BugTraq Mode:
(Page 4 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3127-1] iceweasel security update 2015-01-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3127-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2015

[ more ]  [ reply ]
Two XSS vulnerabilities in Simple Security WordPress Plugin 2015-01-14
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23244
Product: Simple Security WordPress Plugin
Vendor: MyWebsiteAdvisor
Vulnerable Version(s): 1.1.5 and probably prior
Tested Version: 1.1.5
Advisory Publication: December 17, 2014 [without technical details]
Vendor Notification: December 17, 2014
Public Disclosure: January 14,

[ more ]  [ reply ]
MS14-080 CVE-2014-6365 Code 2015-01-14
DiéyÇ? (dieyu dieyu org)
The attached file is exactly the code that I sent to
Microsoft Security Response Center "MSRC"
(Screenshot pictures are deleted)

Technical details were said in this post:
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense"
(So I don't repeat here)

The attached file is 4124 bytes.
The attac

[ more ]  [ reply ]
AusCERT2015 Call for Papers: closes 18th January 2015-01-14
AusCERT (auscert auscert org au)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

AusCERT2015 Call for Presentations and Tutorials deadline extended by one week:
closes 18th January

By popular request we are extending the deadline for submission to the
AusCERT2015 Call for Presentations and Tutorials by one week only. The Cal

[ more ]  [ reply ]
[security bulletin] HPSBGN03233 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information 2015-01-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04540692

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04540692
Version: 1

HPSBGN03233 r

[ more ]  [ reply ]
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update 2015-01-13
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3123-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 13, 2015

[ more ]  [ reply ]
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability 2015-01-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1369

Release Date:
=============
2015-01-06

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities 2015-01-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1400

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information 2015-01-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04537915

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04537915
Version: 1

HPSBMU03230 re

[ more ]  [ reply ]
SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-2 >
=======================================================================
title: Cross-Site Request Forgery
product: Kodi/XBMC
vulnerable version: XBMC/Kodi <=14
fixed version: no fixed version available

[ more ]  [ reply ]
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-1 >
=======================================================================
title: Privilege Escalation & XSS & Missing Authentication
product: Ansible Tower
vulnerable version: <=2.0.2
fixed version: >=2.0.5

[ more ]  [ reply ]
CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user 2015-01-13
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

Apache Qpid's qpidd can be crashed by authenticated user

CVE-2015-0203 CVS: 5.2

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

Certain u

[ more ]  [ reply ]
SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones 2015-01-13
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150113-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: snom IP phones
vulnerable version: all firmware versions <8.7.5.15, all firmware branche

[ more ]  [ reply ]
MS14-080 CVE-2014-6365 Technical Details Without "Nonsense" 2015-01-13
DiéyÇ? (dieyu dieyu org)
Origin:
Visit https://technet.microsoft.com/library/security/ms14-080
Go to "Acknowledgments" part and search for "CVE-2014-6365"
It says "Dieyu" - that's me.

Technical Details:
"Internet Explorer XSS Filter Bypass Vulnerability" is done by...
1. Inject "a href" link into target page.
(Not script,

[ more ]  [ reply ]
[security bulletin] HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution 2015-01-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04533737

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04533737
Version: 1

HPSBOV03228 re

[ more ]  [ reply ]
[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-13
Peter Lapp (lappsec gmail com)
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15.

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec (at) gmail (dot) com [email concealed]
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5

[ more ]  [ reply ]
Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-12
Peter Lapp (lappsec gmail com)
Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec (at) gmail (dot) com [email concealed]
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6

Summary
=======

The F5 ASM is a web applica

[ more ]  [ reply ]
[SECURITY] [DSA 3126-1] php5 security update 2015-01-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3126-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 12, 2015

[ more ]  [ reply ]
Corel Software DLL Hijacking 2015-01-12
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Corel Software DLL Hijacking

1. *Advisory Information*

Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12

[ more ]  [ reply ]
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:

http://www.example.com/mobiquo/smartbanner/welcome.php?bo

[ more ]  [ reply ]
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via URL

[ more ]  [ reply ]
[ MDVSA-2015:022 ] wireshark 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:022
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:021 ] curl 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:021
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2015:020 ] libssh 2015-01-12
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:020
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1300

Video: http://www.vulnerability-lab.com/get_content.php?id=1335

BugCrowd ID: e8a8ecb81b9bf115226ed2ff0

[ more ]  [ reply ]
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1398

BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0

Acknowledgement (Hall of F

[ more ]  [ reply ]
Blitz CMS Community - SQL Injection Web Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blitz CMS Community - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1403

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
[SECURITY] [DSA 3125-1] openssl security update 2015-01-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3125-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3124-1] otrs2 security update 2015-01-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3124-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 10, 2015

[ more ]  [ reply ]
(Page 4 of 1581)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus