|
|
Colapse all |
Post message
[security bulletin] HPSBMU03118 rev.3 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities 2015-01-06 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04468121 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04468121 Version: 3 HPSBMU03118 r [ more ] [ reply ] Brother MFC Administration Reflected Cross-Site Scripting 2015-01-07 vulns dionach com Class Cross-Site Scripting Remote Yes Disclosed 9th October 2014 Published 7th January 2015 Credit Dave Daly of Dionach (vulns (at) dionach (dot) com [email concealed]) Confirmed Vulnerable Brother MFC-J4410DW with F/W Versions J and K The printer administration web application on Brother MFC-J4410DW model printers with firmwa [ more ] [ reply ] Self-XSS in Microsoft Dynamics CRM 2013 SP1 2015-01-07 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Version(s): (6.1.1.132) (DB 6.1.1.132) and probably prior Tested Version: (6.1.1.132) (DB 6.1.1.132) Advisory Publication: December 29, 2014 [without technical details] Vendor Notification: Dece [ more ] [ reply ] ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities 2015-01-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1392 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities 2015-01-05 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities EMC Identifier: ESA-2014-180 CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639 Severity Rating: See below for individual scores f [ more ] [ reply ] [SECURITY] [DSA 3119-1] libevent security update 2015-01-06 Salvatore Bonaccorso (carnil debian org) Open-Xchange Security Advisory 2015-01-05 2015-01-05 Martin Heiland (martin heiland open-xchange com) Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version [ more ] [ reply ] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04 Pedro Ribeiro (pedrib gmail com) Hi, This is part 11 of the ManageOwnage series. For previous parts, see [1]. This time we have two remote code execution via file upload (and directory traversal) on several ManageEngine products - Service Desk Plus, Asset Explorer, Support Center and IT360. The first vulnerability can only be ex [ more ] [ reply ] [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ------ Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability ------------------------------------------------------------------------ ------ [-] Software Link: http://www.symantec.com/web-gateway/ [- [ more ] [ reply ] [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ----- Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability ------------------------------------------------------------------------ ----- [-] Software Link: http://www.mantisbt.org/ [-] Affected Vers [ more ] [ reply ] [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) --------------------------------------------------------------------- Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability --------------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and pro [ more ] [ reply ] [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) -------------------------------------------------------------- Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability -------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably prior versions. [ more ] [ reply ] [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------- Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability ------------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably [ more ] [ reply ] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31 Pedro Ribeiro (pedrib gmail com) (1 replies) Hi, This is part 10 of the ManageOwnage series. For previous parts, see [1]. This time we have a vulnerability that allows an unauthenticated user to create an administrator account, which can then be used to execute code on all devices managed by Desktop Central (desktops, servers, mobile devices [ more ] [ reply ] Re: [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2015-01-05 Pedro Ribeiro (pedrib gmail com) Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, in order to prevent the possible execution of a rogue program like "C:\Program.exe" or "C:\Program Files\Microsoft.exe", on x64 also "C:\Program Files.exe" or "C:\Program Files (x86)\Microsoft.exe", due to the beginner's error of using unquoted pathnames containing spaces (see <https://cwe. [ more ] [ reply ] ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability EMC Identifier: ESA-2014-179 CVE Identifier: CVE-2014-4634 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:010
http://www.mandriva.com/en/support/security/
___________________________________________________________
[ more ] [ reply ]