BugTraq Mode:
(Page 3 of 1562)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin 2014-10-08
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23235
Product: Google Calendar Events WordPress plugin
Vendor: Phil Derksen
Vulnerable Version(s): 2.0.1 and probably prior
Tested Version: 2.0.1
Advisory Publication: September 17, 2014 [without technical details]
Vendor Notification: September 17, 2014
Vendor Patch: October 7, 2

[ more ]  [ reply ]
[SECURITY] [DSA 3047-1] rsyslog security update 2014-10-08
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3047-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
October 08, 2014

[ more ]  [ reply ]
[security bulletin] HPSBGN03108 rev.1 - HP Records Manager, Remote Cross-Site Scripting (XSS) 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04441391

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04441391
Version: 1

SUPPORT COMMUN

[ more ]  [ reply ]
[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It! 2014-10-07
Pedro Ribeiro (pedrib gmail com)
Hi,

tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a
RCE and the other gets you the domain admin and SQL database creds.
Other minor vulns are also disclosed. Details below.

CERT handled the disclosure for these vulnerabilities (see CERT
VU#121036) and according to them BMC di

[ more ]  [ reply ]
[security bulletin] HPSBMU03118 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2014-10-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468121

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468121
Version: 2

HPSBMU03118 r

[ more ]  [ reply ]
Multiple vulnerabilities in DrayTek VigorACS SI 2014-10-07
Erik-Paul Dittmer (epdittmer digitalmisfits com)
DrayTek VigorACS SI ( <= 1.3.0)

Vigor ACS-SI Edition is a Central Management System for DrayTek
routers and firewalls,
providing System Integrators or system administration personnel a
real-time integrated
monitoring, configuration and management platform.

-----------------------------------------

[ more ]  [ reply ]
OWTF 1.0 "Lionheart" released! 2014-10-06
Abraham Aranguren (abraham aranguren owasp org)
Dear BugTraq friends,

We are pleased to let you know that OWTF 1.0 "Lionheart" has been released!
Dedicated to the courage and hard work shown by all OWTF contributors,
mentors, everybody that gave us cool ideas, etc. to make this amazing
release happen, to all of you, thank you!

Some links:
- Han

[ more ]  [ reply ]
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 2014-10-06
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* The 'realname' parameter is not correctly filtered on user account
creation, which could lead to user data override.
* Severa

[ more ]  [ reply ]
CA20141001-01: Security Notice for Bash Shellshock Vulnerability 2014-10-06
Williams, James K (Ken Williams ca com)


CA20141001-01: Security Notice for Bash Shellshock Vulnerability

Issued: October 01, 2014

Updated: October 03, 2014

CA Technologies is investigating multiple GNU Bash vulnerabilities,

referred to as the "Shellshock" vulnerabilities, which were publicly

disclosed on September 24-27,

[ more ]  [ reply ]
Multiple Vulnerabilities in Draytek Vigor 2130 2014-10-06
Erik-Paul Dittmer (epdittmer digitalmisfits com)
VIGOR 2130 (firmware < 1.5.4.9)

1.1. Command injection in traceroute functionality

A user can execute arbitrary commands (RCE) on the router by abusing the
traceroute functionality. The interface expects an IP address as input,
but does not validate the input. Just provide the input:
; id
The abov

[ more ]  [ reply ]
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=835

Release Date:
=============
2014-09-29

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities 2014-10-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=705

Release Date:
=============
2014-09-26

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3045-1] qemu security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3045-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3046-1] mediawiki security update 2014-10-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3046-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
October 05, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3044-1] qemu-kvm security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3044-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3042-1] exuberant-ctags security update 2014-10-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3042-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 04, 2014

[ more ]  [ reply ]
[security bulletin] HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code 2014-10-03
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471546
Version: 1

HPSBHF03124 re

[ more ]  [ reply ]
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=869
http://vulnerability-db.com/magazine/articles/2014/09/30/paypal-inc-patc
hed-sev

[ more ]  [ reply ]
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1329

Release Date:
=============
2014-10-02

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability 2014-10-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1326

Release Date:
=============
2014-09-30

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway 2014-10-03
mirko casadei gmail com
########################################
#Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway
#Date: 02/10/2014
#CVE-ID: CVE-2014-7278
#Product: ZyXEL SBG3300-N series
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below (tested)
#Patc

[ more ]  [ reply ]
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway 2014-10-03
mirko casadei gmail com
########################################
#Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway
#Date: 02/10/2014
#CVE-ID: CVE-2014-7277
#Product: ZyXEL SBG3300-N series
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure V1.00(AADY.4)C0 and below

[ more ]  [ reply ]
[ MDVSA-2014:195 ] libvirt 2014-10-03
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:195
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[security bulletin] HPSBMU02895 SSRT101253 rev.3 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2014-10-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03822422

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03822422
Version: 3

HPSBMU02895 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2014-10-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468121

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468121
Version: 1

HPSBMU03118 r

[ more ]  [ reply ]
Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra Protect) Vulnerabilities 2014-10-02
Patrick Webster (patrick osisecurity com au)
Ultra Electronics / AEP Networks - SSL VPN (Netilla / Series A / Ultra
Protect) Vulnerabilities
http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabiliti
es

Release Date:
02-Oct-2014

Software:
Ultra Electronics - Series A
http://en.wikipedia.org/wiki/NetillaOS_NetConnect_by_North

[ more ]  [ reply ]
[security bulletin] HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution 2014-10-01
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04468293

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04468293
Version: 2

HPSBHF03119 re

[ more ]  [ reply ]
[ MDVSA-2014:194 ] phpmyadmin 2014-10-03
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:194
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Elasticsearch vulnerability CVE-2014-6439 2014-10-02
Jordan Sissel (jordan sissel elasticsearch com)
Summary:
Elasticsearch versions 1.3.x and prior have a default configuration for
CORS that allows an attacker to craft links that could cause a userâ??s
browser to send requests to Elasticsearch instances on their local network.
These requests could cause data loss or compromise.

We have been assig

[ more ]  [ reply ]
the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) 2014-10-01
Michal Zalewski (lcamtuf coredump cx)
Good morning! This is kinda long.

== Background ==

If you are not familiar with the original bash function export
vulnerability (CVE-2014-6271), you may want to have a look at this
article:

http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impac
t.html

Well, long story short: the

[ more ]  [ reply ]
(Page 3 of 1562)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus