SecurityFocus

Open-Xchange Security Advisory 2015-04-27 2015-04-27
Martin Heiland (martin heiland lists open-xchange com)

Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 35982 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.6.1
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.1-rev2

[ more ] [ reply ]

[ MDVSA-2015:211 ] glusterfs 2015-04-27
security mandriva com

[ MDVSA-2015:210 ] qemu 2015-04-27
security mandriva com

Elasticsearch vulnerability CVE-2015-3337 2015-04-27
Kevin Kluge (kevin elastic co)

Summary:
All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed

[ more ] [ reply ]

[ MDVSA-2015:209 ] php 2015-04-27
security mandriva com

[ MDVSA-2015:208 ] setup 2015-04-27
security mandriva com

[ MDVSA-2015:207 ] perl-Module-Signature 2015-04-27
security mandriva com

[ MDVSA-2015:206 ] asterisk 2015-04-27
security mandriva com

[ MDVSA-2015:205 ] tor 2015-04-27
security mandriva com

[ MDVSA-2015:204 ] librsync 2015-04-27
security mandriva com

[SECURITY] [DSA 3238-1] chromium-browser security update 2015-04-27
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3238-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Michael Gilbert
April 26, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3237-1] linux security update 2015-04-26
Ben Hutchings (benh debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3237-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Ben Hutchings
April 26, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3236-1] libreoffice security update 2015-04-25
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3236-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 25, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3235-1] openjdk-7 security update 2015-04-24
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3235-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3234-1] openjdk-6 security update 2015-04-24
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3234-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2015

[ more ] [ reply ]

[security bulletin] HPSBHF03272 rev.1 - HP Servers with NVidia GPU Computing Driver running Windows Server 2008, Elevation of Privilege 2015-04-24
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04579346

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04579346
Version: 1

HPSBHF03272 re

[ more ] [ reply ]

[security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure 2015-04-24
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04633710

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04633710
Version: 1

HPSBPI03315 re

[ more ] [ reply ]

WordPress 4.2 stored XSS 2015-04-27
Jouko Pynnonen (jouko iki fi)

OVERVIEW
==========

Current versions of WordPress are vulnerable to a stored XSS. An
unauthenticated attacker can inject JavaScript in WordPress comments.
The script is triggered when the comment is viewed.

If triggered by a logged-in administrator, under default settings the
attacker can leverage

[ more ] [ reply ]

[SECURITY] [DSA 3233-1] wpa security update 2015-04-24
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3233-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
April 24, 2015

[ more ] [ reply ]

4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes - Advanced Information Security Corporation 2015-04-24
Nicholas Lemonias. (lem nikolas googlemail com)

Author: Nicholas Lemonias

Advisory Date: 23/4/2015

4k Satellite Security Research - DVB-S2X Standard Evaluation Notes
# . . . . . . .
# . . . . . ______
# . . .

[ more ] [ reply ]

Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit 2015-04-24
ZoRLu Bugrahan (zorlu milw00rm com)

Hi guys,

#ref: http://www.milw00rm.com/exploits/5179

#!/usr/bin/perl -w
#Title : Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit
#Vendor : http://www.encaps.net
#Download : http://sourceforge.net/projects/encapsnet/files/
#Author : ZoRLu / zorlu (at) milw00rm (dot) com [email concealed]
#Website : milw0

[ more ] [ reply ]

Incorrect handling of self signed certificates in OpenFire XMPP Server 2015-04-24
Simon Waters (simon waters surevine com)

Incorrect handling of self signed certificates in OpenFire XMPP Server

Affected software: OpenFire XMPP server
Affected versions: 3.9.3 and earlier
Vulnerabilities addressed: CVE-2014-3451, CVE-2015-2080

Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache Lice

[ more ] [ reply ]

SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=- 2015-04-24
lem nikolas gmail com

#!/bin/bash
#
################################################
# -=[Advanced Information Security Corp]=- ##
################################################
# Keeping things simple!
#
#
# An adjacent SSH Network Security Assessment utility - Zeppelin v1
#
# This is proprietary sou

[ more ] [ reply ]

Zeppelin - SSH script - Advanced Information Security Corporation 2015-04-24
lem nikolas gmail com

#!/bin/bash
################################################
# -=[Advanced Information Security Corp]=- ##
################################################
# Keeping things simple!

# list of usernames in username.lst
# list of passwords in wordlist.lst
# list of ports to scan in portnumber.txt

[ more ] [ reply ]

4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes 2015-04-23
Nicholas Lemonias. (lem nikolas googlemail com)

Author: Nicholas Lemonias

Advisory Date: 23/4/2015

4k Satellite Security Research - DVB-S2X Standard Evaluation Notes

# . . . . . . .
# . . . . . ______
# . . .

[ more ] [ reply ]

Avsarsoft Matbaa Script - Multiple Vulnerabilities 2015-04-23
ZoRLu Bugrahan (zorlu milw00rm com)

Hi guys,

Avsarsoft Matbaa Script - Multiple Vulnerabilities

Thanks,

ZoRLu#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities

#Author : ZoRLu / zorlu (at) milw00rm (dot) com [email concealed]

#Website : milw00rm.com / milw00rm.net / milw00rm.org

#Twitter : https://twitter.com/milw00rm or @milw00rm

#Test : Windo

[ more ] [ reply ]

Pligg CMS 2.0.2 - Stored XSS 2015-04-23
joelvarghese7 gmail com

Hi Team,

#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php

Description: Pligg CMS is a content man

[ more ] [ reply ]

[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow 2015-04-23
xing_fang vulnhunt com

1. Advisory Information
Advisory URL: http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
Date published: 2015-04-23
Date of last update: 2015-04-23
2. Vulnerability Information
Class: heap overflow
Impact: memory information leak and remote code execution
Remote Exploitable: Yes
Loca

[ more ] [ reply ]

Socrata Bug Bounty #1 - Persistent Encoding Vulnerability 2015-04-23
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1438

Release Date:
=============
2015-04-22

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ] [ reply ]

Dnsmasq 2.72 Unchecked returned value 2015-04-23
Nick Sampanis (n sampanis obrela com)

"Dnsmasq 2.72 Unchecked returned value"

Description
------------------------------------------------------------
Dnsmasq does not properly check the return value of the setup_reply()
function called during a tcp connection (by the tcp_request() function).
This return value is then used as a size ar

[ more ] [ reply ]