SecurityFocus

Stored XSS Vulnerability in F5 BIG-IP Application Security Manager 2015-01-12
Peter Lapp (lappsec gmail com)

Details
=======

Product: F5 BIG-IP Application Security Manager (ASM)
Vulnerability: Cross Site Scripting
Author: Peter Lapp, lappsec (at) gmail (dot) com [email concealed]
CVE: None assigned
Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x.
Fixed Version: 11.6

Summary
=======

The F5 ASM is a web applica

[ more ] [ reply ]

[SECURITY] [DSA 3126-1] php5 security update 2015-01-12
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3126-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
January 12, 2015

[ more ] [ reply ]

Corel Software DLL Hijacking 2015-01-12
CORE Advisories Team (advisories coresecurity com)

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Corel Software DLL Hijacking

1. *Advisory Information*

Title: Corel Software DLL Hijacking
Advisory ID: CORE-2015-0001
Advisory URL:
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
Date published: 2015-01-12

[ more ] [ reply ]

CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)

The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to
version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by
specifying the target URL in the URL parameter board_url in URLs like the
following:

http://www.example.com/mobiquo/smartbanner/welcome.php?bo

[ more ] [ reply ]

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 2015-01-12
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning
Board 4.0

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Tapatalk plugin for the WoltLab Burning Board forum software,
which allows attackers to inject arbitrary JavaScript code via URL

[ more ] [ reply ]

[ MDVSA-2015:022 ] wireshark 2015-01-12
security mandriva com

[ MDVSA-2015:021 ] curl 2015-01-12
security mandriva com

[ MDVSA-2015:020 ] libssh 2015-01-12
security mandriva com

ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1405

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
============================

[ more ] [ reply ]

Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1300

Video: http://www.vulnerability-lab.com/get_content.php?id=1335

BugCrowd ID: e8a8ecb81b9bf115226ed2ff0

[ more ] [ reply ]

Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1398

BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0

Acknowledgement (Hall of F

[ more ] [ reply ]

Blitz CMS Community - SQL Injection Web Vulnerability 2015-01-12
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Blitz CMS Community - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1403

Release Date:
=============
2015-01-12

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ] [ reply ]

[SECURITY] [DSA 3125-1] openssl security update 2015-01-11
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3125-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3124-1] otrs2 security update 2015-01-10
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3124-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 10, 2015

[ more ] [ reply ]

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities 2015-01-10
Pietro Oliva (pietroliva gmail com)

Vulnerability title: Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5

XSS vulnerability (CVE-2014-7956, authentication is needed):
h

[ more ] [ reply ]

[security bulletin] HPSBOV03227 rev.1 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities 2015-01-10
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04533567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04533567
Version: 1

HPSBOV03227 re

[ more ] [ reply ]

[ MDVSA-2015:019 ] openssl 2015-01-09
security mandriva com

Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities 2015-01-09
dan montala com

Hi,

I'm from Montala - we head up ResourceSpace development.

Just to add an update - we believe all issues have been fixed in the ResourceSpace Subversion repository. In fact the majority were fixed some time ago however the original submitter was checking against an older version.

We aim to rele

[ more ] [ reply ]

Re: [SECURITY] [DSA 3122-1] curl security update 2015-01-09
U2ME236 GMAIL COM

[ more ] [ reply ]

[SECURITY] [DSA 3122-1] curl security update 2015-01-08
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3122-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
January 08, 2015

[ more ] [ reply ]

Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada 2015-01-08
root recon cx (root)

+ + + +
+ + +
+ +
\ /
+ _ - _+_ - ,__

[ more ] [ reply ]

[ MDVSA-2015:018 ] asterisk 2015-01-08
security mandriva com

[ MDVSA-2015:017 ] libevent 2015-01-08
security mandriva com

[SECURITY] [DSA 3121-1] file security update 2015-01-08
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3121-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2015

[ more ] [ reply ]

[ MDVSA-2015:016 ] unzip 2015-01-08
security mandriva com

[ MDVSA-2015:015 ] sox 2015-01-08
security mandriva com

[ MDVSA-2015:014 ] libjpeg 2015-01-08
security mandriva com

[ MDVSA-2015:013 ] znc 2015-01-08
security mandriva com

[ MDVSA-2015:012 ] jasper 2015-01-08
security mandriva com

[ MDVSA-2015:011 ] nail 2015-01-08
security mandriva com