|
|
Colapse all |
Post message
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability 2015-01-22 Rewterz - Research Group (advisories rewterz com) [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days 2015-01-22 Hafez Kamal (aphesz hackinthebox org) Hi guys - Happy New Year! Just a reminder that the first selection round for submissions to HITB Security Conference 2015 in Amsterdam is closing at the end of January! That's T - 10 days and counting!!! === Date: 26th - 29th May 2015 Venue: De Beurs van Berlage Event Website: http://conference.h [ more ] [ reply ] PhotoSync 1.1.3 Android - Command Inject Vulnerability 2015-01-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PhotoSync 1.1.3 Android - Command Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1410 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Program-O v2.4.6 - Multiple Web Vulnerabilities 2015-01-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID (VL-ID): ==================================== 14 [ more ] [ reply ] CVE-2015-1180-xss-eventsentry 2015-01-22 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1180-xss-eventsentry Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface Affected Software : EventSentry Affected Versions: 3.1.0 and possibly below Vendor Homepage : http://eventsentry.com/ Vulnerability Type : Cross- [ more ] [ reply ] CVE-2015-1179-xss-mango-automation-scada 2015-01-22 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1179-xss-mango-automation-scada Information ----------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software Affected Software : Mango Automation Affected Versions: 2.4.0 and possibly below Vendor Homepage : http://infiniteautomation.com/ V [ more ] [ reply ] CVE-2015-1178-xss-x-cart-ecommerce 2015-01-22 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1178-xss-x-cart-ecommerce Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in X-CART e-Commerce software Affected Software : X-Cart Affected Versions: 5.1.8 and possibly below Vendor Homepage : https://www.x-cart.com Vulnerability Type : Cross-site Scr [ more ] [ reply ] CVE-2015-1177-xss-exponent 2015-01-22 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1177-xss-exponent Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Exponent CMS Affected Software : Exponent Affected Versions: 2.3.2 and possibly below Vendor Homepage : http://www.exponentcms.org/ Vulnerability Type : Cross-site Scripting Severity [ more ] [ reply ] SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP 2015-01-22 SEC Consult Vulnerability Lab (research sec-consult com) CVE-2015-1176-xss-osticket 2015-01-22 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1176-xss-osticket Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in osTicket Ticket system Affected Software : osTicket Affected Versions: 1.9.4 and possibly below Vendor Homepage : http://osticket.com/ Vulnerability Type : Cross-site Scripting Sever [ more ] [ reply ] [slackware-security] samba (SSA:2015-020-01) 2015-01-21 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2015-020-01) New samba packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/samba-4.1.1 [ more ] [ reply ] Remote Desktop v0.9.4 Android - Multiple Vulnerabilities 2015-01-21 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Remote Desktop v0.9.4 Android - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1413 Release Date: ============= 2015-01-20 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll 2015-01-21 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1415 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600 CVE-ID: ======= CVE-2014-9600 Release [ more ] [ reply ] [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass 2015-01-21 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: AVM FRITZ!Box: Firmware Signature Bypass The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the [ more ] [ reply ] PhotoSync v1.1.3 Android - Command Inject Vulnerability 2015-01-21 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PhotoSync v1.1.3 Android - Command Inject Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1410 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] [oCERT-2015-001] JasPer input sanitization errors 2015-01-21 Andrea Barisani (lcars ocert org) #2015-001 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple un [ more ] [ reply ] [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-01-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04550240 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04550240 Version: 1 HPSBUX03235 SS [ more ] [ reply ] ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities 2015-01-20 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities EMC Identifier: ESA-2015-004 CVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-20 [ more ] [ reply ] CVE-2015-1175-xss-prestashop 2015-01-20 Sudhanshu Chauhan (sudhanshu octogence com) CVE-2015-1175-xss-prestashop Information â??â??â??â??â??â??â?? Advisory by Octogence. Name: Reflected XSS Vulnerability in prestashop ecommerce software Affected Software : Prestashop Affected Versions: 1.6.0.9 and possibly below Vendor Homepage : https://www.prestashop.com/ Vulnerability Type : [ more ] [ reply ] MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities 2015-01-19 Advisories (advisories mogwaisecurity de) CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability 2015-01-18 Riley Baird (BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix bitmessage ch) CVE-2015-1032 A cross-site scripting vulnerability in the "Kiwix" zim file reader was discovered by Emmanuel Engelhart on 31 October 2014, and was reported on Sourceforge here: http://sourceforge.net/p/kiwix/bugs/763/ This vulnerability does not affect most users of the program, only those using t [ more ] [ reply ] [slackware-security] seamonkey (SSA:2015-016-04) 2015-01-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2015-016-04) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-016-02) 2015-01-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-016-02) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [slackware-security] freetype (SSA:2015-016-01) 2015-01-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] freetype (SSA:2015-016-01) New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +------------------------ [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2015-016-03) 2015-01-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-016-03) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] |
|
Privacy Statement |
========
[REWTERZ-20140101] - Rewterz - Security Advisory
========================================================================
========
Title: ManageEngine ServiceDesk SQL Injection Vulnerability
Product: ServiceDesk Plus
[ more ] [ reply ]