Colapse all |
Post message
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1387 Release Date: ============= 2014-12-24 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID (VL-ID): ============== [ more ] [ reply ] Facebook Bug Bounty #17 - Migrate Privacy Vulnerability 2014-12-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook Bug Bounty #17 - Migrate Privacy Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1370 Facebook Security ID: 216850649 Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2014 [ more ] [ reply ] DRAM unreliable under specific access patern 2014-12-24 Pavel Machek (pavel ucw cz) Hi! It seems that it is easy to induce DRAM bit errors by doing repeated reads from adjacent memory cells on common hw. Details are at https://www.ece.cmu.edu/~safari/pubs/kim-isca14.pdf . Older memory modules seem to work better, and ECC should detect this. Paper has inner loop that should trigg [ more ] [ reply ] Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 2014-12-24 steffen roesemann1986 gmail com Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 (Release: 10th Dec 2014) Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerab [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products 2014-12-23 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products Advisory ID: cisco-sa-20141222-ntpd Revision 1.1 Last Updated 2014 December 23 13:37 UTC (GMT) For Public Release 2014 December 22 16:00 UTC (GMT) +-------------- [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-14:31.ntp 2014-12-23 FreeBSD Security Advisories (security-advisories freebsd org) Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 2014-12-23 steffen roesemann1986 gmail com Advisory: Stored XSS Vulnerability in CMS Serendipity v.2.0-rc1 Advisory ID: SROEADV-2014-02 Author: Steffen Rösemann Affected Software: CMS Serendipity v.2.0-rc1 (Release: 20th Dec 2014) Vendor URL: http://www.s9y.org/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Descrip [ more ] [ reply ] [SECURITY] [DSA 3109-1] firebird2.5 security update 2014-12-21 Salvatore Bonaccorso (carnil debian org) [oCERT-2014-011] UnZip input sanitization errors 2014-12-22 Andrea Barisani (lcars ocert org) #2014-011 UnZip input sanitization errors Description: The UnZip tool is an open source extraction utility for archives compressed in the zip format. The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification, the test_compr_eb() and the getZip64Data() f [ more ] [ reply ] [slackware-security] php (SSA:2014-356-02) 2014-12-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2014-356-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.3 [ more ] [ reply ] [slackware-security] ntp (SSA:2014-356-01) 2014-12-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2014-356-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [slackware-security] xorg-server (SSA:2014-356-03) 2014-12-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xorg-server (SSA:2014-356-03) New xorg-server packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367 2014-12-19 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity : Importa [ more ] [ reply ] TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325 2014-12-19 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker. Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki Affected Software : TWiki Affected Versions: 6.0.1 and possibly below Vendor Homepage : http://www.twiki.org/ Vulnerability Type : Cross-site Scripting Severity : Important [ more ] [ reply ] Facebook BB #18 - IDOR Issue & Privacy Vulnerability 2014-12-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook BB #18 - IDOR Issue & Privacy Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1371 Facebook Security ID: 219208937 Release Date: ============= 2014-12-12 Vulnerability Laboratory ID (VL-ID): = [ more ] [ reply ] Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability 2014-12-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1385 Release Date: ============= 2014-12-19 Vulnerability Laboratory ID (VL-ID): ========= [ more ] [ reply ] iBackup v10.0.0.45 - Privilege Escalation Vulnerability 2014-12-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iBackup v10.0.0.45 - Privilege Escalation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1382 Release Date: ============= 2014-12-18 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor 2014-12-19 SEC Consult Vulnerability Lab (research sec-consult com) APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 2014-12-18 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3 Xcode 6.2 beta 3 is now available and addresses the following: Git Available for: OS X Mavericks v10.9.4 or later Impact: Synching with a malicious git repository may allow unexpected files to be added to the . [ more ] [ reply ] [oCERT-2014-012] JasPer input sanitization errors 2014-12-18 Andrea Barisani (lcars ocert org) #2014-012 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A spe [ more ] [ reply ] SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted 2014-12-18 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager 2014-12-18 SEC Consult Vulnerability Lab (research sec-consult com) iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability 2014-12-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1375 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336 CVE-ID: ======= CVE-2014-9336 Release Date: = [ more ] [ reply ] E-Journal CMS (ID) - Multiple Web Vulnerabilities 2014-12-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== E-Journal CMS (ID) - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] |
Privacy Statement |
===============
Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability
References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1363
Release Date:
=============
2014-12-16
Vulnerability Laboratory ID (VL-ID):
===================================
[ more ] [ reply ]