BugTraq Mode:
(Page 15 of 1616)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
Google Analytics by Yoast stored XSS #2 2015-04-21
Jouko Pynnonen (jouko iki fi)
OVERVIEW
==========

Google Analytics by Yoast is one of the most popular WordPress
plug-ins with over 7 million downloads and "1+ million" active
installs. Last month Yoast patched a stored XSS we reported in the
plug-in. Shortly after this we identified another bug of a similar
severity. The secon

[ more ]  [ reply ]
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1314

Release Date:
=============
2015-03-23

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1453

Video: http://www.vulnerability-lab.com/get_content.php?id=1454

View: https://www.youtube

[ more ]  [ reply ]
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1228

Release Date:
=============
2015-03-25

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1227

Release Date:
=============
2015-03-24

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1215

Release Date:
=============
2015-03-23

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1445

Release Date:
=============
2015-03-12

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1447

Release Date:
=============
2015-03-13

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Mobile Drive HD v1.8 - File Include Web Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mobile Drive HD v1.8 - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1446

Release Date:
=============
2015-03-11

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability 2015-04-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1444

Release Date:
=============
2015-03-10

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
[security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2015-04-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04636829

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04636829
Version: 1

HPSBMU03321 re

[ more ]  [ reply ]
[SECURITY] [DSA 3230-1] django-markupfield security update 2015-04-20
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3230-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
April 20, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3229-1] mysql-5.5 security update 2015-04-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3229-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
April 19, 2015

[ more ]  [ reply ]
Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation 2015-04-19
lem nikolas gmail com
-=[Advanced Information Security Corp]=-

Author: Nicholas Lemonias
Report Date: 2/4/2015
Email: lem.nikolas (at) gmail (dot) com [email concealed]

Introduction
==========
During a source-code audit of the OpenSSL v1.0.2a (Latest)
implementation for linux; conducted internally by the Advance

[ more ]  [ reply ]
CVE-2014-7953 Android backup agent code execution 2015-04-17
Imre RAD (imre rad search-lab hu)
Android backup agent arbitrary code execution
---------------------------------------------

The Android backup agent implementation was vulnerable to privilege
escalation and race condition. An attacker with adb shell access could
run arbitrary code as the system (1000) user (or any other valid
pac

[ more ]  [ reply ]
CVE-2014-7951 adb backup archive path traversal file overwrite 2015-04-17
Imre RAD (imre rad search-lab hu)
ADB backup archive path traversal file overwrite
------------------------------------------------

Using adb one can create a backup of his/her Android device and store it
on the PC. The backup archive is based on the tar file format.

By modifying tar headers to contain ../../ like patterns it is

[ more ]  [ reply ]
CVE-2014-7954 MTP path traversal vulnerability in Android 2015-04-17
Imre RAD (imre rad search-lab hu)
MTP path traversal vulnerability in Android 4.4
-----------------------------------------------

doSendObjectInfo() method of the MtpServer class implemented in
frameworks/av/media/mtp/MtpServer.cpp does not validate the name
parameter of the incoming MTP packet at all.

It is possible to upload fil

[ more ]  [ reply ]
112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges 2015-04-17
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable
with RCE with root privileges
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x00.txt.asc
Date published: 2015-04-17
Vendors contacted: Kr

[ more ]  [ reply ]
Lychee 2.7.1 remote code execution 2015-04-16
Filippo Cavallarin (filippo cavallarin segment technology)
Advisory ID: SGMA15-002
Title: Lychee remote code execution
Product: Lychee
Version: 2.7.1 and probably prior
Vendor: lychee.electerious.com
Vulnerability type: Remote Code Execution
Risk level: High
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-04-12
Vendor fix:

[ more ]  [ reply ]
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability 2015-04-16
prathan ptr gmail com
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /

[ more ]  [ reply ]
[SECURITY] [DSA 3228-1] ppp security update 2015-04-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3228-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
April 16, 2015

[ more ]  [ reply ]
[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities 2015-04-16
alex_haynes outlook com
Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities
Product: Landesk Management Suite
Vulnerable Versions: 9.5 (and possible previous versions), 9.6
Tested Version: 9.5
Advisory Publication: 16/04/2015
Latest Update: 16/04/2015
Vulnerability Type: Cross-site request forgery [CWE-352

[ more ]  [ reply ]
Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability 2015-04-16
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 16/04/2015

Oracle Outside In ibpsd2.dll PSD File Processing

Buffer Overflow Vulnerability

==================================================

[ more ]  [ reply ]
[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities 2015-04-15
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574207

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574207
Version: 1

HPSBMU03264 re

[ more ]  [ reply ]
[SECURITY] [DSA 3227-1] movabletype-opensource security update 2015-04-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3227-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
April 15, 2015

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability 2015-04-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability

Advisory ID: cisco-sa-20150415-csd

Revision 1.0

For Public Release 2015 April 15 16:00 UTC (GMT)

+-------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability 2015-04-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150415-iosxr

Revision 1.0

For Public Release 2015 April 15 16:00 UTC (GMT)

Summary
=======

A vulnerability in the packet-processing code of Cisco IOS X

[ more ]  [ reply ]
[SECURITY] [DSA 3226-1] inspircd security update 2015-04-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3226-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
April 15, 2015

[ more ]  [ reply ]
ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability 2015-04-15
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability

EMC Identifier: ESA-2015-069

CVE Identifier: CVE-2015-0530

Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Affected products:

? All versions of NetWorker

[ more ]  [ reply ]
[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update 2015-04-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3225-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2015

[ more ]  [ reply ]
(Page 15 of 1616)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus