Hi!

It seems that it is easy to induce DRAM bit errors by doing repeated
reads from adjacent memory cells on common hw. Details are at

https://www.ece.cmu.edu/~safari/pubs/kim-isca14.pdf

. Older memory modules seem to work better, and ECC should detect
this. Paper has inner loop that should trigg

[ more ]  [ reply ]

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5
Advisory ID: SROEADV-2014-03
Author: Steffen Rösemann
Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014)
Vendor URL: http://www.contenido.org/de/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerab

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products

Advisory ID: cisco-sa-20141222-ntpd

Revision 1.1

Last Updated 2014 December 23 13:37 UTC (GMT)

For Public Release 2014 December 22 16:00 UTC (GMT)

+--------------

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3110-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
December 23, 2014

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-14:31.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3112-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2014

[ more ]  [ reply ]

Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1
Advisory ID: SROEADV-2014-02
Author: Steffen Rösemann
Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014)
Vendor URL: http://www.s9y.org/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerability Descrip

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3108-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
December 20, 2014

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3106-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2014

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3109-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2014

[ more ]  [ reply ]

#2014-011 UnZip input sanitization errors

Description:

The UnZip tool is an open source extraction utility for archives compressed in
the zip format.

The unzip command line tool is affected by heap-based buffer overflows within
the CRC32 verification, the test_compr_eb() and the getZip64Data() f

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2014-356-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.3

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2014-356-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2014-356-03)

New xorg-server packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]

Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Importa

[ more ]  [ reply ]

Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Important

[ more ]  [ reply ]

Document Title:
===============
Facebook BB #18 - IDOR Issue & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1371

Facebook Security ID: 219208937

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
=

[ more ]  [ reply ]

Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]

Document Title:
===============
iBackup v10.0.0.45 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]

SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .

[ more ]  [ reply ]

#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A spe

[ more ]  [ reply ]

SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,

[ more ]  [ reply ]

SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3

[ more ]  [ reply ]

Document Title:
===============
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336

CVE-ID:
=======
CVE-2014-9336

Release Date:
=

[ more ]  [ reply ]

Document Title:
===============
E-Journal CMS (ID) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1380

Release Date:
=============
2014-12-17

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]

Document Title:
===============
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1368

Facebook Security ID: 219162244

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL

[ more ]  [ reply ]

Document Title:
===============
Apple iOS v8.x - Message Context & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1346

Video: http://www.vulnerability-lab.com/get_content.php?id=1350

Release Date:
=============
2014-12-16

Vu

[ more ]  [ reply ]

Document Title:
===============
Jease CMS v2.11 - Persistent UI Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1373

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780

CVE-ID:
=======
CVE-2014-8780

Release Date:
=======

[ more ]  [ reply ]

Document Title:
===============
Morfy CMS v1.05 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1367

https://github.com/Awilum/monstra-cms/issues/351

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185

CVE

[ more ]  [ reply ]