|
|
Colapse all |
Post message
OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 2015-03-11 Nicholas Lemonias. (lem nikolas googlemail com) ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities 2015-03-11 Security Alert (Security_Alert emc com) Vulnerability in the Dropbox SDK for Android (CVE-2014-8889) 2015-03-11 Roee Hay (roeeh il ibm com) Hi, We have recently discovered a vulnerability in the Dropbox SDK for Android. This vulnerability may enable theft of sensitive information from apps that use the vulnerable Dropbox SDK both locally by malware and also remotely by using drive-by exploitation techniques. The vulnerability is ident [ more ] [ reply ] Community Gallery - Srored Corss-Site Scripting vulnerability 2015-03-11 ITAS Team (itas team itas vn) #Vulnerability title: Community Gallery - Srored Corss-Site Scripting vulnerability #Product: Community Gallery #Vendor: https://www.woltlab.com #Affected version: Community Gallery 2.0 before 12/10/2014 #Download link: https://www.woltlab.com/purchase/?products[]=com.woltlab.gallery #Fixed version: [ more ] [ reply ] [security bulletin] HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities 2015-03-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583581 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583581 Version: 1 HPSBUX03281 SS [ more ] [ reply ] ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities 2015-03-10 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2015-0235, CVE-2015-0524, CVE-2015-0525 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Product 2015-03-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Product Advisory ID: cisco-sa-20150310-ssl Revision: 1.0 For Public Release 2015 March 10 16:00 UTC (GMT) +-------------------------------------------------------------------- Summ [ more ] [ reply ] Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270) 2015-03-10 harish ramadoss helpag com ##################################### Title:- Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270) Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Bui [ more ] [ reply ] ProjectSend r561 - SQL injection vulnerability 2015-03-10 ITAS Team (itas team itas vn) #Vulnerability title: ProjectSend r561 - SQL injection vulnerability #Product: ProjectSend r561 #Vendor: http://www.projectsend.org/ #Affected version: ProjectSend r561 #Download link: http://www.projectsend.org/download/67/ #Fixed version: N/A #Author: Le Ngoc Phi (phi.n.le () itas vn) & ITAS Team [ more ] [ reply ] Cisco Security Advisory: Row Hammer Privilege Escalation Vulnerability 2015-03-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Row Hammer Privilege Escalation Vulnerability Advisory ID: cisco-sa-20150309-rowhammer http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis co-sa-20150309-rowhammer Revision 1.1 Last Updated 2015 March 9 22:59 UTC (GMT) For Pub [ more ] [ reply ] Multiple Vulnerabilities with Kguard Digital Video Recorders 2015-03-09 Federick Joe P Fajardo (fjpfajardo ph ibm com) MULTIPLE VULNERABILITIES WITH KGUARD DIGITAL VIDEO RECORDERS, February 10, 2015 PRODUCT DESCRIPTION The Kguard SHA104 & SHA108 are 4ch/8ch H.264 DVRs designed for economical application. It's stylish & streamlines hardware design and excellent performance can be fast moving, competitive and an [ more ] [ reply ] tcpdump 4.7.2 remote crashes 2015-03-09 Michael Richardson (mcr sandelman ca) Hi, please find tcpdump 4.7.2 source code at: http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz http://www.ca.tcpdump.org/beta/tcpdump-4.7.2.tar.gz.sig (there is also a matching libpcap) To validate the source code with the "make check" you need to have libpcap-4.7.2 or the geneve te [ more ] [ reply ] APPLE-SA-2015-03-09-4 Xcode 6.2 2015-03-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-4 Xcode 6.2 Xcode 6.2 is now available and addresses the following: subversion Available for: OS X Mavericks v10.9.4 or later Impact: Multiple vulnerabilities in Apache Subversion Description: Multiple vulnerabilities existed in [ more ] [ reply ] APPLE-SA-2015-03-09-3 Security Update 2015-002 2015-03-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-3 Security Update 2015-002 Security Update 2015-002 is now available and addresses the following: iCloud Keychain Available for: OS X Yosemite v10.10.2 Impact: An attacker with a privileged network position may be able to execute [ more ] [ reply ] APPLE-SA-2015-03-09-2 AppleTV 7.1 2015-03-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-2 AppleTV 7.1 AppleTV 7.1 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Descriptio [ more ] [ reply ] APPLE-SA-2015-03-09-1 iOS 8.2 2015-03-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-03-09-1 iOS 8.2 iOS 8.2 is now available and addresses the following: CoreTelephony Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedl [ more ] [ reply ] [security bulletin] HPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and Other Vulnerabilities 2015-03-07 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04582466 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04582466 Version: 1 HPSBGN03277 re [ more ] [ reply ] MongoDB BSON Handling Remote Denial of Service Vulnerability 2015-03-06 noreply-secresearch fortinet com MongoDB BSON Handling Remote Denial of Service Vulnerability March 06, 2015 Summary: ======== Fortinet's FortiGuard Labs has discovered a remote denial of service vulnerability in MongoDB. It allows remote attackers to launch a denial of service attack without providing any authentication credenti [ more ] [ reply ] [security bulletin] HPSBUX03235 SSRT101750 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-03-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04550240 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04550240 Version: 3 HPSBUX03235 SS [ more ] [ reply ] H2HC 12th Edition - Call for Papers 2015-03-06 Rodrigo Rubira Branco \(BSDaemon\) (rodrigo kernelhacking com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CALL FOR PAPERS - Hackers 2 Hackers Conference 12th edition The call for papers for H2HC 12th edition is now open. H2HC is a hacker conference taking place in Sao Paulo, Brazil, from 22 to 27 October 2015. [ - Introduction - ] For the twelveth conse [ more ] [ reply ] ocPortal 9.0.16 Multiply XSS Vulnerabilities 2015-03-08 dennis veninga gmail com # Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities # Google Dork: "Copyright (c) ocPortal 2011 " # Date: 26-2-2015 # Exploit Author: Dennis Veninga # Vendor Homepage: http://ocportal.com/ # Vendor contacted: 22-2-2015 # Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerabi [ more ] [ reply ] [security bulletin] HPSBHF03279 rev.1 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code 2015-03-05 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 1 HPSBHF03279 re [ more ] [ reply ] [security bulletin] HPSBPI03107 rev.2 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access 2015-03-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04451722 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04451722 Version: 2 HPSBPI03107 re [ more ] [ reply ] [slackware-security] samba (SSA:2015-064-01) 2015-03-05 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2015-064-01) New samba packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/samba-4.1.17 [ more ] [ reply ] |
|
Privacy Statement |
------------------------------------------------------------------------
-----------
Author: Nicholas Lemonias
Type: Security Audit Notes
Date: 07/3/2015
Email: lem.nikolas (at) gmail (dot) com [email concealed]
Audit: OpenSSL v1.0.2 (22nd of January, 2015 Release)
----
[ more ] [ reply ]