BugTraq Mode:
(Page 3 of 1574)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[slackware-security] seamonkey (SSA:2014-344-06) 2014-12-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2014-344-06)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
[slackware-security] openvpn (SSA:2014-344-04) 2014-12-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openvpn (SSA:2014-344-04)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3096-1] pdns-recursor security update 2014-12-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3096-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
December 11, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3095-1] xorg-server security update 2014-12-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3095-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2014

[ more ]  [ reply ]
AST-2014-019: Remote Crash Vulnerability in WebSocket Server 2014-12-10
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2014-019

Product Asterisk
Summary Remote Crash Vulnerability in WebSocket Server
Nature of Advisory Denial of Service

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:28.file 2014-12-10
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:28.file Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:29.bind 2014-12-10
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:29.bind Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:27.stdio 2014-12-10
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:27.stdio Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
NEW VMSA-2014-0014 - AirWatch by VMware product update addresses information disclosure vulnerabilities 2014-12-10
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2014-0014
Synopsis: AirWatch by VMware product update addresses information
disclosure vulnerabilit

[ more ]  [ reply ]
[CVE-2014-7301] SGI Tempo System Database Password Exposure 2014-12-10
john fitzpatrick mwrinfosecurity com
[SGI Tempo System Database Password Exposure]

Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7301
Author: John Fitzpatrick, MWR Labs
Severity: Medium Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative

[Descript

[ more ]  [ reply ]
[CVE-2014-7302] SGI SUID Root Privilege Escalation 2014-12-10
john fitzpatrick mwrinfosecurity com
[SGI SUID Root Privilege Escalation]

Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7302
Author: Luke Jennings, John Fitzpatrick, MWR Labs
Severity: Medium Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative

[De

[ more ]  [ reply ]
[CVE-2014-7303] SGI Tempo System Database Exposure 2014-12-10
john fitzpatrick mwrinfosecurity com
[SGI Tempo System Database Exposure]

Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7303
Author: John Fitzpatrick, MWR Labs
Severity: Low Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative

[Description]

It is

[ more ]  [ reply ]
Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities 2014-12-09
simo morxploit com
Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: 02 November 2014
Updated: 9 December 2014
Published: 9 December 2014
MorXploit Research
http://www.MorXploit.com
Vendor: Concrete5
Vendor url: www.concrete5.org
Sof

[ more ]  [ reply ]
[security bulletin] HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04302476

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04302476
Version: 1

HPSBMU03043 r

[ more ]  [ reply ]
[security bulletin] HPSBST03106 rev.2 - HP P2000 G3 MSA Array System, HP MSA 2040/1040 Storage running OpenSSL, Remote Unauthorized Access or Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04438404

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04438404
Version: 2

HPSBST03106 r

[ more ]  [ reply ]
NEW VMSA-2014-0013 - VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability 2014-12-09
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2014-0013
Synopsis: VMware vCloud Automation Center product updates address a
critical remote privilege escalation vu

[ more ]  [ reply ]
[CVE-2014-8340] phpTrafficA SQL injection 2014-12-09
Daniël Geerts (dgeerts nikhef nl)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: phpTrafficA
Product page: http://soft.zoneo.net/phpTrafficA/
Affected versions: Up to and including 2.3 (latest as of writing).

Description:
An SQL injection exists in Php/Functions/log_function.php, line 933:
$sql3 ="INSERT INTO `${table}_ho

[ more ]  [ reply ]
[security bulletin] HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04516572

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04516572
Version: 1

HPSBGN03208 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04518999

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04518999
Version: 1

HPSBGN03222 r

[ more ]  [ reply ]
Subrion CMS Security Advisory - XSS Vulnerability - CVE-2014-9120 2014-12-09
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability in Subrion CMS
Affected Software : Subrion CMS
Affected Versions: 3.2.2 and possibly below
Vendor Homepage : http://www.subrion.org/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2014-9120
N

[ more ]  [ reply ]
[SECURITY] [DSA 3093-1] linux security update 2014-12-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3093-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-12-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487558

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487558
Version: 2

HPSBST03154 re

[ more ]  [ reply ]
[SECURITY] [DSA 3094-1] bind9 security update 2014-12-08
Giuseppe Iuculano (iuculano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3094-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
December 08, 2014

[ more ]  [ reply ]
[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds 2014-12-08
jlk apache org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds

CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.3, 4.4

Description:
Apache CloudStack may be configured

[ more ]  [ reply ]
[ANN] Apache Struts 2.3.20 GA release available with security fix 2014-12-08
Lukasz Lenart (lukaszlenart apache org)
The Apache Struts group is pleased to announce that Apache Struts
2.3.20 is available as a "General Availability" release. The GA
designation is our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is desig

[ more ]  [ reply ]
CFP: InfoSec SouthWest 2015 (ISSW) 2014-12-08
Tod Beardsley (todb packetfu com)
I'm pleased to announce the Call For Papers for InfoSec Southwest 2015!

If you are interested in speaking at this year's event in Austin, Texas,
on April 11 or April 12, 2015, please take a look our submission
requirements at http://2015.infosecsouthwest.com/cfp.html .

Once you've decided to parti

[ more ]  [ reply ]
CMS Made Simple PHP Code Injection Vulnerability (All versions) 2014-12-06
sahm post com
# CMS Made Simple PHP Code Injection Vulnerability (All versions)
# 2014-12-02
# SAHM (@post.com)
# cmsmadesimple.org
# All versions
---exploit
A malicious attacker can intrude every CMSMS-installed website by taking the following steps:
Open the /install folder from the URL (The cms doesn't force

[ more ]  [ reply ]
Re: [oss-security] Offset2lib: bypassing full ASLR on 64bit Linux 2014-12-05
Shawn (citypw gmail com)
Hi Agostino,

I don't think this issue impact on Grsecurity/PaX, which
Hardened-Gentoo is using PaX.

On Fri, Dec 5, 2014 at 7:10 PM, Agostino Sarubbo <ago (at) gentoo (dot) org [email concealed]> wrote:
> On Gentoo (Hardened) I always get form
> ./get_offset2lib:
>
> Offset2lib (libc): 0x0
>
>
> --
> Agostino Sarubbo
> Gentoo

[ more ]  [ reply ]
[SE-2014-02] Google App Engine Java security sandbox bypasses (project pending completion / action from Google) 2014-12-06
Security Explorations (contact security-explorations com)

Hello All,

We discovered multiple security issues in Google App Engine that allow
for a complete Java VM security sandbox escape.

There are more issues pending verification - we estimate them to be in
the range of 30+ in total.

Quick summary of our developments so far:
- we bypassed GAE whitelis

[ more ]  [ reply ]
[SECURITY] [DSA 3091-1] getmail4 security update 2014-12-07
Giuseppe Iuculano (iuculano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3091-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Giuseppe Iuculano
December 07, 2014

[ more ]  [ reply ]
(Page 3 of 1574)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus