|
|
Colapse all |
Post message
Open-Xchange Security Advisory 2015-02-12 2015-02-12 Martin Heiland (martin heiland open-xchange com) Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35889 (Bug ID) Vulnerability type: Information Exposure (CWE-200) Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed versio [ more ] [ reply ] Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) 2015-02-12 Jonathan Brossard (endrazine gmail com) Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-02-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20141008-asa Revision 2.0 Last Updated 2015 February 11 17:54 UTC (GMT) For Public Release 2014 October 8 16:00 UTC (GMT) Summary ======= *** Revision 2.0 Note: Please see the [ more ] [ reply ] Elasticsearch vulnerability CVE-2015-1427 2015-02-11 Kevin Kluge (kevin kluge elasticsearch com) Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assign [ more ] [ reply ] Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability 2015-02-11 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Secure Access Control System SQL Injection Vulnerability Advisory ID: cisco-sa-20150211-csacs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis co-sa-20150211-csacs Revision 1.0 For Public Release 2015 February 11 16:00 [ more ] [ reply ] Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability 2015-02-11 sn 1dn eu ============================================================ - Title: Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability - Vulnerable Version: 2.8.8 and probably prior -Tested Version:2.8.8 - Vendor Notification: 20 November 2014 - Vendor Patch: 20 November 2014 -Vulnerabil [ more ] [ reply ] [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) 2015-02-11 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, yesterday Microsoft published the security advisory 3004375 <https://technet.microsoft.com/en-us/library/security/3004375> announcing an update which enables Windows 7 and newer to log the command lines used to start processes to the event log. If you want to have this functionality on old [ more ] [ reply ] T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) 2015-02-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1427 Release Date: ============= 2015-01-29 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability 2015-02-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability References (Source): ==================== http://vulnerability-lab.com/get_content.php?id=1355 Release Date: ============= 2015-02-09 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability 2015-02-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability 2015-02-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1432 Facebook Security ID: 10202805822321483 Video: https://www.youtube.com/watch?v=SAr2AGLrBkQ Vulnerability M [ more ] [ reply ] Multiple Vulnerabilities in my little forum 2015-02-11 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23248 Product: my little forum Vendor: http://mylittleforum.net/ Vulnerable Version(s): 2.3.3 and probably prior Tested Version: 2.3.3 Advisory Publication: January 14, 2015 [without technical details] Vendor Notification: January 14, 2015 Vendor Patch: February 8, 2015 Public Di [ more ] [ reply ] Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin 2015-02-11 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23249 Product: Easing Slider WordPress Plugin Vendor: Easing Slider Vulnerable Version(s): 2.2.0.6 and probably prior Tested Version: 2.2.0.6 Advisory Publication: January 21, 2015 [without technical details] Vendor Notification: January 21, 2015 Vendor Patch: January 22, 2015 Pu [ more ] [ reply ] [security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities 2015-02-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04558068 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04558068 Version: 1 HPSBMU03246 r [ more ] [ reply ] [security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities 2015-02-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04556845 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04556845 Version: 1 HPSBMU03245 r [ more ] [ reply ] [security bulletin] HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information 2015-02-10 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04566948 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04566948 Version: 1 HPSBGN03255 r [ more ] [ reply ] [RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page 2015-02-10 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opene [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:045
http://www.mandriva.com/en/support/security/
___________________________________________________________
[ more ] [ reply ]