BugTraq Mode:
(Page 242 of 1747)  < Prev  237 238 239 240 241 242 243 244 245 246 247  Next >
LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client 2013-12-15
zoczus gmail com
Author: Jakub Zoczek [zoczus (at) gmail (dot) com [email concealed]]
CVE Reference: CVE-2013-7032
Product: LiveZilla
Vendor: LiveZilla GmbH [http://livezilla.net]
Affected version: 5.1.2.0
Severity: Medium
CVSSv2 Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Status: Fixed

0x01 Background

LiveZilla, the widely-used and trusted Liv

[ more ]  [ reply ]
[SECURITY] [DSA 2817-1] libtar security update 2013-12-14
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2817-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
December 14, 2013

[ more ]  [ reply ]
Last Call - 2sd World Conference on IST; Submission: December 29 2013-12-14
WorldCIST (marialemos72 gmail com)
========================================================================
====
2sd World Conference on Information Systems and Technologies - WorldCIST'14
April 15-18, 2014, Madeira Island, Portugal
http://www.aisti.eu/worldcist14/
================================

Submission deadline: December 29

*

[ more ]  [ reply ]
Call for Papers -YSTS 8 - Information Security Conference, Brazil 2013-12-13
Luiz Eduardo (le ysts org)
Hello Bugtraq readers, the CFP for YSTS 8 is now opened.

======

YSTS 8th Edition

Sao Paulo, Brazil

April 14th, 2014

Call for Papers Opens: December 13th, 2013

Call for Papers Close: February 1st, 2014

http://www.ysts.org

@ystscon

INTRODUCTION

After 7 very successful editions here we

[ more ]  [ reply ]
User Identity Spoofing in Bitrix Site Manager 2013-12-16
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23183
Product: Bitrix Site Manager
Vendor: Bitrix, Inc
Vulnerable Version(s): 12.5.13 and probably prior
Tested Version: 12.5.13
Advisory Publication: November 6, 2013 [without technical details]
Vendor Notification: November 6, 2013
Vendor Patch: November 12, 2013
Public Disclos

[ more ]  [ reply ]
Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability 2013-12-13
Stefan Esser (stefan esser sektioneins de)

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability
Release Date: 2013/12/13
Last Modified: 2013/12/13
Author: Stefan Esser [stefan.esser[

[ more ]  [ reply ]
DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013 2013-12-13
Tony Naggs (tonynaggs gmail com)
We have the DOWNSTAIRS bar at The Phoenix, Cavendish Square from 18:00
until the bar closes (~23:00)

Agenda:
Drinking beer and/or other beverages.
Swapping war stories.
Drinking more beer.
Eating yummy food, pre-order Christmas menu details here -
http://dc4420.org/images/DC4420_XM

[ more ]  [ reply ]
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities 2013-12-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=806

Microsoft Security Response Center (MSRC) ID: 14090
Microsoft Security Response Center (MSRC) Ma

[ more ]  [ reply ]
[security bulletin] HPSBMU02931 rev.3 - HP Service Manager and ServiceCenter, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS) 2013-12-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03960916

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03960916
Version: 3

HPSBMU02931 re

[ more ]  [ reply ]
[security bulletin] HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environment (JRE) Security Update 2013-12-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03748879

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03748879
Version: 3

HPSBMU02874 re

[ more ]  [ reply ]
[security bulletin] HPSBMU02872 rev.4 - HP Service Manager Web Tier, Remote Disclosure of Information, Cross Site Scripting (XSS) 2013-12-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03748875

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03748875
Version: 4

HPSBMU02872 re

[ more ]  [ reply ]
[security bulletin] HPSBGN02951 rev.1 - HP Operations Orchestration, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) 2013-12-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04041093

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04041093
Version: 1

HPSBGN02951 re

[ more ]  [ reply ]
[security bulletin] HPSBGN02952 rev.1 - HP Application Lifecycle Manager (ALM) Running JBoss Application Server, Remote Code Execution 2013-12-13
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04041110

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04041110
Version: 1

HPSBGN02952 re

[ more ]  [ reply ]
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities 2013-12-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1168

Release Date:
=============
2013-12-11

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Microsoft Yammer - Persistent Profile Vulnerabilities 2013-12-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Yammer - Persistent Profile Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=978

MSRC ID: 14808

Release Date:
=============
2013-12-12

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability 2013-12-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft PhotoStory - CS Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1012

Microsoft Security Response Center (MSRC) ID: 15155

Release Date:
=============
2013-12-12

Vulnerabil

[ more ]  [ reply ]
SAMSPADE 1.14 BUFFER OVERFLOW 2013-12-12
vishal_mishra live com
# Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW
# Date: 10-12-2013
# Exploit Author: VISHAL MISHRA & NIDHI VERMA
# Vendor Homepage: http://www.samspade.org/
# Software Link: http://www.majorgeeks.com/mg/getmirror/sam_spade,1.html
# Version: 1.1.4 (beta)
# Tested on: WINDOWS XP(sp2)
TARGET: windows xp

[ more ]  [ reply ]
[SECURITY] [DSA 2816-1] php5 security update 2013-12-12
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2816-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
December 12, 2013

[ more ]  [ reply ]
[CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) 2013-12-12
mailing lists (lists c22 cc)
Evernote Android Insecure Password Change (one-click setup)

Product: Evernote (Android)
Project Homepage: evernote.com
Internal Advisory ID: c22-2013-05
Vulnerable Version(s): Android version 5.5.0 (and prior)
Tested Version: Android 5.x (Android 4.2/4.3)
Vendor Notification: Aug 13, 2013
Public Di

[ more ]  [ reply ]
[CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection 2013-12-12
mailing lists (lists c22 cc)
Evernote Android Insecure Storage of PIN data / Bypass of PIN protection

Product: Evernote (Android)
Project Homepage: evernote.com
Internal Advisory ID: c22-2013-03 / c22-2013-04
Vulnerable Version(s): Android version 5.5.0 (and prior)
Tested Version: Android 5.x (Android 4.2/4.3)
Vendor Notificat

[ more ]  [ reply ]
CORE-2013-0807 - Divide Error in Windows Kernel 2013-12-11
CORE Advisories Team (advisories coresecurity com) (1 replies)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Divide Error in Windows Kernel

1. *Advisory Information*

Title: Divide Error in Windows Kernel
Advisory ID: CORE-2013-0807
Advisory URL:
http://www.coresecurity.com/advisories/divide-error-in-windows-kernel
Date published: 2013-

[ more ]  [ reply ]
Re: CORE-2013-0807 - Divide Error in Windows Kernel 2013-12-11
CORE Advisories Team (advisories coresecurity com)
ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities 2013-12-11
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-089: EMC Connectrix Manager Converged Network Edition Remote Code Execution Vulnerabilities

EMC Identifier: ESA-2013-089

CVE Identifier: CVE-2013-6810

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

[ more ]  [ reply ]
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting 2013-12-11
advisories enkomio com
[SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting

I. * Information *
==================
Name : Vtiger 5.4.0 Reflected Cross Site Scripting
Software : Vtiger 5.4.0 and possibly below.
Vendor Homepage : https://www.vtiger.com/
Vulnerability Type : Reflected Cross-Site Scripting
Severit

[ more ]  [ reply ]
FlashCanvas 1.5 proxy.php XSS Vulnerability 2013-12-11
code 7elements co uk
Advisory Information

Title: FlashCanvas proxy.php XSS Vulnerability

Date published: 11 December 2013

Reference: CVE-2013-6880

Advisory Summary

Script does not adequately verify the Referer header before requesting (via curl) the remote URL specified in the ?url? GET parameter and rendering it.

[ more ]  [ reply ]
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities 2013-12-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1166

Release Date:
=============
2013-12-10

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
SQL Injection in InstantCMS 2013-12-11
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23185
Product: InstantCMS
Vendor: InstantSoft
Vulnerable Version(s): 1.10.3 and probably prior
Tested Version: 1.10.3
Advisory Publication: November 20, 2013 [without technical details]
Vendor Notification: November 20, 2013
Vendor Patch: November 21, 2013
Public Disclosure: Dece

[ more ]  [ reply ]
Android Fragment Injection vulnerability 2013-12-10
Roee Hay (roeeh il ibm com)
Hi,

We have recently disclosed a new vulnerability to the Android Security
Team. The vulnerability affected many apps, including Settings (the
one that is found on every Android device), Gmail, Google Now, Dropbox
and Evernote. To be more accurate, any App which extended the
PreferenceActivity clas

[ more ]  [ reply ]
[security bulletin] HPSBPI02945 rev.1 - HP Officejet Pro 8500 (A909) All-in-One Printer, Cross-Site Scripting (XSS) 2013-12-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04035829

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04035829
Version: 1

HPSBPI02945 re

[ more ]  [ reply ]
CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability 2013-12-10
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

IcoFX Buffer Overflow Vulnerability

1. *Advisory Information*

Title: IcoFX Buffer Overflow Vulnerability
Advisory ID: CORE-2013-1107
Advisory URL:
http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerabili
ty
Date p

[ more ]  [ reply ]
(Page 242 of 1747)  < Prev  237 238 239 240 241 242 243 244 245 246 247  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus