SecurityFocus

[SECURITY] [DSA 3180-1] libarchive security update 2015-03-05
Alessandro Ghedini (ghedo debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3180-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
March 05, 2015

[ more ] [ reply ]

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin 2015-03-05
kingkaustubh me com

Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin

. contents:: Table Of Content

Overview

Title :Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin
Author: Kaustubh G. Padwad, Rohit Kumar.
Plugin Homepage: https://yoast.com/wordpress/plugins/google-analytic

[ more ] [ reply ]

Last Call - Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies 2015-03-05
ML (marialemos72 gmail com)

--------------------------------------------------------------------
CISTI'2015
10th Iberian Conference on Information Systems and Technologies
17 - 20 June 2015, Aveiro, Portugal
http://www.aisti.eu/cisti2015/index.php/en
------------------------

[ more ] [ reply ]

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability 2015-03-05
prathan ptr gmail com

= Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability =

-----------------------------------------------------------------------
Vendor Homepage : http://www.myupb.com
Software Link : http://downloads.sourceforge.net/project/textmb/UPB/UPB%202.2.7/upb2.2.7
.zip
Version : 2.2.7

[ more ] [ reply ]

[ MDVSA-2015:054 ] bind 2015-03-04
security mandriva com

WeBid 1.1.1 Unrestricted File Upload Exploit 2015-03-04
prathan ptr gmail com

<?php

/*

,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(

[ more ] [ reply ]

[ MDVSA-2015:055 ] freetype2 2015-03-04
security mandriva com

[CVE-2015-2102] Clipbucket 2.7 RC3 0.9 - Blind SQL Injection 2015-03-04
prathan ptr gmail com

# Exploit Title : Clipbucket 2.7 RC3 0.9 Blind SQL Injection
# Date : 20 February 2015
# Exploit Author : CWH Underground
# Site : www.2600.in.th
# Vendor Homepage : http://clip-bucket.com/
# Software Link : http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/

[ more ] [ reply ]

[SECURITY] [DSA 3179-1] icedove security update 2015-03-03
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3179-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
March 03, 2015

[ more ] [ reply ]

[security bulletin] HPSBST03265 rev.1 - HP VMA SAN Gateway running Bash Shell and OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information 2015-03-03
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574224

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574224
Version: 1

HPSBST03265 r

[ more ] [ reply ]

[ MDVSA-2015:052 ] tomcat 2015-03-03
security mandriva com

[ MDVSA-2015:053 ] tomcat6 2015-03-03
security mandriva com

[ MDVSA-2015:051 ] sympa 2015-03-03
security mandriva com

[SECURITY] [DSA 3178-1] unace security update 2015-03-02
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3178-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2015

[ more ] [ reply ]

[ MDVSA-2015:050 ] patch 2015-03-02
security mandriva com

[security bulletin] HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS) 2015-03-02
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04582371

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04582371
Version: 1

HPSBST03274 re

[ more ] [ reply ]

[ MDVSA-2015:049 ] cups 2015-03-02
security mandriva com

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2 2015-02-28
edricteo outlook sg

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2

----------------------------------------------------------------

Product Information:

Software: ATutor LCMS
Tested Version: 2.2, released 25.8.2014
Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352)
Download link: http://

[ more ] [ reply ]

BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0 2015-02-28
edricteo outlook sg

BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0

----------------------------------------------------------------

Product Information:

Software: BEdita CMS
Tested Version: 3.5.0, released 19.1.2015
Vulnerability Type: Cross-Site Scripting (CWE-79) & Cross-Site Request Forgery, CSRF (CWE-352

[ more ] [ reply ]

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home 2015-02-27
SEC Consult Vulnerability Lab (research sec-consult com)

SEC Consult Vulnerability Lab Security Advisory < 20150227-0 >
=======================================================================
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware: 5.49; Android-App: 3.4.1
fixed version: 6.3

[ more ] [ reply ]

Wordpress Media Cleaner Plugin - XSS Vulnerability 2015-02-27
iletisim ismailsaygili com tr

# Exploit Title: Wordpress Media Cleaner - XSS
# Author: İsmail SAYGILI
# Web Site: www.ismailsaygili.com.tr
# E-Mail: iletisim (at) ismailsaygili.com (dot) tr [email concealed]
# Date: 2015-02-26
# Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip
# Version: 2.2.6

# Vulnerable File(s):

[ more ] [ reply ]

[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags 2015-02-27
Jeremy Boynes (jboynes apache org)

CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Standard Taglibs 1.2.1
The unsupported 1.0.x and 1.1.x versions may also be affected.

Description:
When an application uses <x:parse> or <x:transform> tags t

[ more ] [ reply ]

HelpDezk 1.0.1 Multiple Vulnerabilities 2015-02-26
dennis veninga gmail com

# Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities
# Google Dork: "intext: helpdezk-community-1.0.1"
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://www.helpdezk.org/
# Vendor contacted: 26-2-2015
# Version: 1.0.1
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

Hel

[ more ] [ reply ]

Cross-Site-Scripting (XSS) in tcllib's html::textarea 2015-02-26
Ben Fuhrmannek (bef sektioneins de)

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Cross-Site-Scripting (XSS) in tcllib's html::textarea
Release Date: 26 February 2015
Last Modified: 26 February 2015
Autho

[ more ] [ reply ]

[SECURITY] [DSA 3176-1] request-tracker4 security update 2015-02-26
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3176-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 26, 2015

[ more ] [ reply ]

Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Wireless File Transfer Pro Android - CSRF Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1437

Release Date:
=============
2015-02-25

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ] [ reply ]

Data Source: Scopus CMS - SQL Injection Web Vulnerability 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Data Source: Scopus CMS - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1436

Release Date:
=============
2015-02-25

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ] [ reply ]

DSS TFTP 1.0 Server - Path Traversal Vulnerability 2015-02-26
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
DSS TFTP 1.0 Server - Path Traversal Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1440

Release Date:
=============
2015-02-26

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ] [ reply ]

D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities 2015-02-26
Peter Adkins (peter adkins kernelpicnic net)

>> D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities

Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

Access:
----
Local network; unauthenticated access.
Remote network; unauthenticated access*.
Remote network; 'drive-by' via CSRF.

Tracking and identifiers:
----
CVE -

[ more ] [ reply ]

[slackware-security] mozilla-firefox (SSA:2015-056-01) 2015-02-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-056-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]