BugTraq Mode:
(Page 3 of 1570)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: CVE-2014-8732 2014-11-13
cert it nrw de
We successfully contacted the author. He is currently working on patching the issue in the next version.

[ more ]  [ reply ]
Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 2014-11-13
cert it nrw de
We successfully contacted the author. He is currently working on patching the issue in the next version.

[ more ]  [ reply ]
[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution 2014-11-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497042

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497042
Version: 1

HPSBMU03182 re

[ more ]  [ reply ]
[SECURITY] [DSA 3050-3] iceweasel security update 2014-11-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3050-3 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 12, 2014

[ more ]  [ reply ]
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731] 2014-11-12
Programa STIC (stic fundacionsadosky org ar)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Prey Anti-Theft for Android missing SSL certificate validation

1. *Advisory Information*

Title: Prey Anti-Theft for Android missing SSL certificate validation
Adviso

[ more ]  [ reply ]
CVE-2014-8732 2014-11-12
cert it nrw de
CVE-2014-8732
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C]
CVSSv2 Base Score=7.5
CVSSv2 Temp Score=7.5
OWASP Top 10 classification: A3 - Cross Site Scripting

There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several

[ more ]  [ reply ]
CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 2014-11-12
cert it nrw de
CVE-2014-8731
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C]
CVSSv2 Base Score=10.0
CVSSv2 Temp Score=9.5
OWASP Top 10 classification: A1 - Injection

PHPMemcachedAdmin is a web-based frontend for Linux's memcached Daemon.

Project Homepage:
https://code.google.com/p/phpmemcacheadmin/

[ more ]  [ reply ]
[SECURITY] [DSA 3072-1] file security update 2014-11-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3072-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
November 11, 2014

[ more ]  [ reply ]
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) 2014-11-12
ESNC Security (secure esnc de)
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP
Governance, Risk and Compliance (SAP GRC)

Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.

------------------------------------------------------------------------

1. Busine

[ more ]  [ reply ]
[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04496538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04496538
Version: 1

HPSBGN03164 re

[ more ]  [ reply ]
[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487558

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487558
Version: 1

HPSBST03154 re

[ more ]  [ reply ]
[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04496383

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04496383
Version: 1

HPSBST03181 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471546
Version: 2

HPSBHF03124 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497075

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497075
Version: 1

HPSBMU03165 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497114

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497114
Version: 1

HPSBMU03184 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04500238

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04500238
Version: 1

HPSBMU03190 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04499681

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04499681
Version: 1

HPSBUX03188 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3071-1] nss security update 2014-11-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3071-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 11, 2014

[ more ]  [ reply ]
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] 2014-11-11
Programa STIC (stic fundacionsadosky org ar)
Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Missing SSL certificate validation in MercadoLibre app for Android

1. *Advisory Information*

Title: Missing SSL cert validation in MercadoLibre app for Android
Advisory ID: STIC-2014-0211
Advisory URL: http://www

[ more ]  [ reply ]
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04501215

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04501215
Version: 1

HPSBGN03191 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 2

HPSBGN03117 re

[ more ]  [ reply ]
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487573

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487573
Version: 1

HPSBST03155 re

[ more ]  [ reply ]
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 2014-11-09
Pedro Ribeiro (pedrib gmail com)
Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory

[ more ]  [ reply ]
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro 2014-11-08
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the "super administrator". Using our new powers we can then
dump the w

[ more ]  [ reply ]
[SECURITY] [DSA 3070-1] kfreebsd-9 security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3070-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2014

[ more ]  [ reply ]
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests 2014-11-07
Gordon Sim (gsim redhat com)
Apache Software Foundation - Security Advisory

Apache Qpid's qpidd can be induced to make http requests

CVE-2014-3629 CVS: 3

Severity: Low

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version
0.30, where xml exchange module is l

[ more ]  [ reply ]
[SECURITY] [DSA 3069-1] curl security update 2014-11-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3069-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2014

[ more ]  [ reply ]
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1048

PayPal Security UID: dq115aYq

Release Date:
=============
2014-10-27

Vulne

[ more ]  [ reply ]
BookFresh - Persistent Clients Invite Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BookFresh - Persistent Clients Invite Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1351

Release Date:
=============
2014-10-28

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1347

Release Date:
=============
2014-10-27

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
(Page 3 of 1570)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus