|
|
Colapse all |
Post message
Arbitrary Variable Overwrite in eShop WordPress Plugin 2015-05-06 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23255 Product: eShop WordPress plugin Vendor: Rich Pedley Vulnerable Version(s): 6.3.11 and probably prior Tested Version: 6.3.11 Advisory Publication: April 15, 2015 [without technical details] Vendor Notification: April 15, 2015 Public Disclosure: May 6, 2015 Vulnerability Typ [ more ] [ reply ] [SECURITY] CVE-2014-0230: Apache Tomcat DoS 2015-05-05 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-0230 Denial of Service Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.43 Description: When a response for a req [ more ] [ reply ] F5 BIG-IQ Enumeration of users and Information Disclosure 2015-05-05 jplopezy gmail com Hi, I'm testing BIG-IQ v 0.0.7028,( no the last HF but i don't see the bug fix in the HF1) the new mngmt of F5 BIG-IP, i see that you are loggout and join to the next link LINK : (where $user is the user) https://127.0.0.1/mgmt/shared/authz/users/$user/ When i open this link and try some diff [ more ] [ reply ] Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability 2015-05-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1354 Security Bulletin FortiGuard: http://www.fortiguard.com/advisory/FG-IR-15-005/ [ more ] [ reply ] vPhoto-Album v4.2 iOS - File Include Web Vulnerability 2015-05-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== vPhoto-Album v4.2 iOS - File Include Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1477 Release Date: ============= 2015-05-05 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL 2015-05-05 Pedro Ribeiro (pedrib gmail com) tl;dr heap and integer overflows in ICU, many packages affected, unknown if these can be exploited or not - everyone names vulns nowadays, so I name these I-C-U-FAIL. Hi, I have found two vulnerabilities in the ICU library while fuzzing LibreOffice, full details in the advisory below. Disclosure o [ more ] [ reply ] European Cyber Security Challenge 2015 2015-05-04 Ivan Buetler (ivan buetler csnc ch) Hi Bugtraq, The European Cyber Security Challenge 2015 started today. This security competition among six European countries (Germany, Austria, UK, Switzerland, Romania, Spain), supported by ENISA and run by Hacking-Lab started today. Europe is seeking for young cyber talents between 14-20 years (j [ more ] [ reply ] ESA-2015-084: EMC AutoStart Packet Injection Vulnerability 2015-05-04 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-084: EMC AutoStart Packet Injection Vulnerability EMC Identifier: ESA-2015-084 CVE Identifier: CVE-2015-0538 Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Affected products: ? EMC AutoStart versions 5.4. [ more ] [ reply ] ESA-2015-077: EMC SourceOne Email Management Account Lockout 2015-05-04 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-077: EMC SourceOne Email Management Account Lockout Policy Vulnerability EMC Identifier: ESA-2015-077 CVE Identifier: CVE-2015-0531 Severity Rating: Medium CVSS v2 Base Score: 5.4 (AV:N/AC:H/Au:N/C:C/I:N/A:N) Affected products: [ more ] [ reply ] HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1389 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID (VL-ID): =================== [ more ] [ reply ] Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1419 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID (VL-ID): =================== [ more ] [ reply ] Grindr v2.1.1 iOS - (eMail) Session Vulnerability 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Grindr v2.1.1 iOS - (eMail) Session Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1426 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID (VL-ID): ============= [ more ] [ reply ] PhotoWebsite v3.1 iOS - File Include Web Vulnerability 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PhotoWebsite v3.1 iOS - File Include Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1474 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability 2015-05-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1464 Release Date: ============= 2015-04-24 Vulnerability Laboratory ID (VL-ID): ===================== [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:229
http://www.mandriva.com/en/support/security/
___________________________________________________________
[ more ] [ reply ]