|
|
Colapse all |
Post message
[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine 2015-05-15 Security Explorations (contact security-explorations com) phpMyAdmin 4.4.6 Man-In-the-Middle API Github 2015-05-14 submit cxsec org phpMyAdmin 4.4.6 Man-In-the-Middle to API Github (CVE-2015-3903) Author: Maksymilian Arciemowicz from https://cxsecurity.com Issue type: CWE-295 Source URL: http://cxsecurity.com/issue/WLB-2015050095 --- Description --- As we can read CURLOPT_SSL_VERIFYPEER option. http://curl.haxx.se/libcurl/c/C [ more ] [ reply ] [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass 2015-05-14 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-7810 Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.15 - - Apache Tomcat 7.0.0 to 7.0.57 - - Apache Tomcat 6.0.0 to 6.0.43 Description: Malicious web [ more ] [ reply ] SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2) 2015-05-14 SEC Consult Vulnerability Lab (research sec-consult com) Sidu 5.2 Admin XSS Vulnerability 2015-05-14 apparitionsec gmail com Affected Vendor: www.topnew.net/sidu/ Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-SIDU0513.txt Product: Sidu version 5.2 is a web based database front-end administration tool. Advisory Information: ================== [ more ] [ reply ] Certificate trust vulnerability in Websense Content Gateway 2015-05-14 Steve Shockley (steve shockley shockley net) SUMMARY Websense Content Gateway proxy explicitly trusts compromised certificate authorities Affected versions: Content Gateway 7.8.x Not affected: Content Gateway 7.7.x, 8.0 DESCRIPTION Websense Content Gateway is a filtering web proxy and content inspection application based on a modified Inkt [ more ] [ reply ] Server buffer overflow in Pure Faction <= 3.0c 2015-05-13 soulsgetnothing hotmail comtyg* Application: Pure Faction http://www.purefaction.org Versions: <= 3.0c Platforms: Windows Bug: server buffer overflow Risk: highly critical Exploitation: remote and automatic (requires attacker to have joined server) Date: 13 Mar 2015 Author: soulsgetnothing e-mail: soulsgetnothing (at) hotmail (dot [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software 2015-05-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Advisory ID: cisco-sa-20150513-tc Revision 1.0 For Public Release 2015 May 13 16:00 UTC (GMT) +------------------------------------------------------------ [ more ] [ reply ] [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities 2015-05-13 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple- vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release [ more ] [ reply ] Web India Solutions CMS 2015 - SQL Injection Vulnerability 2015-05-13 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Web India Solutions CMS 2015 - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1495 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250 2015-05-13 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in Concrete5 Affected Software : Concrete5 Affected Versions: 5.7.3.1 and possibly below Vendor Homepage : https://www.concrete5.org Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID: CVE- [ more ] [ reply ] Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products 2015-05-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products Advisory ID: cisco-sa-20150513-tp Revision 1.0 For Public Release 2015 May 13 16:00 UTC (GMT) +----------------------------------------------------- [ more ] [ reply ] SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server 2015-05-13 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] mozilla-firefox (SSA:2015-132-04) 2015-05-13 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-132-04) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information 2015-05-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04674742 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04674742 Version: 1 HPSBMU03330 r [ more ] [ reply ] [slackware-security] mysql (SSA:2015-132-02) 2015-05-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mysql (SSA:2015-132-02) New mysql packages are available for Slackware 14.0 to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/mysql-5.5.43-i486-1_slack [ more ] [ reply ] [slackware-security] wpa_supplicant (SSA:2015-132-03) 2015-05-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] wpa_supplicant (SSA:2015-132-03) New wpa_supplicant packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patc [ more ] [ reply ] [slackware-security] mariadb (SSA:2015-132-01) 2015-05-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2015-132-01) New mariadb packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mariadb- [ more ] [ reply ] [SECURITY] [DSA 3257-1] mercurial security update 2015-05-11 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS) 2015-05-11 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657823 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04657823 Version: 1 HPSBGN03329 re [ more ] [ reply ] [oCERT-2015-006] dcraw input sanitization errors 2015-05-11 Andrea Barisani (lcars ocert org) #2015-006 dcraw input sanitization errors Description: The dcraw photo decoder is an open source project for raw image parsing. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability conce [ more ] [ reply ] [SECURITY] [DSA 3256-1] libtasn1-6 security update 2015-05-10 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3254-1] suricata security update 2015-05-09 Salvatore Bonaccorso (carnil debian org) Sqlbuddy Path Traversal Vulnerability 2015-05-09 hyp3rlinx altervista org Exploit Author: John Page (hyp3rlinx) Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can [ more ] [ reply ] Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability 2015-05-09 apparitionsec gmail com Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability. Vendor: http://www.sqlbuddy.com Release Date: ============= 05-08-2015 Source: ==================================== http://hyp3rlinx.altervista.org/advisories/AS-SQLBUDDY0508.txt Product: =============================== sqlbuddy v [ more ] [ reply ] [security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure 2015-05-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657310 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04657310 Version: 1 HPSBGN03328 re [ more ] [ reply ] |
|
Privacy Statement |
Hello All,
Security Explorations decided to release technical details as well as
accompanying Proof of Concept codes (three complete GAE Java sandbox
escapes) for security issues identified in Google App Engine for Java
after initial Issues 1-31 [1] have been addressed by the company. All
relevant
[ more ] [ reply ]