Colapse all |
Post message
[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow 2014-11-19 CORE Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Stack-based Buffer Overflow 1. *Advisory Information* Title: Advantech WebAccess Stack-based Buffer Overflow Advisory ID: CORE-2014-0010 Advisory URL: http://www.coresecurity.com/advisories/advantech-webAcces [ more ] [ reply ] [CORE-2014-0008] - Advantech AdamView Buffer Overflow 2014-11-19 CORE Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech AdamView Buffer Overflow 1. *Advisory Information* Title: Advantech AdamView Buffer Overflow Advisory ID: CORE-2014-0008 Advisory URL: http://www.coresecurity.com/advisories/advantech-adamView-buffer-overflo w Date publ [ more ] [ reply ] [CORE-2014-0009] - Advantech EKI-6340 Command Injection 2014-11-19 CORE Advisories Team (advisories coresecurity com) Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. *Advisory Information* Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-inject ion Dat [ more ] [ reply ] CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM 2014-11-19 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Multiple SQL Injections in Dolibarr ERP & CRM CVE: CVE-2014-7137 Vendor: Dolibarr ERP & CRM Product: Dolibarr ERP & CRM Affected version: 3.5.3 Fixed version: 3.6.1 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as [ more ] [ reply ] Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension 2014-11-19 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23241 Product: Simple Email Form Joomla Extension Vendor: Doug Bierer Vulnerable Version(s): 1.8.5 and probably prior Tested Version: 1.8.5 Advisory Publication: October 29, 2014 [without technical details] Vendor Notification: October 29, 2014 Public Disclosure: November 19, 2014 [ more ] [ reply ] CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 2014-11-18 Steffen Bauch (mail steffenbauch de) CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attac [ more ] [ reply ] CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 2014-11-18 Steffen Bauch (mail steffenbauch de) CVE-2014-8768 tcpdump denial of service in verbose mode using malformed Geonet payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is att [ more ] [ reply ] CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload 2014-11-18 Steffen Bauch (mail steffenbauch de) CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. 2. Summary [ more ] [ reply ] [security bulletin] HPSBMU03183 rev.2 - HP Server Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information 2014-11-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04497090 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04497090 Version: 2 HPSBMU03183 r [ more ] [ reply ] [security bulletin] HPSBMU03072 rev.3 - HP Data Protector, Remote Execution of Arbitrary Code 2014-11-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04373818 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04373818 Version: 3 HPSBMU03072 re [ more ] [ reply ] APPLE-SA-2014-11-17-3 Apple TV 7.0.2 2014-11-17 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application te [ more ] [ reply ] APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 2014-11-17 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 OS X 10.10.1 is now available and addresses the following: CFNetwork Available for: OS X Yosemite v10.10 Impact: Website cache may not be fully cleared after leaving private browsing Description: A priva [ more ] [ reply ] APPLE-SA-2014-11-17-1 iOS 8.1.1 2014-11-17 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetwork Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Website cache may not be fully cleared after leavin [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2014-320-01) 2014-11-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2014-320-01) New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] [SECURITY] [DSA 3073-1] libgcrypt11 security update 2014-11-16 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information 2014-11-14 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04501908 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04501908 Version: 1 HPSBGN03192 re [ more ] [ reply ] CVE-2014-8683 XSS in Gogs Markdown Renderer 2014-11-14 Timo Schmid (tschmid ernw de) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid <tschmid (at) ernw (dot) de [email concealed]> Description =========== Gogs(Go Git Service) is a painless self-hosted Git Service written in Go. (taken from [1]) It is very similiar to the [ more ] [ reply ] CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs 2014-11-14 Timo Schmid (tschmid ernw de) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid <tschmid (at) ernw (dot) de [email concealed]> Description =========== Gogs(Go Git Service) is a painless self-hosted Git Service written [ more ] [ reply ] [security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution 2014-11-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04497042 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04497042 Version: 1 HPSBMU03182 re [ more ] [ reply ] [SECURITY] [DSA 3050-3] iceweasel security update 2014-11-12 Salvatore Bonaccorso (carnil debian org) |
Privacy Statement |
CVE: CVE-2014-8877
Plugin: CM Download Manager plugin
Vendor: CreativeMinds - https://www.cminds.com/
Product: https://wordpress.org/plugins/cm-download-manager/
Affected version: 2.0.0 and previous version
Fixed version: 2
[ more ] [ reply ]