi)
OVERVIEW
==========

WPML is the industry standard for creating multi-lingual WordPress
sites. Three vulnerabilities were found in the plug-in. The most
serious of them, an SQL injection problem, allows anyone to read the
contents of the WordPress database, including user details and
password hashes

[ more ]  [ reply ]
MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation 2015-03-12
Advisories (advisories mogwaisecurity de)
Mogwai Security Advisory MSA-2015-03
----------------------------------------------------------------------
Title: iPass Mobile Client service local privilege escalation
Product: Hewlett-Packard Universal CMDB (UCMDB)
Affected versions: iPass Mobile Client 2.4.2.15122

[ more ]  [ reply ]
[SECURITY] [DSA 3185-1] libgcrypt11 security update 2015-03-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3185-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
March 12, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3184-1] gnupg security update 2015-03-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3184-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
March 12, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU02895 SSRT101253 rev.5 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03822422

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03822422
Version: 5

HPSBMU02895 SS

[ more ]  [ reply ]
[security bulletin] HPSBGN03249 rev.1 - HP ArcSight Enterprise Security Manager and Logger, Multiple Remote Vulnerabilities 2015-03-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04562193

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04562193
Version: 1

HPSBGN03249 re

[ more ]  [ reply ]
[SECURITY] [DSA 3183-1] movabletype-opensource security update 2015-03-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3183-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 12, 2015

[ more ]  [ reply ]
SQL Injection in Huge IT Slider WordPress Plugin 2015-03-12
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23250
Product: Huge IT Slider WordPress Plugin
Vendor: Huge-IT
Vulnerable Version(s): 2.6.8 and probably prior
Tested Version: 2.6.8
Advisory Publication: February 19, 2015 [without technical details]
Vendor Notification: February 19, 2015
Vendor Patch: March 11, 2015
Public Disc

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability 2015-03-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Secure Access Control System SQL Injection Vulnerability

Advisory ID: cisco-sa-20150211-csacs

Revision 2.0

For Public Release 2015 February 11 16:00 UTC (GMT)
Last Updated 2015 March 11 19:34 UTC (GMT)

+-------------------------------------

[ more ]  [ reply ]
Microsoft Office Compatibility Pack tries to execute path without quotes 2015-03-11
j v vallejo gmail com
A couple of days ago i found a weird behaviour in my computer. When i double-clicked a .docx file, an error message appeared saying c:\Program couldn?t be executed. I don?t know when and why i had an empty file named ?c:\Program? on my computer (i had been doing tests with %PROGRAMFILES% envar in my

[ more ]  [ reply ]
(Page 15 of 1604)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus