|
|
Colapse all |
Post message
Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c 2015-04-15 Nicholas Lemonias. (lem nikolas googlemail com) Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability 2015-04-15 Secunia Research (remove-vuln secunia com) Wordpress WP Statistics persistent cross site scripting 2015-04-15 kingkaustubh me com =========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== * Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin [ more ] [ reply ] several issues in SQLite (+ catching up on several other bugs) 2015-04-14 Michal Zalewski (lcamtuf coredump cx) SQLite is probably the most popular embedded database in use today; it is also known for being very well-tested and robust. Because of its versatility, SQLite sometimes finds use as the mechanism behind SQL-style query APIs that are exposed between privileged execution contexts and less-trusted cod [ more ] [ reply ] whitepaper: Identifier based XSSI attacks 2015-04-14 Takeshi Terada (mbsdtest01 gmail com) Hello list members, We released a new technical whitepaper titled: "Identifier based XSSI attacks" CVE numbers: CVE-2014-6345, CVE-2014-7939 URL: http://www.mbsd.jp/Whitepaper/xssi.pdf Introduction: ------------------------------- Cross Site Script Inclusion (XSSI) is an attack technique (or a v [ more ] [ reply ] [SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass 2015-04-14 matthias deeg syss de [SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass 2015-04-14 matthias deeg syss de Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c 2015-04-14 lem nikolas gmail com -=[Advanced Information Security Corporation]=- Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference Author: Nicholas Lemonias Advisory Date: 14/4/2015 Email: lem.nikolas (at) gmail (dot) com Introduction ========== During a source-code audit of the Apache HTTPD 2.2.29 [ more ] [ reply ] Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c 2015-04-14 Nicholas Lemonias. (lem nikolas googlemail com) -=[Advanced Information Security Corporation]=- Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference Author: Nicholas Lemonias Advisory Date: 14/4/2015 Email: lem.nikolas (at) gmail (dot) com Introduction ========== During a source-code audit of the Apache HTTPD 2.2.29 [ more ] [ reply ] [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document 2015-04-13 Daniel Regalado (daniel regalado FireEye com) Product: Hancom Office Hwp 2014 Vendor: Hancom - www.hancom.com Versions Affected (32 bits only): HanWord Viewer 2007 (Korean) HanWord Viewer 2010 8.5.6.1158 (English) HwpViewer 2014 VP- 9.1.0.2186 (English) Hwp 2014 VP - 9.0.0.1405 (English/Korean) Version Not vulnerable: Hwp 2014 VP - 9.1.0.234 [ more ] [ reply ] [security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities 2015-04-13 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04635715 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04635715 Version: 1 HPSBOV03318 re [ more ] [ reply ] [security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code 2015-04-13 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04629160 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04629160 Version: 2 HPSBHF03310 re [ more ] [ reply ] Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp 2015-04-13 lem nikolas gmail com -=[Advanced Information Security Corp]=- Author: Nicholas Lemonias Advisory Date: 13/4/2015 Email: lem.nikolas (at) gmail (dot) com Introduction ========== During a source-code audit of the Apache HTTPD 2.2.29 release implementation for linux; conducted internally by the Advanced Information Secur [ more ] [ reply ] Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp 2015-04-13 Nicholas Lemonias. (lem nikolas googlemail com) -=[Advanced Information Security Corp]=- Author: Nicholas Lemonias Advisory Date: 13/4/2015 Email: lem.nikolas (at) gmail (dot) com Introduction ========== During a source-code audit of the Apache HTTPD 2.2.29 release implementation for linux; conducted internally by the Advanced Information Secur [ more ] [ reply ] [SECURITY] [DSA 3221-1] das-watchdog security update 2015-04-12 Salvatore Bonaccorso (carnil debian org) Safari iOS/OS X/Windows cookie access vulnerability 2015-04-12 Jouko Pynnonen (jouko iki fi) OVERVIEW ========== The 4/8/2015 security updates from Apple included a patch for a Safari cross-domain vulnerability. An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any we [ more ] [ reply ] [SECURITY] [DSA 3220-1] libtasn1-3 security update 2015-04-11 Salvatore Bonaccorso (carnil debian org) Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability] 2015-04-11 huehuehuehue10 gmail com Title: Hijack any website from weebly.com by just adding an administrator to their website. [Insecure Direct Object Reference Vulnerability] ===== Weebly is a web-hosting service that allows the user to ?drag-and-drop? while using their website builder. As of August 2012, Weebly hosts over 20 mill [ more ] [ reply ] [SECURITY] [DSA 3219-1] libdbd-firebird-perl security update 2015-04-11 Alessandro Ghedini (ghedo debian org) OrangeHRM Blind SQL Injection & XSS Vulnerabilities 2015-04-11 Rehan Ahmed (knight_rehan hotmail com) I. Overview ======================================================== OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database m [ more ] [ reply ] [security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information 2015-04-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04634535 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04634535 Version: 1 HPSBGN03316 re [ more ] [ reply ] Hidden backdoor API to root privileges in Apple OS X 2015-04-10 Jeffrey Walton (noloader gmail com) https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root- privileges-in-apple-os-x/ The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. Itâ??s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to esc [ more ] [ reply ] SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035) 2015-04-10 SEC Consult Vulnerability Lab (research sec-consult com) |
|
Privacy Statement |
Advisory for Apache Http Server 2.2.29 / 2.4.12 NULL Pointer Dereference
Author: Nicholas Lemonias
Advisory Date: 14/4/2015
Email: lem.nikolas (at) gmail (dot) com
Introduction
==========
During a source-code audit of the Apache HTTPD 2.2.2
[ more ] [ reply ]