BugTraq Mode:
(Page 180 of 1746)  < Prev  175 176 177 178 179 180 181 182 183 184 185  Next >
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) 2014-11-12
ESNC Security (secure esnc de)
[ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP
Governance, Risk and Compliance (SAP GRC)

Please refer to http://www.esnc.de for the original security advisory,
updates and additional information.

------------------------------------------------------------------------

1. Busine

[ more ]  [ reply ]
[security bulletin] HPSBGN03164 rev.1 - HP IceWall SSO Dfw, SSO Certd and MCRP running OpenSSL, Remote Disclosure of Information 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04496538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04496538
Version: 1

HPSBGN03164 re

[ more ]  [ reply ]
[security bulletin] HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487558

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487558
Version: 1

HPSBST03154 re

[ more ]  [ reply ]
[security bulletin] HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04496383

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04496383
Version: 1

HPSBST03181 re

[ more ]  [ reply ]
[security bulletin] HPSBHF03124 rev.2 - HP Thin Clients running Bash Shell, Remote Execution of Code 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471546
Version: 2

HPSBHF03124 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497075

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497075
Version: 1

HPSBMU03165 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04497114

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04497114
Version: 1

HPSBMU03184 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04500238

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04500238
Version: 1

HPSBMU03190 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04499681

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04499681
Version: 1

HPSBUX03188 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3071-1] nss security update 2014-11-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3071-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
November 11, 2014

[ more ]  [ reply ]
Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211] 2014-11-11
Programa STIC (stic fundacionsadosky org ar)
Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Missing SSL certificate validation in MercadoLibre app for Android

1. *Advisory Information*

Title: Missing SSL cert validation in MercadoLibre app for Android
Advisory ID: STIC-2014-0211
Advisory URL: http://www

[ more ]  [ reply ]
[security bulletin] HPSBGN03191 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd, Remote Disclosure of Information and other Vulnerabilities 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04501215

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04501215
Version: 1

HPSBGN03191 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03117 rev.2 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04467807

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04467807
Version: 2

HPSBGN03117 re

[ more ]  [ reply ]
[security bulletin] HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution 2014-11-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487573

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487573
Version: 1

HPSBST03155 re

[ more ]  [ reply ]
[The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 2014-11-09
Pedro Ribeiro (pedrib gmail com)
Hi,

This is the 8th part of the ManageOwnage series. For previous parts see [1].

This time we have a file upload leading to remote code execution and a
blind SQL injection in ManageEngine OpManager, Social IT Plus and
IT360.
ManageEngine have released an emergency fix, see details in the
advisory

[ more ]  [ reply ]
[The ManageOwnage Series, part VII]: Super admin privesc + password DB dump in Password Manager Pro 2014-11-08
Pedro Ribeiro (pedrib gmail com)
Hi,

This is part 7 of the ManageOwnage series. For previous parts, see [1].

Today we have a blind SQL injection in Password Manager Pro (PMP) that
can be abused to escalate privileges for a low privileged user (like a
guest) to the "super administrator". Using our new powers we can then
dump the w

[ more ]  [ reply ]
[SECURITY] [DSA 3070-1] kfreebsd-9 security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3070-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2014

[ more ]  [ reply ]
CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests 2014-11-07
Gordon Sim (gsim redhat com)
Apache Software Foundation - Security Advisory

Apache Qpid's qpidd can be induced to make http requests

CVE-2014-3629 CVS: 3

Severity: Low

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version
0.30, where xml exchange module is l

[ more ]  [ reply ]
[SECURITY] [DSA 3069-1] curl security update 2014-11-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3069-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
November 07, 2014

[ more ]  [ reply ]
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1048

PayPal Security UID: dq115aYq

Release Date:
=============
2014-10-27

Vulne

[ more ]  [ reply ]
BookFresh - Persistent Clients Invite Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BookFresh - Persistent Clients Invite Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1351

Release Date:
=============
2014-10-28

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability 2014-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1347

Release Date:
=============
2014-10-27

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Open-Xchange Security Advisory 2014-11-07 2014-11-07
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: Open-Xchange GmbH

Internal reference: 34765 (Bug ID)
Vulnerability type: SQL Injection (CWE-89)
Vulnerable version: 7.6.0 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Researcher credits: SoftScheck GmbH
Fixed v

[ more ]  [ reply ]
[SECURITY] [DSA 3068-1] konversation security update 2014-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3068-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2014

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED] 2014-11-06
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:24.sshd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426] 2014-11-06
Programa STIC (stic fundacionsadosky org ar)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fundación Dr. Manuel Sadosky - Programa STIC Advisory
http://www.fundacionsadosky.org.ar

Insecure management of login credentials in PicsArt Photo Studio for
Android

1. *Advisory Information*

Title: Insecure management of login credentials in P

[ more ]  [ reply ]
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities 2014-11-06
Larry W. Cashdollar (larry0 me com)
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Author: Larry W. Cashdollar, @_larry0
Date: 10/17/2014
Download: https://wordpress.org/plugins/xcloner-backup-and-restore/
Download: http://extensions.joomla.org/extensions/access-a-security/site-secur

[ more ]  [ reply ]
ZTE ZXDSL 831 Multiple Cross Site Scripting 2014-11-06
habte yibelo gmail com
TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//&tr6
9cAcsUser=cpe&tr69cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=i

[ more ]  [ reply ]
ZTE 831CII Multiple Vulnerablities 2014-11-06
habte yibelo gmail com
Hardcoded default misconfiguration - The modem comes with admin:admin user credintials.

Stored XSS - http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSu
bnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280
%29;//&enblUpnp=1&enblLan2=0
Any user browsing to http

[ more ]  [ reply ]
ZTE ZXDSL 831CII Direct Object Reference 2014-11-06
habte yibelo gmail com
The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file (without no authentication) would give a remote attacker full access to the modem and then can easily be used to root the modem

[ more ]  [ reply ]
(Page 180 of 1746)  < Prev  175 176 177 178 179 180 181 182 183 184 185  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus