SecurityFocus

[slackware-security] php (SSA:2014-192-01) 2014-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2014-192-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.3

[ more ] [ reply ]

[ MDVSA-2014:137 ] apache-mod_wsgi 2014-07-11
security mandriva com

[ MDVSA-2014:136 ] samba 2014-07-11
security mandriva com

[SECURITY] [DSA 2976-1] eglibc security update 2014-07-10
Florian Weimer (fw deneb enyo de)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2976-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
July 10, 2014

[ more ] [ reply ]

Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability 2014-07-10
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1137

Release Date:
=============
2014-07-08

Vulnerability Laboratory ID (VL-ID

[ more ] [ reply ]

Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability 2014-07-10
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1136

Video: http://www.vulnerability-lab.com/get_content.php?id=1279

Release Date:
=============

[ more ] [ reply ]

[ MDVSA-2014:135 ] python 2014-07-10
security mandriva com

[ MDVSA-2014:134 ] liblzo 2014-07-10
security mandriva com

SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop 2014-07-10
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20140710-1 >
=======================================================================
title: Multiple high risk vulnerabilities in Shopizer webshop
product: Shopizer
vulnerable version: 1.1.5 and below
fixed version: v

[ more ] [ reply ]

[ MDVSA-2014:133 ] gd 2014-07-10
security mandriva com

SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu 2014-07-10
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20140710-3 >
=======================================================================
title: Design Issue / Password Disclosure
product: All WAGO-I/O-SYSTEMs which provide a CODESYS V2.3 WebVisu
vulnerable version: Systems w

[ more ] [ reply ]

SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system 2014-07-10
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20140710-2 >
=======================================================================
title: Multiple critical vulnerabilites
product: Schrack MICROCONTROL emergency light system
vulnerable version: before 1.7.0 (937)

[ more ] [ reply ]

SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop 2014-07-10
SEC Consult Vulnerability Lab (research sec-consult com)

[security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information 2014-07-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04368546

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04368546
Version: 1

HPSBMU03070 re

[ more ] [ reply ]

[security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information 2014-07-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04368523

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04368523
Version: 1

HPSBMU03069 re

[ more ] [ reply ]

[SECURITY] [DSA 2975-1] phpmyadmin security update 2014-07-09
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2975-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
July 09, 2014

[ more ] [ reply ]

Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products 2014-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Weak Local Database Credentials in Infoblox Network Automation 2014-07-09
nate depthsecurity com

Product: Network Automation
? NetMRI
? Switch Port Manager
? Automation Change Manager
? Security Device Controller

Vendor: InfoBlox
Vulnerable Version(s): 6.4.X.X-6.8.4.X
Tested Version: 6.8.2.11

Vendor Notification: May 12th, 2014
Public Disclosure: July 9th, 2014

Vulnerability Type: OS Comma

[ more ] [ reply ]

OS Command Injection Infoblox Network Automation 2014-07-09
nate depthsecurity com

Product: Network Automation, licensed as:
? NetMRI
? Switch Port Manager
? Automation Change Manager
? Security Device Controller

Vendor: Infoblox
Vulnerable Version(s): 6.4.X.X-6.8.4.X
Tested Version: 6.8.2.11

Vendor Notification: May 12th, 2014
Vendor Patch Avail

[ more ] [ reply ]

[ MDVSA-2014:132 ] libxfont 2014-07-09
security mandriva com

[ MDVSA-2014:131 ] file 2014-07-09
security mandriva com

[ MDVSA-2014:129 ] ffmpeg 2014-07-09
security mandriva com

[ MDVSA-2014:130 ] php 2014-07-09
security mandriva com

[ MDVSA-2014:128 ] iodine 2014-07-09
security mandriva com

[ MDVSA-2014:127 ] gnupg 2014-07-09
security mandriva com

Android NFC Service Denial of Service 2014-07-09
vuln nipc org cn

Android NFC Service Denial of Service

------------------------------------------------------------------
I. Summary

NFC Service is a process of Android OS for providing access to NFC functionality, allowing

applications to read NDEF message in NFC tags. A flaw has beend found in NFC Service impl

[ more ] [ reply ]

CVE-2014-4331 OctavoCMS reflected XSS vulnerability 2014-07-09
andreu antonio gmail com

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter.

Current release on their demo site is vulnerable, same as other few sites I could find.

PoC: http://demo.octavocms.com/admin/viewer.php?src=%22%3E%3C/img%3E%3Ch2%3ET
his%20is%20a

[ more ] [ reply ]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager 2014-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID: cisco-sa-20140702-cucdm

Revision 2.0

Last Updated 2014 July 8 21:14 UTC (GMT)

For Public Release 2014 July 2 16:00 UTC (GMT)

Summary
=======

Cisco Unified Comm

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-14:17.kmem 2014-07-08
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 2974-1] php5 security update 2014-07-08
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2974-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
July 08, 2014

[ more ] [ reply ]