SecurityFocus

[SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting 2013-10-22
advisories enkomio com

[SOJOBO-ADV-13-02] - MODx 2.2.10 Reflected Cross Site Scripting

I. * Information *
==================
Name : MODx 2.2.10 Reflected Cross Site Scripting
Software : MODx 2.2.10 and possibly below.
Vendor Homepage : http://modx.com/
Vulnerability Type : Reflected Cross-Site Scripting
Severity : Low (2

[ more ] [ reply ]

[CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root 2013-10-22
Craig Young (vuln-report secur3 us)

NETGEAR ReadyNAS with firmware 4.2.x before 4.2.24 and 4.1.x before
4.1.12 is prone to command injection from an unauthenticated HTTP GET
request. This vulnerability can lead to complete root access as
outlined on the Tripwire blog:
http://www.tripwire.com/state-of-security/vulnerability-management

[ more ] [ reply ]

[CVE-2013-4295] Apache Shindig information disclosure vulnerability 2013-10-22
Ryan Baxter (rbaxter85 apache org)

CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 (PHP)

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Shindig PHP 2.5.0

Description: The gadget renderer in the PHP version of Apache Shindig
is subject to an XML External Entity (XXE) Injection attack.

[ more ] [ reply ]

[CVE-2013-5702] Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 2013-10-21
Julien Ahrens (info rcesecurity com)

Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site
Scripting Vulnerabilities

RCE Security Advisory
http://www.rcesecurity.com

1. ADVISORY INFORMATION
-----------------------
Product: Watchguard Server Center
Vendor URL: www.watchguard.com
Type: Cross-Site Scr

[ more ] [ reply ]

[SECURITY] [DSA 2783-1] librack-ruby security update 2013-10-21
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2783-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
October 21, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2782-1] polarssl security update 2013-10-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2782-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 20, 2013

[ more ] [ reply ]

glibc 2.5 <= reloc types to crash bug 2013-10-20
geinblues gmail com

+---------------------------------------------------------+
| XADV-2013002 glibc 2.5 <= reloc types to crash bug |
+---------------------------------------------------------+

Vulnerable versions:
- glibc 2.5 <=
Not vulnerable versions:
- glibc 2.6 >=
Testbed: linux distro
Type: Local
I

[ more ] [ reply ]

[Article] Linux Kernel Patches For Linux Kernel Security 2013-10-20
geinblues gmail com

Linux Kernel Patches For Linux Kernel Security

___ ___
/ _ \ / _ \
__ __| (_) || | | | ___
\ \/ / \__. || | | | / __|
>

[ more ] [ reply ]

Defense in depth -- the Microsoft way (part 12): NOOP security fixes 2013-10-19
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

with <http://technet.microsoft.com/security/bulletin/ms12-034>
Microsoft addressed CVE-2012-0181 for Windows NT 5.x; see
<https://support.microsoft.com/kb/2686509> for details.

BUT: the hotfix KB2686509 does NOT fix anything!

Instead it just checks ONCE(!) whether all the "keyboard layout

[ more ] [ reply ]

Wordpress videowall Plugin Xss vulnerabilities 2013-10-19
iedb team gmail com

The Wordpress videowall Plugin suffers from a Cross-Site Scripting Vulnerability

#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ] [ reply ]

[slackware-security] hplip (SSA:2013-291-01) 2013-10-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] hplip (SSA:2013-291-01)

New hplip packages are available for Slackware 13.1, 13.37, 14.0, and -current to
fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/package

[ more ] [ reply ]

[slackware-security] libtiff (SSA:2013-290-01) 2013-10-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libtiff (SSA:2013-290-01)

New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,
14.0, and -current to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+---------------------

[ more ] [ reply ]

[SECURITY] [DSA 2781-1] python-crypto security update 2013-10-18
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2781-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
October 18, 2013

[ more ] [ reply ]

OWASP Vulnerable Web Applications Directory Project 2013-10-18
psiinon (psiinon gmail com)

The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice t

[ more ] [ reply ]

[SECURITY] [DSA 2780-1] mysql-5.1 security update 2013-10-18
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2780-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
October 18, 2013

[ more ] [ reply ]

[ MDVSA-2013:256 ] apache-mod_fcgid 2013-10-18
security mandriva com

[ MDVSA-2013:255 ] clutter 2013-10-18
security mandriva com

[ MDVSA-2013:254 ] quagga 2013-10-18
security mandriva com

[ MDVSA-2013:252 ] torque 2013-10-18
security mandriva com

[ MDVSA-2013:251 ] aircrack-ng 2013-10-18
security mandriva com

[ MDVSA-2013:253 ] libtar 2013-10-18
security mandriva com

NEW VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities 2013-10-18
\VMware Security Response Center\ (security vmware com)

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities 2013-10-18
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1117

Release Date:
=============
2013-10-18

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ] [ reply ]

[ANN] Struts 2.3.15.3 GA release available - security fix 2013-10-17
Lukasz Lenart (lukaszlenart apache org)

The Apache Struts group is pleased to announce that Struts 2.3.15.3 is
available as a "General Availability" release.The GA designation is
our highest quality grade.

Apache Struts 2 is an elegant, extensible framework for creating
enterprise-ready Java web applications. The framework is designed to

[ more ] [ reply ]

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2013-10-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20131009-asa

Revision 2.0

Last Updated 2013 October 17 16:00 UTC (GMT)

For Public Release 2013 October 9 16:00 UTC (GMT)

Summary
=======

Cisco Adapt

[ more ] [ reply ]

[ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn 2013-10-17
ISecAuditors Security Advisories (advisories isecauditors com)

=============================================
INTERNET SECURITY AUDITORS ALERT 2013-016
- Original release date: June 8th, 2013
- Last revised: July 11th, 2013
- Discovered by: Eduardo Garcia Melia
- Severity: 4.3/10 (CVSSv2 Base Score)
=============================================

I. VULNERABILITY

[ more ] [ reply ]

PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability 2013-10-17
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=846

PayPal Security UID: bzbe1he

Release Date:
=============
2013-10-16

Vulnerability Laboratory ID

[ more ] [ reply ]

Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability 2013-10-17
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1111

Release Date:
=============
2013-10-16

Vulnerability Laboratory ID (VL-ID):
============================

[ more ] [ reply ]

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities 2013-10-17
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1114

Release Date:
=============
2013-10-16

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ] [ reply ]

Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11 2013-10-17
LpSolit gmail com

Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* A CSRF vulnerability in process_bug.cgi affecting Bugzilla 4.4 only
can lead to a bug being edited without the user consent.

[ more ] [ reply ]