|
|
Colapse all |
Post message
Open-Xchange Security Advisory 2015-01-05 2015-01-05 Martin Heiland (martin heiland open-xchange com) Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version [ more ] [ reply ] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360 2015-01-04 Pedro Ribeiro (pedrib gmail com) Hi, This is part 11 of the ManageOwnage series. For previous parts, see [1]. This time we have two remote code execution via file upload (and directory traversal) on several ManageEngine products - Service Desk Plus, Asset Explorer, Support Center and IT360. The first vulnerability can only be ex [ more ] [ reply ] [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ------ Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability ------------------------------------------------------------------------ ------ [-] Software Link: http://www.symantec.com/web-gateway/ [- [ more ] [ reply ] [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ ----- Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability ------------------------------------------------------------------------ ----- [-] Software Link: http://www.mantisbt.org/ [-] Affected Vers [ more ] [ reply ] [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) --------------------------------------------------------------------- Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability --------------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and pro [ more ] [ reply ] [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) -------------------------------------------------------------- Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability -------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably prior versions. [ more ] [ reply ] [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability 2014-12-31 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------- Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability ------------------------------------------------------------------- [-] Software Link: http://osclass.org/ [-] Affected Versions: Version 3.4.2 and probably [ more ] [ reply ] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central 2014-12-31 Pedro Ribeiro (pedrib gmail com) Hi, This is part 10 of the ManageOwnage series. For previous parts, see [1]. This time we have a vulnerability that allows an unauthenticated user to create an administrator account, which can then be used to execute code on all devices managed by Desktop Central (desktops, servers, mobile devices [ more ] [ reply ] Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook 2014-12-30 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, in order to prevent the possible execution of a rogue program like "C:\Program.exe" or "C:\Program Files\Microsoft.exe", on x64 also "C:\Program Files.exe" or "C:\Program Files (x86)\Microsoft.exe", due to the beginner's error of using unquoted pathnames containing spaces (see <https://cwe. [ more ] [ reply ] ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability 2014-12-30 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability EMC Identifier: ESA-2014-179 CVE Identifier: CVE-2014-4634 Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected [ more ] [ reply ] ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability 2014-12-30 Security Alert (Security_Alert emc com) Remote Code Execution via Unauthorised File upload in Cforms 14.7 2014-12-29 z fedotkin infosec ru Advisory: Remote Code Execution via Unauthorised File upload in Cforms 14.7 Advisory ID: - Author: Zakhar Fedotkin Affected Software: Wordpress Plugin Cforms II 14.x-14.7 (Release: 12th Nov 2014) Vendor URL: https://wordpress.org/plugins/cforms2/ Vendor Status: fixed CVE-ID: - =================== [ more ] [ reply ] nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29 nullcon (nullcon nullcon net) Namaste Ninjas, Seasons greetings! We are back for 6th time in Goa. nullcon 666 welcomes you to the beastly devilish conference. As nullcon is getting near, we are excited and ready to announce the registration for HackIM CTF. Details at http://ctf.nullcon.net This time HackIM is powered by EMC and [ more ] [ reply ] [SECURITY] [DSA 3114-1] mime-support security update 2014-12-29 Salvatore Bonaccorso (carnil debian org) Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date: == [ more ] [ reply ] Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1377 Release Date: ============= 2014-12-25 Vulnerability Laboratory ID (VL-ID): ======================== [ more ] [ reply ] PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1358 Release Date: ============= 2014-12-18 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability References (Source): ==================== http://vulnerability-lab.com/get_content.php?id=1363 Release Date: ============= 2014-12-16 Vulnerability Laboratory ID (VL-ID): =================================== [ more ] [ reply ] ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1387 Release Date: ============= 2014-12-24 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID (VL-ID): ============== [ more ] [ reply ] Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook Bug Bounty #17 - Migrate Privacy Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1370 Facebook Security ID: 216850649 Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2014 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:001
http://www.mandriva.com/en/support/security/
___________________________________________________________
[ more ] [ reply ]