BugTraq Mode:
(Page 212 of 1746)  < Prev  207 208 209 210 211 212 213 214 215 216 217  Next >
[SECURITY] CVE-2014-0095 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0095 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC2 to 8.0.3

Description:
A regression was introduced in revision 1519838 that caused AJP
requests to hang if an explicit content length of zero was set on the
req

[ more ]  [ reply ]
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0096 Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
The default servlet allows web applications to define (at multiple
le

[ more ]  [ reply ]
[SECURITY] CVE-2014-0075 Apache Tomcat denial of service 2014-05-27
Mark Thomas (markt apache org)
CVE-2014-0075 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

Description:
It was possible to craft a malformed chunk size as part of a chucked
reque

[ more ]  [ reply ]
call for papers- £Ã£Ó£Ó£Å£²£°£±£´ 2014-05-27
cfp-conf2014.org (cfp-conf2014 org securityfocus com)
Announcement for CSSE2014£ºComputer Science and Software Engineering Related Field International Academic Conference

Welcome to submit papers to CSSE2014
Computer Science and Software Engineering
Hangzhou, China, 2014/10/18, 19

All accepted papers will be published by All accepted
papers will be p

[ more ]  [ reply ]
[security bulletin] HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code 2014-05-27
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04311273

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04311273
Version: 1

HPSBGN03041 re

[ more ]  [ reply ]
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own) 2014-05-26
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap
Overflow (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to create,

[ more ]  [ reply ]
[security bulletin] HPSBUX02960 SSRT101419 rev.3 - HP-UX Running NTP, Remote Denial of Service (DoS) 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04084148

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04084148
Version: 3

HPSBUX02960 SS

[ more ]  [ reply ]
[security bulletin] HPSBMU03009 rev.3 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Disclosure of Information 2014-05-23
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04249113

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04249113
Version: 3

HPSBMU03009 re

[ more ]  [ reply ]
ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities 2014-05-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities

EMC Identifier: ESA-2014-021

CVE Identifier: CVE-2014-0639

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products:

RSA Archer ver

[ more ]  [ reply ]
[SECURITY] [DSA 2936-1] torque security update 2014-05-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2936-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 23, 2014

[ more ]  [ reply ]
[security bulletin] HPSBMU03025 rev.2 - HP Diagnostics running OpenSSL, Remote Disclosure of Information 2014-05-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04267775

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04267775
Version: 2

HPSBMU03025 re

[ more ]  [ reply ]
[security bulletin] HPSBMU02995 rev.8 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure 2014-05-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102
Version: 8

HPSBMU02995 r

[ more ]  [ reply ]
ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability 2014-05-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability

EMC Identifier: ESA-2014-045

CVE Identifier: CVE-2014-2504

Severity: CVSSv2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Documentum D2

[ more ]  [ reply ]
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 2014-05-21
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

Safari 6.1.4 and Safari 7.0.4 are now available and address the
following:

WebKit
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3
Impac

[ more ]  [ reply ]
[KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com) (1 replies)
------------------------------------------------------------------------

Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
------------------------------------------------------------------------

[-] Software Link:

http://dotclear.org/

[-] Affected Versions:

Version 2.6.

[ more ]  [ reply ]
[KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com)
[KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability 2014-05-21
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
------------------------------------------------------------------------
-

[-] Software Link:

http://dotclear.org/

[-] Affected Versions:

Version 2

[ more ]  [ reply ]
[SECURITY] [DSA 2935-1] libgadu security update 2014-05-21
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2935-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
May 21, 2014

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Products 2014-05-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco NX-OS-Based Products

Advisory ID: cisco-sa-20140521-nxos

Revision 1.0

For Public Release 2014 May 21 16:00 UTC (GMT)

Summary
=======

Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multila

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wide Area Application Services Remote Code Execution Vulnerability 2014-05-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wide Area Application Services Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20140521-waas

Revision 1.0

For Public Release 2014 May 21 16:00 UTC (GMT)

Summary
=======

A vulnerability in Cisco Wide Area Application Services (WAAS)

[ more ]  [ reply ]
[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information 2014-05-21
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04307186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04307186
Version: 1

HPSBMU03044 r

[ more ]  [ reply ]
Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure 2014-05-22
kyle Lovett (krlovett gmail com)
The following five D-Link model routers suffer from several
vulnerabilities including Clear Text Storage of Passwords, Cross Site
Scripting and Sensitive Information Disclosure.

DIR-652
D-Link Wireless N Gigabit Home Router

DIR-835
D-Link Network DIR-835L Wireless N 750M Dual-band 802.11n 4Port G

[ more ]  [ reply ]
[security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code 2014-05-21
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04296442

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04296442
Version: 1

HPSBMU03042 re

[ more ]  [ reply ]
SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4 2014-05-21
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20140521-0 >
=======================================================================
title: Multiple vulnerabilities
product: CoSoSys Endpoint Protector 4
vulnerable version: a

[ more ]  [ reply ]
Wordpress Booking System (Booking Calendar) plugin SQL Injection 2014-05-21
info sec (omgpdrv gmail com)
# Exploit Title: Wordpress Booking System (Booking Calendar) plugin
SQL Injection
# Release Date: 2014-05-21
# Author: maodun
# Contact: Twitter: @conmancm
# Software Link: http://wordpress.org/support/plugin/booking-system
# Affected version: < 1.3
# Google Dork: inurl:/wp-content/plugins/booking-s

[ more ]  [ reply ]
Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe 2014-05-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several programs of the current Windows 7 driver software for the
"HP OfficeJet 6700" multifunction device execute a rogue program
C:\Program.exe

The evidence (an excerpt from the SAFER log, cf.
<http://technet.microsoft.com/en-us/library/bb457006.aspx> or
<https://www.microsoft.com/resou

[ more ]  [ reply ]
APPLE-SA-2014-15-20-1 OS X Server 3.1.2 2014-05-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

OS X Server 3.1.2 is now available and addresses the following:

Ruby
Available for: OS X Mavericks 10.9.3 or later
Impact: Running a Ruby script that uses untrusted input to create a
Float object may lead to a

[ more ]  [ reply ]
CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS 2014-05-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Unauthenticated Blind SQL Injection in BSS
Continuity CMS
CVE: CVE-2014-3446
Vendor: BSS
Product: Continuity CMS
Affected version: 4.2.22640.0
Fixed version: N/A
Reported by: Jerzy Kramarz

Details:

he following URL and parameters have been confirmed to suffer from Blind
SQL in

[ more ]  [ reply ]
CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS 2014-05-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Remote Denial Of Service in BSS Continuity CMS
CVE: CVE-2014-3447
Vendor: BSS
Product: Continuity CMS
Affected version: 4.2.22640.0
Fixed version: N/A
Reported by: Jerzy Kramarz

Details:

By repeatedly calling node enumeration script, a remote unauthenticated
attacker can overl

[ more ]  [ reply ]
CVE-2014-3450 - Privilege Escalation in Panda Security 2014-05-20
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-3450
Vendor: Panda
Product: Security
Affected version: See below
Fixed version: See below
Reported by: Kyriakos Economou

Details:

All users of the following (and possibly earlier) versions of Panda
security products for Wind

[ more ]  [ reply ]
(Page 212 of 1746)  < Prev  207 208 209 210 211 212 213 214 215 216 217  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus