SecurityFocus

[security bulletin] HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code 2015-03-24
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04583185

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04583185
Version: 2

HPSBHF03279 re

[ more ] [ reply ]

[security bulletin] HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access 2015-03-24
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04604357

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04604357
Version: 1

HPSBGN03299 re

[ more ] [ reply ]

Hacky Easter 2015 2015-03-24
Ivan Buetler (ivan buetler csnc ch)

Dear list

I would like to make you aware of a free hacking game (Hacky Easter)
Find and get 27 eggs
http://hackyeaster.hacking-lab.com/hackyeaster/
Enjoy
Ivan
0? *?H?÷
?0?10
`?He0? *?H?÷
?#0?½0?¥ OÔ/T»/K0
*?H?÷
0G10 UCH10U
SwissSign AG1!0US

[ more ] [ reply ]

[security bulletin] HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Code Execution 2015-03-23
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04599191

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04599191
Version: 1

HPSBST03196 re

[ more ] [ reply ]

ESA-2015-044: EMC Documentum xMS Sensitive Information Disclosure Vulnerability 2015-03-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-044: EMC Documentum xMS Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2015-044

CVE Identifier: CVE-2015-0527

Severity Rating: CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

? EMC

[ more ] [ reply ]

DokuWiki persistent Cross Site Scripting 2015-03-23
Filippo Cavallarin (filippo cavallarin segment technology)

Advisory ID: SGMA15-001
Title: DokuWiki persistent Cross Site Scripting
Product: DokuWiki
Version: 2014-09-29c and probably prior
Vendor: www.dokuwiki.org
Vulnerability type: Persistent XSS
Risk level: Medium
Credit: Filippo Cavallarin - segment.technology
CVE: N/A
Vendor notification: 2015-03-18
Ve

[ more ] [ reply ]

[SECURITY] [DSA 3203-1] tor security update 2015-03-22
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3203-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
March 22, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3201-1] iceweasel security update 2015-03-22
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3201-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 22, 2015

[ more ] [ reply ]

Stored XSS Vulnerability In Manage Engine Device Expert 2015-03-21
kingkaustubh me com

========================================================================
=======
Stored XSS Vulnerability In Manage Engine Device Expert
========================================================================
=======

. contents:: Table Of Content

Overview
========

* Title :Stored XSS Vulnerability

[ more ] [ reply ]

CSRF to add admin user Vulnerability In Manage Engine Device Expert 2015-03-21
kingkaustubh me com

========================================================================
=======
CSRF to add admin user Vulnerability In Manage Engine Device Expert
========================================================================
=======

. contents:: Table Of Content

Overview
========

* Title : CSRF to add

[ more ] [ reply ]

Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration 2015-03-21
kingkaustubh me com

Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

About the Product:
==

[ more ] [ reply ]

[SECURITY] [DSA 3202-1] mono security update 2015-03-22
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3202-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
March 22, 2015

[ more ] [ reply ]

Reflected XSS Vulnerability in XSS In Manage Engine Device Expert 2015-03-21
kingkaustubh me com

========================================================================
=======
Reflected XSS Vulnerability in XSS In Manage Engine Device Expert
========================================================================
=======

. contents:: Table Of Content

Overview
========

* Title :Reflected XSS

[ more ] [ reply ]

CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin 2015-03-21
kingkaustubh me com

========================================================================
=======
CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin
========================================================================
=======

. contents:: Table Of Content

Overview
========

* Title

[ more ] [ reply ]

[SECURITY] [DSA 3200-1] drupal7 security update 2015-03-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3200-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2015

[ more ] [ reply ]

Viber for Android exposes insecure Javascript interface 2015-03-20
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Viber for Android exposes insecure Javascript interface
------------------------------------------------------------------------

Yorick Koster, April 2014

-----------------------------------------------------------------------

[ more ] [ reply ]

[SECURITY] [DSA 3199-1] xerces-c security update 2015-03-20
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3199-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 20, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3198-1] php5 security update 2015-03-20
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3198-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2015

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-15:06.openssl [REVISED] 2015-03-20
FreeBSD Security Advisories (security-advisories freebsd org)

APPLE-SA-2015-03-19-1 Security Update 2015-003 2015-03-19
Apple Product Security (product-security-noreply lists apple com)

Xerces-C Security Advisory [CVE-2015-0252] 2015-03-19
Cantor, Scott (cantor 2 osu edu)

cve-assign delays 2015-03-19
Steven M. Christey (coley mitre org)

We recognize that some requesters have experienced delays, and
sometimes lengthy delays, in getting CVE IDs assigned. We apologize
for those delays.

The number of cve-assign requests has been growing dramatically, as
has the number of unique and new requesters. Our goal is always to
provide reason

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-15:06.openssl 2015-03-19
FreeBSD Security Advisories (security-advisories freebsd org)

Google Analytics by Yoast stored XSS 2015-03-19
Jouko Pynnonen (jouko iki fi)

OVERVIEW
==========

Google Analytics by Yoast is a WordPress plug-in for monitoring
website traffic. With approximately seven million downloads itâ??s one
of the most popular WordPress plug-ins.

A security vulnerability in the plug-in allows an unauthenticated
attacker to store arbitrary HTML, inc

[ more ] [ reply ]

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page 2015-03-19
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Command injection vulnerability in Citrix NITRO SDK xen_hotfix page
------------------------------------------------------------------------

Han Sahin, August 2014

--------------------------------------------------------------

[ more ] [ reply ]

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting 2015-03-19
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting
------------------------------------------------------------------------

Han Sahin, August 2014

-----------------------------------------------------------

[ more ] [ reply ]

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting 2015-03-19
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting
------------------------------------------------------------------------

Han Sahin, August 2014

-----------------------------------------------------------

[ more ] [ reply ]

Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users 2015-03-19
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

Advent JMX Servlet of Citrx Command Center is accessible to
unauthenticated users
------------------------------------------------------------------------

Han Sahin, August 2014

------------------------------------------------

[ more ] [ reply ]

[SECURITY] [DSA 3197-1] openssl security update 2015-03-19
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3197-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2015

[ more ] [ reply ]

EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection 2015-03-18
Securify B.V. (lists securify nl)

------------------------------------------------------------------------

EMC Secure Remote Services Virtual Edition Provisioning component is
affected by SQL injection
------------------------------------------------------------------------

Han Sahin, November 2014

---------------------------------

[ more ] [ reply ]