SecurityFocus

ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability 2013-10-28
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1122

Release Date:
=============
2013-10-27

Vulnerability Laboratory ID (VL-ID):
==================

[ more ] [ reply ]

Re: Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014) 2013-10-28
Brandon Butterworth (brandon rd bbc co uk)

> <td style="PADDING-BOTTOM: 5px; LINE-HEIGHT: 22px;
> PADDING-LEFT: 5px; PADDING-RIGHT: 5px; FONT-FAMILY: Times New
> Roman; COLOR: #2b2b2b; FONT-SIZE: 19px; PADDING-TOP: 5px"
> align="left"><p style="line-height:23px;font-size:20px;">Dear
> Colleagues,</p> <p>We would like to cordially invite

[ more ] [ reply ]

[PT-2013-46] Local File Include in Nagios Looking Glass 2013-10-28
noreply ptsecurity ru

-----------------------------------------------------------
(PT-2013-46) Positive Technologies Security Advisory
Local File Include in Nagios Looking Glass
-----------------------------------------------------------

---[ Vulnerable software ]

Nagios Looking Glass
Version: 1.1.0 beta 2 an

[ more ] [ reply ]

[scip_Advisory 10847] MobileIron 4.5.4 Device Registration regpin Cross Site Scripting 2013-10-28
Marc Ruef (maru scip ch)

MobileIron 4.5.4 Device Registration regpin Cross Site Scripting

scip AG Vulnerability ID 10847 (10/28/2013)
http://www.scip.ch/en/?vuldb.10847

I. INTRODUCTION

MobileIron is a commercial solution to provide secure access to mobile users in corporate environments.

More information is available on

[ more ] [ reply ]

vBulletin remote admin injection exploit 2013-10-28
simo morxploit com

#!/usr/bin/perl
#
# Title: vBulletin remote admin injection exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Coded: 17 September 2013
# Published: 24 October 2013
# MorXploit Research
# http://www.MorXploit.com
#
# Vendor: vBulletin (www.vbulletin.com)
# Version: 4.1.x / 5.x.x

[ more ] [ reply ]

Multiple CSRF Horde Groupware Web mail Edition 5.1.2 2013-10-28
m benetrix e-secure com au

#############################
Exploit Title : Multiple CSRF Horde Groupware Web mail Edition
Author:Marcela Benetrix
Date: 10/25/13
version: 5.1.2
software link:http://www.horde.org/apps/webmail

#############################
GroupWare Web mail Edition

Horde Groupware Webmail Edition is a free, ent

[ more ] [ reply ]

[SECURITY] [DSA 2786-1] icu security update 2013-10-27
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2786-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
October 27, 2013

[ more ] [ reply ]

Call for Papers, 2014 Symposium on Protocols and Rules for Security (SPRS2014) 2013-10-27
2014 Symposium on Protocols and Rules for Security \(SPRS2014\) (cis scirpinfo org)

<span id="unSub" style="FONT-SIZE: 10pt; FONT-FAMILY: verdana,arial,helvetica,sans-serif; line-height:20px;">This message was sent to [bugtraq (at) securityfocus (dot) com [email concealed]]. <a href="http://www.member.scirp.org/member/transferParameterAction.action?
personID=7835691&identifier=5DFD5F85E4BE67FA9AE938BDE3C7410710

[ more ] [ reply ]

[CVE-2012-6297] DD-WRT v24-sp2 Command Injection 2013-10-27
Craig Young (vuln-report secur3 us)

Unfortunately command injections like the NETGEAR one Zachary Cutlip
and I both came across are all too common in embedded systems.

Similar to NETGEAR and Linksys having commands injected when running
ping, I have also noticed that DD-WRT v24-sp2 is prone to command
injection from specially crafted

[ more ] [ reply ]

Call for Papers, 2014 Symposium on Cryptography and Authentication (SCA2014) , Suzhou, China 2013-10-27
2014 Symposium on Cryptography and Authentication \(SCA2014\) (cis so1 org)

[ISecAuditors Security Advisories] XSS vulnerability in LinkedIn 2013-10-28
ISecAuditors Security Advisories (advisories isecauditors com)

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-003
- Original release date: March 3rd, 2013
- Last revised: March 10th, 2013
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.3/10 (CVSSv2 Base Score)
=============================================

I. VULNERABIL

[ more ] [ reply ]

Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability 2013-10-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1038

PayPal Security UID: gJ1127yy

Release Date:
=============
2013-10-26

Vulnerability Laboratory ID (

[ more ] [ reply ]

[SECURITY] [DSA 2787-1] roundcube security update 2013-10-27
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2787-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
October 27, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2785-1] chromium-browser security update 2013-10-26
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2785-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
October 26, 2013

[ more ] [ reply ]

Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability 2013-10-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability

Release Date:
=============
2013-10-26

Vulnerability Laboratory ID (VL-ID):
====================================
1119

Common Vulnerability Scoring System:
====================================
3

[ more ] [ reply ]

Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities 2013-10-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1120

Release Date:
=============
2013-10-26

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ] [ reply ]

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution 2013-10-25
nospam gmail it

Symantec Workspace Streaming 7.5.0.493 SWS Streamlet Engine Invoker Servlets Remote Code Execution

tested against: Microsoft Windows Server 2008 R2 sp1
download url: http://www.symantec.com/it/it/products-solutions/trialware/
file tested: Symantec_Workspace_Streaming_7.5.0.493.zip

vulnerability:
t

[ more ] [ reply ]

DC4420 - London DEFCON - October meet - Tuesday 29th October 2013 2013-10-25
Major Malfunction (majormal pirate-radio org)

doesn't time fly when you're hacking fun?

on a very topical note, this month we have:

Tuesday 29th October, 2013:

1st Speaker:

Tony Naggs

Title:

How the NSA (maybe) spies on your web shopping, email, social and
business networks

Synopsis:

Since the recent revelations about the extent of the

[ more ] [ reply ]

[SECURITY] [DSA 2783-2] librack-ruby regression update 2013-10-24
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
--
Debian Security Advisory DSA-2783-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2013

[ more ] [ reply ]

CA20131024-01: Security Notice for CA SiteMinder 2013-10-24
Kotas, Kevin J (Kevin Kotas ca com)

Re: RPS/APS vulnerability in snom/yealink and others 2013-10-24
god heaven org

The video linked has been tagged private... anyone know where I can find it?

[ more ] [ reply ]

[WorldCIST'14]: World Conference on IST; Proceedings by Springer 2013-10-24
Maria Lemos (marialemos72 gmail com)

Apologies if you are receiving this mail more than once...

************************************************************************
**********
WorldCIST'14
The 2014 World Conference on Information Systems and Technologies
April 15 - 18, Madeira Island, P

[ more ] [ reply ]

[ISecAuditors Security Advisories] HTTP Response Splitting Vulnerability in WebCollab <= v3.30 2013-10-24
ISecAuditors Security Advisories (advisories isecauditors com)

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-011
- Original release date: March 21st, 2013
- Last revised: March 21st, 2013
- Discovered by: Manuel García Cárdenas
- Severity: 5/10 (CVSS Base Score)
- CVE-ID: CVE-2013-2652
=====================================

[ more ] [ reply ]

RPS/APS vulnerability in snom/yealink and others 2013-10-23
Cal Leeming \[Simplicity Media Ltd\] (cal leeming simplicitymedialtd co uk) (1 replies)

Hello,

Discovered a vulnerability that allows for hundreds of thousands of
SIP accounts to be compromised remotely.

Found a year ago, partial vendor fixes but still vuln as of today,
disclosed a few hours ago exclusively to the FreeSWITCH community -
23rd Oct 2013.

Live disclosure can be seen her

[ more ] [ reply ]

Re: RPS/APS vulnerability in snom/yealink and others 2013-10-24
Cal Leeming \[Simplicity Media Ltd\] (cal leeming simplicitymedialtd co uk)

ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability 2013-10-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-067: RSA® Authentication Agent for Web for Internet Information Services (IIS) Security Controls Bypass Vulnerability

EMC Identifier: ESA-2013-067

CVE Identifier: CVE-2013-3280

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:M

[ more ] [ reply ]

Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability 2013-10-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products 2013-10-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Identity Services Engine 2013-10-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cross-Site Scripting (XSS) in GuppY 2013-10-23
High-Tech Bridge Security Research (advisory htbridge com)

Advisory ID: HTB23176
Product: GuppY
Vendor: GuppY
Vulnerable Version(s): 4.6.26 and probably prior
Tested Version: 4.6.26
Advisory Publication: October 2, 2013 [without technical details]
Vendor Notification: October 2, 2013
Vendor Patch: October 12, 2013
Public Disclosure: October 23, 2013
Vu

[ more ] [ reply ]