|
|
Colapse all |
Post message
[SE-2014-02] Google App Engine Java security sandbox bypasses (details) 2015-03-16 Security Explorations (contact security-explorations com) Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions 2015-03-15 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since Microsoft won't -- despite (hopefully not only) my constant nagging and quite some bug reports about unquoted command lines for more than a dozen years now -- fix the BRAINDEAD behaviour of Windows' CreateProcess*() functions to play try&error instead of returning on error to their ca [ more ] [ reply ] Defense in depth -- the Mozilla way: return and exit codes are dispensable 2015-03-15 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, since some time Mozilla Firefox and Thunderbird for Windows come with a "maintenance service" (running privileged under the SYSTEM account): <https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service> The maintenanceservice_installer.exe (which is extracted into the resp. inst [ more ] [ reply ] Serendipity CMS - XSS Vulnerability in Version 2.0 2015-03-13 edric smarterbitbybit com Serendipity CMS - XSS Vulnerability in Version 2.0 ---------------------------------------------------------------- Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: http://www.s9y.org/12.html De [ more ] [ reply ] Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities 2015-03-12 Rehan Ahmed (knight_rehan hotmail com) Product: OpenCms Vendor: Alkacon Software Vulnerable Version(s): 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/opencms-core/issues/304) Vendor Patch: Not Yet (No Specific Time-line) Public Disclosure: Mar 12, 2015 Vulnerability Type: Cro [ more ] [ reply ] [security bulletin] HPSBMU03262 rev.1 - HP Version Control Agent running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04571956 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04571956 Version: 1 HPSBMU03262 r [ more ] [ reply ] [security bulletin] HPSBMU03283 rev.1 - HP Virtual Connect Enterprise Manager SDK running OpenSSL on Windows, Remote Disclosure of Information, Denial of Service (DoS) 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04587108 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04587108 Version: 1 HPSBMU03283 r [ more ] [ reply ] [security bulletin] HPSBMU03259 rev.1 - HP Version Control Repository Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04570627 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04570627 Version: 1 HPSBMU03259 r [ more ] [ reply ] [security bulletin] HPSBMU03267 rev.1 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04576624 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04576624 Version: 1 HPSBMU03267 r [ more ] [ reply ] WPML WordPress plug-in SQL injection etc. 2015-03-12 Jouko Pynnonen (jouko iki fi) OVERVIEW ========== WPML is the industry standard for creating multi-lingual WordPress sites. Three vulnerabilities were found in the plug-in. The most serious of them, an SQL injection problem, allows anyone to read the contents of the WordPress database, including user details and password hashes [ more ] [ reply ] MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation 2015-03-12 Advisories (advisories mogwaisecurity de) [security bulletin] HPSBMU02895 SSRT101253 rev.5 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03822422 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03822422 Version: 5 HPSBMU02895 SS [ more ] [ reply ] [security bulletin] HPSBGN03249 rev.1 - HP ArcSight Enterprise Security Manager and Logger, Multiple Remote Vulnerabilities 2015-03-12 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04562193 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04562193 Version: 1 HPSBGN03249 re [ more ] [ reply ] [SECURITY] [DSA 3183-1] movabletype-opensource security update 2015-03-12 Salvatore Bonaccorso (carnil debian org) SQL Injection in Huge IT Slider WordPress Plugin 2015-03-12 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23250 Product: Huge IT Slider WordPress Plugin Vendor: Huge-IT Vulnerable Version(s): 2.6.8 and probably prior Tested Version: 2.6.8 Advisory Publication: February 19, 2015 [without technical details] Vendor Notification: February 19, 2015 Vendor Patch: March 11, 2015 Public Disc [ more ] [ reply ] Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability 2015-03-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Secure Access Control System SQL Injection Vulnerability Advisory ID: cisco-sa-20150211-csacs Revision 2.0 For Public Release 2015 February 11 16:00 UTC (GMT) Last Updated 2015 March 11 19:34 UTC (GMT) +------------------------------------- [ more ] [ reply ] Microsoft Office Compatibility Pack tries to execute path without quotes 2015-03-11 j v vallejo gmail com A couple of days ago i found a weird behaviour in my computer. When i double-clicked a .docx file, an error message appeared saying c:\Program couldn?t be executed. I don?t know when and why i had an empty file named ?c:\Program? on my computer (i had been doing tests with %PROGRAMFILES% envar in my [ more ] [ reply ] Cisco Security Advisory: Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability 2015-03-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability Advisory ID: cisco-sa-20150311-ips Revision 1.0 For Public Release 2015 March 11 16:00 UTC (GMT) +----------------------------- [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor 2015-03-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor Advisory ID: cisco-sa-20150311-vcs Revision 1.0 For Public Release 2015 March 11 16:00 UTC (GMT) [ more ] [ reply ] |
|
Privacy Statement |
Hello All,
Details of our SE-2014-02 project have been released to the public.
A technical writeup and accompanying Proof of Concept codes can be
found at the following location:
http://www.security-explorations.com/en/SE-2014-02-details.html
In case of Google App Engine for Java, its first laye
[ more ] [ reply ]