BugTraq Mode:
(Page 254 of 1747)  < Prev  249 250 251 252 253 254 255 256 257 258 259  Next >
SEC Consult SA-20131003-0 :: Denial of service vulnerability in Citrix NetScaler 2013-10-03
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20131003-0 >
=======================================================================
title: nsconfigd NSRPC_REMOTECMD Denial of service vulnerability
product: Citrix NetScaler
vulnerable version: NetScaler 10.0 (Build <76.7

[ more ]  [ reply ]
Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability

Date:
=====
2013-09-25

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1087

Video: http://www.youtube.com/watch?v=7acWAEZpbgs

VL-ID:
=====
1087

Common Vulnerability Scoring System:
==========

[ more ]  [ reply ]
WebAssist PowerCMS PHP - Multiple Web Vulnerabilities 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
WebAssist PowerCMS PHP - Multiple Web Vulnerabilities

Date:
=====
2013-09-28

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1098

VL-ID:
=====
1098

Common Vulnerability Scoring System:
====================================
4

Introduction:
==========

[ more ]  [ reply ]
elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities

Date:
=====
2013-09-24

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1086

VL-ID:
=====
1086

Common Vulnerability Scoring System:
====================================
6.7

Introduction:
====

[ more ]  [ reply ]
SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
SilverStripe Framework CMS 3.0.5 - Multiple Vulnerabilities

Date:
=====
2013-09-23

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1084

VL-ID:
=====
1084

Common Vulnerability Scoring System:
====================================
3.9

Introduction:
==

[ more ]  [ reply ]
Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities

Date:
=====
2013-09-22

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1083

VL-ID:
=====
1083

Common Vulnerability Scoring System:
====================================
6.7

Introduction:
====

[ more ]  [ reply ]
Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability

Date:
=====
2013-09-24

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1085

VL-ID:
=====
1085

Common Vulnerability Scoring System:
====================================
6.1

Intr

[ more ]  [ reply ]
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability 2013-10-03
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability

Date:
=====
2013-09-20

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=984

PayPal Security UID: nj1071UU

VL-ID:
=====
984

Common Vulnerability Scoring System:
=====================

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software Memory Exhaustion Vulnerability 2013-10-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco IOS XR Software Memory Exhaustion Vulnerability

Advisory ID: cisco-sa-20131002-iosxr

Revision 1.0

For Public Release 2013 October 2 16:00 UTC (GMT)

+------------------------------------------------------------------

[ more ]  [ reply ]
RootedCON 2014 - Call For Papers 2013-10-02
Javier Olascoaga (deese spezialk net)
Link:https://www.rootedcon.es/cfp2014-en/cfp2014_en.txt
______ _ _ ____ __ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ / | |_) / _ \ / _ \| __/ _ \/ _ ` | | | | | | \| |
/ / | _ < (_) | (_) | | | __/

[ more ]  [ reply ]
All in One SEO Pack Plugin for WordPress 1.3.6.4 - 2.0.3 XSS 2013-10-02
Charlie Briggs (charlie cysha co uk)
------------------------------------------------------------------------

Vendor: Semper Fi Web Design (http://semperfiwebdesign.com/)

Software: All in One SEO Pack

Developer: Michael Torbert (http://michaeltorbert.com/)

Product URL: http://wordpress.org/plugins/all-in-one-seo-pack/

Changelog: h

[ more ]  [ reply ]
Multiple Vulnerabilities in Gnew 2013-10-02
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23171
Product: Gnew
Vendor: Raoul Proença
Vulnerable Version(s): 2013.1 and probably prior
Tested Version: 2013.1
Advisory Publication: August 28, 2013 [without technical details]
Vendor Notification: August 28, 2013
Public Disclosure: October 2, 2013
Vulnerability Type: PHP Fil

[ more ]  [ reply ]
Remote Code Execution in GLPI 2013-10-02
High-Tech Bridge Security Research (advisory htbridge com)
Advisory ID: HTB23173
Product: GLPI
Vendor: INDEPNET
Vulnerable Version(s): 0.84.1 and probably prior
Tested Version: 0.84.1
Advisory Publication: September 11, 2013 [without technical details]
Vendor Notification: September 11, 2013
Vendor Patch: September 12, 2013
Public Disclosure: October 2,

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies 2013-10-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in <http://seclists.org/fulldisclosure/2013/Sep/132> I showed a
elaborated way for privilege elevation using IExpress (and other
self-extracting) installers containing *.MSI or *.MSP which works
"in certain situations".

The same IExpress installer(s) but allow a TRIVIAL to exploit
privileg

[ more ]  [ reply ]
CORE-2013-0828 - PDFCool Studio Buffer Overflow Vulnerability 2013-10-01
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

PDFCool Studio Buffer Overflow Vulnerability

1. *Advisory Information*

Title: PDFCool Studio Buffer Overflow Vulnerability
Advisory ID: CORE-2013-0828
Advisory URL:
http://www.coresecurity.com/advisories/pdfcool-studio-buffer-ov

[ more ]  [ reply ]
CORE-2013-0904 - PinApp Mail-SeCure Access Control Failure 2013-10-01
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

PinApp Mail-SeCure Access Control Failure

1. *Advisory Information*

Title: PinApp Mail-SeCure Access Control Failure
Advisory ID: CORE-2013-0904
Advisory URL:
http://www.coresecurity.com/advisories/pinapp-mail-secure-access-cont

[ more ]  [ reply ]
iOS: List of available trusted root certificates 2013-09-30
Jeffrey Walton (noloader gmail com) (1 replies)
From "iOS: List of available trusted root certificates",
http://support.apple.com/kb/HT5012.

There's no reason to allow some of this to occur in 2013. As a
proxy-relying-party, Apple is responsible for this stuff because users
are not allowed to make the decisions or modify the Trust Store.

For re

[ more ]  [ reply ]
Re: iOS: List of available trusted root certificates 2013-10-01
Jason Hellenthal (jhellenthal dataix net)
CFP: WorldCIST'14 - World Conference on IST, at Madeira Island 2013-09-30
Maria Lemos (marialemos72 gmail com)
Apologies if you are receiving this mail more than once...

************************************************************************
**********
WorldCIST'14
The 2014 World Conference on Information Systems and Technologies
April 15 - 18, Madeira Island, P

[ more ]  [ reply ]
CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic. 2013-09-30
Dennis Jenkins (dennis jenkins 75 gmail com)
Details
===========================================================
Application: "HylaFAX+"
Version: 5.2.4 (April, 2008) through 5.5.3 (August 6, 2013)
Type: Daemon that manages a fax server via an FTP-like protocol.
Vendor / Maintainer: Lee Howard (faxguy _at_ howardsilvan.com)
Project Homepage: ht

[ more ]  [ reply ]
[ MDVSA-2013:244 ] davfs2 2013-09-30
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:244
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
Open-Xchange Security Advisory 2013-09-30 2013-09-30
Martin Braun (martin braun open-xchange com)
Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 28642 (Bug ID)
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)
Vulnerable version: prior to 7.2.2
Vulnerable component: backend
Fixed version: 7.0.2-rev16, 7.2.2-rev20
Report

[ more ]  [ reply ]
Firefox for Android - Same-origin bypass through symbolic links 2013-09-30
Takeshi Terada (mbsdtest01 gmail com)
CVE Number: CVE-2013-1727
Vender Identifier: MFSA 2013-84
Title: Firefox for Android - Same-origin bypass through
symbolic links
Affected Software: Prior to v24 (confirmed on v14)
Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc.
Issue Status: v

[ more ]  [ reply ]
[CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability 2013-09-29
guillaume binaryfactory ca
- Affected Vendor: http://metaclassy.com/
- Affected Software: Byword for iOS
- Affected Version: 2.x prior to 2.1
- Issue Type: Lack of validation/user confirmation leading to destruction of data
- Release Date: 29 Sept 2013
- Discovered by: Guillaume Ross
- CVE Identifier: CVE-2013-5725
- Issue S

[ more ]  [ reply ]
[SECURITY] [DSA 27671-1] proftpd-dfsg security update 2013-09-29
Nico Golde (nion debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2767-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
September 29, 2013

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2013-271-01) 2013-09-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2013-271-01)

New seamonkey packages are available for Slackware 14.0 and -current to
fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
Linux Kernel Patches For Linux Kernel Security 2013-09-28
geinblues gmail com
Hi forks!

I release an article for linux kernel security.
- http://www.x90c.org/articles/linux_kernel_patches.txt

x90c

[ more ]  [ reply ]
[IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert 2013-09-28
Alexandro Silva (alexos ibliss com br)
[ PHP IDNA Convert Cross-site scripting ( XSS ) ]

[ Vendor product description]

PHP Net_IDNA is a class to convert between the Punycode and Unicode
formats. Punycode is a standard described in RFC 3492 and part of IDNA
(Internationalizing Domain Names in Applications [RFC3490]) . This class
allows

[ more ]  [ reply ]
[ MDVSA-2013:243 ] polkit 2013-09-27
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:243
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 2766-1] linux-2.6 security update 2013-09-27
dann frazier (dannf debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
Debian Security Advisory DSA-2766-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Dann Frazier
September 27, 2013 ht

[ more ]  [ reply ]
(Page 254 of 1747)  < Prev  249 250 251 252 253 254 255 256 257 258 259  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus