|
|
Colapse all |
Post message
Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities 2013-11-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Paypal Bug Bounty #14 - Persistent Payment Mail Encoding Vulnerability 2013-11-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Paypal Inc BB #14 - Persistent Payment Mail Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=651 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install) 2013-11-19 bruk0ut sec gmail com ------------------- 1) Overview Title: Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install) Product: Intersystems Cache Product URL: http://www.intersystems.com/cache/index.html Vendor: Intersystems Affected Versions: Tested on Cache for Windows x86-64 & i386 2009.* thr [ more ] [ reply ] XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow 2013-11-19 geinblues gmail com +--------------------------------------------------------------------+ | XADV-2013007 Linux Kernel bt8xx Video Driver IOCTL Heap Overflow | +--------------------------------------------------------------------+ Vulnerable versions: - linux kernel 2.6.18 <= Testbed: ubuntu Type: Local Impact: Medi [ more ] [ reply ] XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption 2013-11-19 geinblues gmail com +----------------------------------------------------------------------- --------+ | XADV-2013008 Linux Kernel 3.11.7 <= sk_attach_filter Kernel Heap Corruption | +----------------------------------------------------------------------- --------+ Vulnerable versions: - linux kernel 3.11.7 <= Testbed [ more ] [ reply ] XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow 2013-11-19 geinblues gmail com +----------------------------------------------------------------+ | XADV-2013003 Linux Kernel fbdev Driver arcfb_write() Overflow | +----------------------------------------------------------------+ Vulnerable versions: - linux kernel 3.12 <= - linux kernel 2.6.x Testbed: linux kernel 2.6.18 [ more ] [ reply ] pineapp mailsecure remote no authenticated privilege escalation & remote execution code 2013-11-19 rubengarrote gmail com Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https request [ more ] [ reply ] ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities 2013-11-19 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See below [ more ] [ reply ] 16TH AVAR INTERNATIONAL SECURITY CONFERENCE 2013 - (4th-7th Dec'13, Chennai. India) 2013-11-19 Gregory Panakkal (gregory_panakkal fastmail fm) We are pleased to announce that for the first time ever, one of the largest international Security Conferences - AVAR 2013 - is set to be held in Chennai, India. AVARÂ (Association of Antivirus Asia Researchers)Â is an independent and not-for-profit organization oriented in the Asia-Pacific regio [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-13:14.openssh 2013-11-19 FreeBSD Security Advisories (security-advisories freebsd org) SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution 2013-11-19 Dennis Kelly (dennis kelly gmail com) Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Origina [ more ] [ reply ] Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability 2013-11-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=807 PayPal Security UID: dx1f89rtd Release Date: ============= 2013-11-19 Vulnerability Laboratory ID [ more ] [ reply ] PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability 2013-11-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=801 PayPal Security UID: kxy1ea5ech Release Date: ============= 2013-11-18 Vulnerability Laboratory ID [ more ] [ reply ] [slackware-security] seamonkey (SSA:2013-322-04) 2013-11-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2013-322-04) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability 2013-11-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=860 PayPal Security UID: rdbeeur Release Date: ============= 2013-11-17 Vulnerability Laboratory ID (VL-ID [ more ] [ reply ] [slackware-security] samba (SSA:2013-322-03) 2013-11-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2013-322-03) New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/samba [ more ] [ reply ] [slackware-security] openssh (SSA:2013-322-02) 2013-11-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2013-322-02) New openssh packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openss [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2013-322-01) 2013-11-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2013-322-01) New mozilla-firefox packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +----------------------- [ more ] [ reply ] [SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities 2013-11-18 advisories enkomio com [SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities I. * Information * ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusion and Reflected Cross-Site Scri [ more ] [ reply ] Re: Fwd: vulnerability issue for DB2 express 2013-11-18 shatter appsecinc com This was a bug in the DB2 code and was fixed by IBM long ago. Both, v6 and v7 of DB2 are very old and out of support versions. Even if you apply the Fix Packs mentioned below you will still have many other security vulnerabilities in the system. My recommendation is to plan on upgrading the DB2 serv [ more ] [ reply ] [OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass 2013-11-15 Tim Brown (timb openvas org) Summary It has been identified that OpenVAS Manager and OpenVAS Administrator are vulnerable to authentication bypass due to an incorrect state assignment when processing OMP and OAP requests. It has been identified that this vulnerability may allow unauthorised access to OpenVAS Manager and OpenV [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:271
http://www.mandriva.com/en/support/security/
___________________________________________________________
[ more ] [ reply ]