BugTraq Mode:
(Page 3 of 1588)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability 2015-02-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150220-ipv6

Revision 1.0

For Public Release 2015 February 20 16:30 UTC (GMT)

+---------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS) 2015-02-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574882

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574882
Version: 1

HPSBPV03266 re

[ more ]  [ reply ]
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released iTunes 12.1.1 for Windows still comes with
outdated and VULNERABLE 3rd party libraries and vulnerable
command lines:

In AppleMobileDeviceSupport.msi:

* libeay32.dll and ssleay32.dll 0.9.8za from 2014-06-05

The current version is 0.9.8ze and has 21 security fixes
whi

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) 2015-02-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in order to prevent the start of the defunct USENET news client
(alias "Windows Mail") that Microsoft installs with Windows 7
and later versions of Windows as "Microsoft Outlook NewsReader",
the installation of all editions of Microsoft Office 2010 which
include Microsoft Outlook 2010 as we

[ more ]  [ reply ]
[SECURITY] [DSA 3163-1] libreoffice security update 2015-02-19
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3163-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 19, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3162-1] bind9 security update 2015-02-18
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3162-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
February 18, 2015

[ more ]  [ reply ]
PHP Code Execution in jui_filter_rules Parsing Library 2015-02-18
Timo Schmid (tschmid ernw de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

PHP Code Execution in jui_filter_rules Parsing Library
======================================================
Researcher: Timo Schmid <tschmid (at) ernw (dot) de [email concealed]>

Description
===========
jui_filter_rules[1] is a jQuery plugin which allows users to generate

[ more ]  [ reply ]
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 2015-02-18
sven bsddaemon org
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3

----------------------------------------------------------------

Product Information:

Software: Piwigo

Tested Version: 2.7.3, released on 9 January 2015

Vulnerability Type: SQL Injection (CWE-89)

Download link: http://piwigo.org/basics/d

[ more ]  [ reply ]
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite 2015-02-18
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Directory Traversal and Arbitrary File Disclosure in hybris
Commerce Software Suite

During a penetration test, RedTeam Pentesting discovered a Directory
Traversal vulnerability in hybris Commerce software suite. This
vulnerability allows attackers to download arbitrary files of

[ more ]  [ reply ]
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilitiesþ 2015-02-17
Rehan Ahmed (knight_rehan hotmail com)
========================================================

I. Overview

========================================================

Multiple CSRF & Cross-Site Scripting (XSS) vulnerabilities have been identified in

Crushftp 7.2.0 (Web Interface) on default configuration. These vulnerabilities allo

[ more ]  [ reply ]
NetGear WNDR Authentication Bypass / Information Disclosure 2015-02-17
Peter Adkins (peter adkins kernelpicnic net)
>> NetGear WNDR Authentication Bypass / Information Disclosure

Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

Access:
----
Local network; unauthenticated access.
Remote network; unauthenticated access*.

Tracking and identifiers:
----
CVE - Mitre contacted; not yet allocated.

Pl

[ more ]  [ reply ]
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability 2015-02-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1226

eBay Inc. Bug Bounty Program ID: EIBBP-27288

Vulnerability Magazine: http://

[ more ]  [ reply ]
CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher 2015-02-17
kingkaustubh me com
# Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin
# Author: Kaustubh G. Padwad
# CVE-ID : CVE-2015-1614
# Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/
# Severity: Medium

# Description:
# Vulnerable Parameter: Alternate text,Caption,Cu

[ more ]  [ reply ]
[slackware-security] sudo (SSA:2015-047-03) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] sudo (SSA:2015-047-03)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] patch (SSA:2015-047-01) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] patch (SSA:2015-047-01)

New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2015-047-02) 2015-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2015-047-02)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Reflected File Download in AOL Search Website 2015-02-16
Ricardo Iramar dos Santos (riramar gmail com) (1 replies)
Oren Hafif reported a new kind of attack called Reflected File
Download (https://www.blackhat.com/eu-14/briefings.html#reflected-file-download-a
-new-web-attack-vector)
in Black Hat Europe 2014 conference.
More details about the attack you can found in his public
presentation: https://www.blackhat.co

[ more ]  [ reply ]
Re: Reflected File Download in AOL Search Website 2015-02-16
Mike Antcliffe (mikeantcliffe logicallysecure com)
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher 2015-02-15
kingkaustubh me com
#####################################
Title:- XSS In Image-Metadata-Cruncher
Author: Kaustubh G. Padwad
Product: image-metadata-cruncher
pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/
Severity: Medium
Auth: Requierd

# Description:
Vulnerable Parameter:
Alternate text:

[ more ]  [ reply ]
Cosmoshop - XSS on Admin-Login Mask 2015-02-14
innate gmx de
author: l0om
page: l0om.org
date: 14.02.2015

Cosmoshop is a simple webshop designed for the german market.

There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at

http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi

This page w

[ more ]  [ reply ]
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 2015-02-14
sven bsddaemon org
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5

----------------------------------------------------------------

Product Information:

Software: Fat Free CRM

Tested Version: 0.13.5, released 22.1.2015 with over 10.000 downloads

Vulnerability Type: Cross-Site Request Forgery,

[ more ]  [ reply ]
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four 2015-02-14
Hector Marco (hecmargi upv es)
Hi,

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
been found. The issue is that the stack for processes is not properly
randomized on some 64 bit architectures due to an integer overflow.

Affected systems have reduced the stack entropy of the processes by four.

Details at

[ more ]  [ reply ]
CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak 2015-02-13
jullrich sans edu
Summary

During initial setup, the weather station will submit its complete configuration unencrypted to the manufacturer cloud service. This configuration includes confidential information like the user's Wifi password.

The problem has been fixed by removing this configuration dump from curr

[ more ]  [ reply ]
UNIT4 Prosoft HRMS XSS Vulnerability 2015-02-13
jerold v00d00sec com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.unit4.com/
# Product: UNIT4 Prosoft HRMS
# Product site: http://www.unit4apac.com/products/prosofthrms
# Affected version: 8.14.230.47
# Fixed version: 8.14.330.43
# Credit: Jerold Hoong & Edric Teo

# PROOF OF CONCEPT

The login page o

[ more ]  [ reply ]
[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution 2015-02-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04568731

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04568731
Version: 1

HPSBGN03258 r

[ more ]  [ reply ]
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service 2015-02-13
Hector Marco (hecmargi upv es)
Hello,

Summary:

A bug in the stock Google email application version 4.4.2.0200 has been
found. An attacker can remotely perform an Denial Of Service attack by
sending a specially crafted email. No interaction from the user is
needed to produce the crash just receive the malicious email.

The C

[ more ]  [ reply ]
[ MDVSA-2015:046 ] ntp 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:046
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:045 ] e2fsprogs 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:045
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:047 ] elfutils 2015-02-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:047
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
(Page 3 of 1588)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus