BugTraq Mode:
(Page 168 of 1747)  < Prev  163 164 165 166 167 168 169 170 171 172 173  Next >
APPLE-SA-2015-01-27-2 iOS 8.1.3 2015-01-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-01-27-2 iOS 8.1.3

iOS 8.1.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted afc command may allow

[ more ]  [ reply ]
APPLE-SA-2015-01-27-1 Apple TV 7.0.3 2015-01-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

Apple TV 7.0.3 is now available and addresses the following:

Apple TV
Available for: Apple TV 3rd generation and later
Impact: A maliciously crafted afc command may allow access to
protected parts of the filesyst

[ more ]  [ reply ]
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow 2015-01-27
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory CVE-2015-0235

GHOST: glibc gethostbyname buffer overflow

--[ Contents ]----------------------------------------------------------------

1 - Summary
2 - Analysis
3 - Mitigating factors
4 - Case studies
5 - Exploitation
6 - Acknowledgments

--[ 1 - Summary ]-------------

[ more ]  [ reply ]
[SECURITY] [DSA 3142-1] eglibc security update 2015-01-27
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3142-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
January 27, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3141-1] wireshark security update 2015-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3141-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015

[ more ]  [ reply ]
[SYSS-2014-010] FancyFon FAMOC - SQL Injection 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-010
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3140-1] xen security update 2015-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3140-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015

[ more ]  [ reply ]
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-013
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12

[ more ]  [ reply ]
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-011
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution D

[ more ]  [ reply ]
[SYSS-2014-012] FancyFon FAMOC - Session Fixation 2015-01-27
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2014-012
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Session Fixation (CWE-384)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2

[ more ]  [ reply ]
CVE-2015-0223: anonymous access to qpidd cannot be prevented 2015-01-26
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

anonymous access to qpidd cannot be prevented

CVE-2015-0223 CVS: 5.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

An attacker can gain

[ more ]  [ reply ]
CVE-2015-0224: qpidd can be crashed by unauthenticated user 2015-01-26
Gordon Sim (gsim apache org)
Apache Software Foundation - Security Advisory

qpidd can be crashed by unauthenticated user

CVE-2015-0224 CVS: 7.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

In CVE-2015-0203 it w

[ more ]  [ reply ]
[CORE-2015-0002] - Android WiFi-Direct Denial of Service 2015-01-26
CORE Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Android WiFi-Direct Denial of Service

1. *Advisory Information*

Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-servic
e
Dat

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2015-0001 2015-01-26
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisor

[ more ]  [ reply ]
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========
[REWTERZ-20140103] - Rewterz - Security Advisory
========================================================================
========

Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Product: S

[ more ]  [ reply ]
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========
[REWTERZ-20140102] - Rewterz - Security Advisory
========================================================================
========

Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability
Product: ServiceDesk

[ more ]  [ reply ]
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability 2015-01-22
Rewterz - Research Group (advisories rewterz com)
========================================================================
========

[REWTERZ-20140101] - Rewterz - Security Advisory

========================================================================
========

Title: ManageEngine ServiceDesk SQL Injection Vulnerability
Product: ServiceDesk Plus

[ more ]  [ reply ]
[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days 2015-01-22
Hafez Kamal (aphesz hackinthebox org)
Hi guys - Happy New Year!

Just a reminder that the first selection round for submissions to HITB
Security Conference 2015 in Amsterdam is closing at the end of January!
That's T - 10 days and counting!!!

===

Date: 26th - 29th May 2015
Venue: De Beurs van Berlage
Event Website: http://conference.h

[ more ]  [ reply ]
PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PhotoSync 1.1.3 Android - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Program-O v2.4.6 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1414

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
14

[ more ]  [ reply ]
CVE-2015-1180-xss-eventsentry 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1180-xss-eventsentry

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface
Affected Software : EventSentry
Affected Versions: 3.1.0 and possibly below
Vendor Homepage : http://eventsentry.com/
Vulnerability Type : Cross-

[ more ]  [ reply ]
CVE-2015-1179-xss-mango-automation-scada 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1179-xss-mango-automation-scada

Information
-----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software
Affected Software : Mango Automation
Affected Versions: 2.4.0 and possibly below
Vendor Homepage : http://infiniteautomation.com/
V

[ more ]  [ reply ]
CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1178-xss-x-cart-ecommerce

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in X-CART e-Commerce software
Affected Software : X-Cart
Affected Versions: 5.1.8 and possibly below
Vendor Homepage : https://www.x-cart.com
Vulnerability Type : Cross-site Scr

[ more ]  [ reply ]
CVE-2015-1177-xss-exponent 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1177-xss-exponent

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Exponent CMS
Affected Software : Exponent
Affected Versions: 2.3.2 and possibly below
Vendor Homepage : http://www.exponentcms.org/
Vulnerability Type : Cross-site Scripting
Severity

[ more ]  [ reply ]
SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP 2015-01-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20150122-0 >
=======================================================================
title: Multiple critical vulnerabilities
products: Symantec Data Center Security: Server Advanced (SDCS:SA)
Symantec Cr

[ more ]  [ reply ]
CVE-2015-1176-xss-osticket 2015-01-22
Sudhanshu Chauhan (sudhanshu octogence com)
CVE-2015-1176-xss-osticket

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in osTicket Ticket system
Affected Software : osTicket
Affected Versions: 1.9.4 and possibly below
Vendor Homepage : http://osticket.com/
Vulnerability Type : Cross-site Scripting
Sever

[ more ]  [ reply ]
[slackware-security] samba (SSA:2015-020-01) 2015-01-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2015-020-01)

New samba packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.1

[ more ]  [ reply ]
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities 2015-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1413

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll 2015-01-21
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1415

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600

CVE-ID:
=======
CVE-2014-9600

Release

[ more ]  [ reply ]
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass 2015-01-21
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the

[ more ]  [ reply ]
(Page 168 of 1747)  < Prev  163 164 165 166 167 168 169 170 171 172 173  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus