BugTraq Mode:
(Page 3 of 1569)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04500238

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04500238
Version: 1

HPSBMU03190 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04499681

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04499681
Version: 1

HPSBUX03188 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3071-1] nss security update 2014-11-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3071-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 11, 2014

[ more ]  [ reply ]
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] 2014-11-11
Programa STIC (stic fundacionsadosky org ar)
Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Missing SSL certificate validation in MercadoLibre app for Android

1. *Advisory Information*

Title: Missing SSL cert validation in MercadoLibre app for Android
Advisory ID: STIC-2014-0211
Advisory URL: http://www

[ more ]  [ reply ]
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04501215

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04501215
Version: 1

HPSBGN03191 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 2

HPSBGN03117 re

[ more ]  [ reply ]
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487573

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487573
Version: 1

HPSBST03155 re

[ more ]  [ reply ]
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 2014-11-09
Pedro Ribeiro (pedrib gmail com)
Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory

[ more ]  [ reply ]
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro 2014-11-08
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the "super administrator". Using our new powers we can then
dump the w

[ more ]  [ reply ]
[SECURITY] [DSA 3070-1] kfreebsd-9 security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3070-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2014

[ more ]  [ reply ]
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests 2014-11-07
Gordon Sim (gsim redhat com)
Apache Software Foundation - Security Advisory

Apache Qpid's qpidd can be induced to make http requests

CVE-2014-3629 CVS: 3

Severity: Low

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version
0.30, where xml exchange module is l

[ more ]  [ reply ]
[SECURITY] [DSA 3069-1] curl security update 2014-11-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3069-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2014

[ more ]  [ reply ]
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1048

PayPal Security UID: dq115aYq

Release Date:
=============
2014-10-27

Vulne

[ more ]  [ reply ]
BookFresh - Persistent Clients Invite Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BookFresh - Persistent Clients Invite Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1351

Release Date:
=============
2014-10-28

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1347

Release Date:
=============
2014-10-27

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Open-Xchange Security Advisory 2014-11-07 2014-11-07
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: Open-Xchange GmbH

Internal reference: 34765 (Bug ID)
Vulnerability type: SQL Injection (CWE-89)
Vulnerable version: 7.6.0 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Researcher credits: SoftScheck GmbH
Fixed v

[ more ]  [ reply ]
[SECURITY] [DSA 3068-1] konversation security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3068-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2014

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] 2014-11-06
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:24.sshd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] 2014-11-06
Programa STIC (stic fundacionsadosky org ar)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fundación Dr. Manuel Sadosky - Programa STIC Advisory
http://www.fundacionsadosky.org.ar

Insecure management of login credentials in PicsArt Photo Studio for
Android

1. *Advisory Information*

Title: Insecure management of login credentials in P

[ more ]  [ reply ]
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities 2014-11-06
Larry W. Cashdollar (larry0 me com)
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Author: Larry W. Cashdollar, @_larry0
Date: 10/17/2014
Download: https://wordpress.org/plugins/xcloner-backup-and-restore/
Download: http://extensions.joomla.org/extensions/access-a-security/site-secur

[ more ]  [ reply ]
ZTE ZXDSL 831 Multiple Cross Site Scripting 2014-11-06
habte yibelo gmail com
TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//&tr6
9cAcsUser=cpe&tr69cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=i

[ more ]  [ reply ]
ZTE 831CII Multiple Vulnerablities 2014-11-06
habte yibelo gmail com
Hardcoded default misconfiguration - The modem comes with admin:admin user credintials.

Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSu
bnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280
%29;//&enblUpnp=1&enblLan2=0
Any user browsing to http

[ more ]  [ reply ]
ZTE ZXDSL 831CII Direct Object Reference 2014-11-06
habte yibelo gmail com
The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file (without no authentication) would give a remote attacker full access to the modem and then can easily be used to root the modem

[ more ]  [ reply ]
CA20141103-01: Security Notice for CA Cloud Service Management 2014-11-06
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----

CA20141103-01: Security Notice for CA Cloud Service Management

Issued: November 3, 2014

CA Technologies Support is alerting customers to four resolved
vulnerabilities with CA Cloud Service Management. Four vulnerabilities
existed that could potentially allow a r

[ more ]  [ reply ]
[SECURITY] [DSA 3067-1] qemu-kvm security update 2014-11-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3067-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 06, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3066-1] qemu security update 2014-11-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3066-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 06, 2014

[ more ]  [ reply ]
[SECURITY] [DSA 3065-1] libxml-security-java security update 2014-11-06
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3065-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 06, 2014

[ more ]  [ reply ]
[CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper 2014-11-06
mdgh9 yahoo com
Hello,

Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7.

Vendor Notification: 22, Oct 2014

Vulnerable file: drupal/modules/videowhisper/vwrooms/js/jsor-jcarousel/examples/special_t
extscroller.php

POC: http://vulnerable-website/drupal/modules/videowhisper/vwro

[ more ]  [ reply ]
i-FTP Buffer Overflow SEH 2014-11-05
metacom27 gmail com
#!/usr/bin/python
#Exploit Title:i-FTP Buffer Overflow SEH
#Homepage:http://www.memecode.com/iftp.php
#Software Link:www.memecode.com/data/iftp-win32-v220.exe
#Version:i.Ftp v2.20 (Win32 Release)
#Vulnerability discovered:26.10.2014
#Description:Simple portable cross platform FTP/SFTP/HTTP client.
#

[ more ]  [ reply ]
i.Mage Local Crash Poc 2014-11-05
metacom27 gmail com
#!/usr/bin/python
#Exploit Title:i.Mage Local Crash Poc
#Homepage:http://www.memecode.com/image.php
#Software Link:http://sourceforge.net/projects/image-editor/files/i.mage-win32-v11
1.exe/download
#Version:i.i.Mage v1.11 (Win32 Release)
#Description:i.Mage is a small and fast graphics editor slanted

[ more ]  [ reply ]
(Page 3 of 1569)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus