|
|
Colapse all |
Post message
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability 2015-02-05 Security Alert (Security_Alert emc com) CVE-2015-1172 Wordpress-theme remote arbitrary code 2015-02-05 borg servernet se Product: holding_pattern Vendor: Liftux Vulnerable Version(s): 0.6 and prior Tested Version: 0.6 Advisory Publication: January 18, 2015 Vendor Notification: January 14, 2015 Public Disclosure: January 18, 2015 Vulnerability Type: Exec Code Authentication: Not required to exploit CVE Reference: CVE-2 [ more ] [ reply ] [oCERT-2015-002] e2fsprogs input sanitization errors 2015-02-05 Andrea Barisani (lcars ocert org) #2015-002 e2fsprogs input sanitization errors Description: The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor informati [ more ] [ reply ] RE: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05 Dimitris Strevinas (d strevinas obrela com) Ben, we have reproduced the vulnerability in many occasion. First of all, at least to steal the session it is no matter if X-Frame-Option is set to deny/same-origin. Secondly, we were able to easily bypass the alert popup. It is not needed if you implement the "waiting" logic with a synchronous AJAX [ more ] [ reply ] Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" 2015-02-05 David Leo (david leo deusen co uk) 1. "Spartan - vulnerable (Windows 10)" http://www.deusen.co.uk/items/insider3show.3362009741042107/SpartanWin10 _screenshot.png Thanks to Zaakiy Siddiqui! 2. <?php sleep(2); header("Location: http://www.dailymail.co.uk/robots.txt"); ?> Many asked for it. 3. It's Universal XSS, as we tested: Not onl [ more ] [ reply ] Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05 David Leo (david leo deusen co uk) "is this entirely an IE flaw" Yes. "is it tied to the use of Cloudflare" No. "I tried to reproduce... was unsuccessful" Likely, this detail is missing: <?php sleep(2); header("Location: http://www.dailymail.co.uk/robots.txt"); ?> Please tell us whether you reproduce(with the PHP code). "am I corr [ more ] [ reply ] Re: Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04 kingkaustubh me com Here is the exact conversation ASUS CASEID=RTM20150115204498-295 Please click here if you wish to reply this mail! Dear Kaustubh, Thank you for the information, we really appreciate your feedback. To improve our customers experience we have forwarded your information to related dept., the conc [ more ] [ reply ] Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability 2015-02-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability Advisory ID: cisco-sa-20150204-wbx Revision 1.0 For Public Release 2015 February 4 16:00 UTC (GMT) - ---------------------------------------------------------------- [ more ] [ reply ] Bitdefender Internet Security - 2015-02-04 jerold v00d00sec com There seems to be some security issues with the way Bitdefender Internet Security 2015 software (Build 18.20.0.1429) interacts with its myBitdefender online portal. Issues: 1) Possible partial information disclosure privacy issue of users' myBitdefender account credentials when using the SAFEGO fu [ more ] [ reply ] ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities 2015-02-04 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: ? EMC Documentum D2 3.1 and all patch versions ? EMC Documentum D2 3.1 SP1 and all patch [ more ] [ reply ] ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability 2015-02-04 Security Alert (Security_Alert emc com) Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-04 David Leo (david leo deusen co uk) Microsoft was notified on Oct 13, 2014. Joey thank you very much for your words. Kind Regards, On 2015/2/3 4:53, Joey Fowler wrote: > Hi David, > > "nice" is an understatement here. > > I've done some testing with this one and, while there /are/ quirks, it most definitely works. It even bypasses [ more ] [ reply ] [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 2015-02-04 sven bsddaemon org [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection (CWE-89) Download link to tested ver [ more ] [ reply ] MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token 2015-02-03 Greg Hudson (ghudson mit edu) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2015-001 MIT krb5 Security Advisory 2015-001 Original release: 2015-02-03 Last update: 2015-02-03 Topic: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 CVE-2014-5352: gss_process_context_token() incorrectly free [ more ] [ reply ] CVE-2015-1437 XSS In ASUS Router. 2015-02-03 kingkaustubh me com (2 replies) ##################################### Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router Author: Kaustubh G. Padwad Product: ASUS Router RT-N10 Plus Firmware: 2.1.1.1.70 Severity: HIGH Auth: Not requierd CVE ID: CVE-2015-1437 # Description: Vulnerable Parameter: flag= # Vulne [ more ] [ reply ] CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability 2015-02-03 alex_haynes outlook com Exploit Title: Landesk Management Suite Cross-Site scripting vulnerabilityProduct: Landesk Management Suite Vulnerable Versions: 9.5 (possible previous versions), 9.6 Tested Version: 9.5 Advisory Publication: Feb 02, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-536 [ more ] [ reply ] [SECURITY] [DSA 3151-1] python-django security update 2015-02-03 Salvatore Bonaccorso (carnil debian org) articleFR CMS 3.0.5 - SQL injection vulnerability 2015-02-03 Tien Tran Dinh (tien d tran itas vn) #Vulnerability title: articleFR CMS 3.0.5 - SQL injection vulnerability #Product: articleFR #Vendor: http://freereprintables.com #Affected version: version 3.0.5 #Download link: https://github.com/articlefr/articleFR #Fixed version: N/A #CVE ID: CVE-2015-1364 #Author: Tran Dinh Tien (tien.d.tran@ita [ more ] [ reply ] articleFR CMS 3.0.5 - XSS vulnerability 2015-02-03 Tien Tran Dinh (tien d tran itas vn) #Vulnerability title: articleFR CMS 3.0.5 - XSS vulnerability #Product: articleFR #Vendor: http://freereprintables.com #Affected version: version 3.0.5 #Download link: https://github.com/articlefr/articleFR #Fixed version: N/A #CVE ID: CVE-2015-1363 #Author: Tran Dinh Tien (tien.d.tran (at) itas (dot) vn [email concealed]) & IT [ more ] [ reply ] [CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory 2015-02-02 mohamed idris helpag com ##################################### Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Desktop Central 9 Allows adding an Admin User Author: Mohamed Idris - Help AG Middle East Vendor: ZOHO Corp Advisory ID: hag20141205 Product: ManageEngine Desktop Central 9 Version: All vers [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability
EMC Identifier: EMC-2015-012
CVE Identifier: CVE-2015-0519
Severity Rating: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected products:
? EMC Capt
[ more ] [ reply ]