|
|
Prev week |
Colapse all |
Post message
SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu 2014-07-10 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system 2014-07-10 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop 2014-07-10 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPSBMU03070 rev.1 - HP Cloud Service Automation, OpenSSL Vulnerability, Unauthorized Access, Disclosure of Information 2014-07-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04368546 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04368546 Version: 1 HPSBMU03070 re [ more ] [ reply ] [security bulletin] HPSBMU03069 rev.1 - HP Software Operation Orchestration, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information 2014-07-09 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04368523 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04368523 Version: 1 HPSBMU03069 re [ more ] [ reply ] Cisco Security Advisory: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products 2014-07-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products Advisory ID: cisco-sa-20140709-struts2 Revision 1.0 For Public Release 2014 July 9 16:00 UTC (GMT) +--------------------------------------------------------------------- Su [ more ] [ reply ] Weak Local Database Credentials in Infoblox Network Automation 2014-07-09 nate depthsecurity com Product: Network Automation ? NetMRI ? Switch Port Manager ? Automation Change Manager ? Security Device Controller Vendor: InfoBlox Vulnerable Version(s): 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Public Disclosure: July 9th, 2014 Vulnerability Type: OS Comma [ more ] [ reply ] Android NFC Service Denial of Service 2014-07-09 vuln nipc org cn Android NFC Service Denial of Service ------------------------------------------------------------------ I. Summary NFC Service is a process of Android OS for providing access to NFC functionality, allowing applications to read NDEF message in NFC tags. A flaw has beend found in NFC Service impl [ more ] [ reply ] CVE-2014-4331 OctavoCMS reflected XSS vulnerability 2014-07-09 andreu antonio gmail com This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC: http://demo.octavocms.com/admin/viewer.php?src=%22%3E%3C/img%3E%3Ch2%3ET his%20is%20a [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager 2014-07-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco Unified Communications Domain Manager Advisory ID: cisco-sa-20140702-cucdm Revision 2.0 Last Updated 2014 July 8 21:14 UTC (GMT) For Public Release 2014 July 2 16:00 UTC (GMT) Summary ======= Cisco Unified Comm [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-14:17.kmem 2014-07-08 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBMU03065 rev.1 - HP Operations Analytics, OpenSSL Vulnerability, SSL/TLS, Remote Code Execution, Denial of Service (DoS), Disclosure of Information 2014-07-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04363613 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04363613 Version: 1 HPSBMU03065 re [ more ] [ reply ] CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX 2014-07-08 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2.* Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalatio [ more ] [ reply ] Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit 2014-07-08 Sumit Siddharth (sid notsosecure com) A small blog on how a web based SQLi can be abused to obtain privilege escalation and ultimately remote code execution against Oracle Database: http://www.notsosecure.com/blog/2014/07/08/abusing-oracles-create-databa se-l ink-privilege-for-fun-and-profit/ Thanks Sid Founder/Director NotSoSecure [ more ] [ reply ] [security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access 2014-07-08 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04343424 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04343424 Version: 1 HPSBGN03050 re [ more ] [ reply ] ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability 2014-07-07 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-057: EMC Documentum Foundation Services (DFS) XML External Entity (XXE) Vulnerability EMC Identifier: ESA-2014-057 CVE Identifier: CVE-2014-2510 Severity Rating: CVSS v2 Base Score: 8 (AV:N/AC:L/Au:S/C:C/I:P/A:P) Affected products: [ more ] [ reply ] ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities 2014-07-07 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities EMC Identifier: ESA-2014-064 CVE Identifier: CVE-2014-2513, CVE-2014-2514 Severity Rating: CVSS v2 Base Score: Refer below for scores for each CVE. Affecte [ more ] [ reply ] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability 2014-07-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Photo Org WonderApplications v8.3 iOS - File Include Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1277 Release Date: ============= 2014-07-04 Vulnerability Laboratory ID (VL-ID): ==================== [ more ] [ reply ] [SECURITY] CVE-2014-3503 Apache Syncope 2014-07-07 Francesco Chicchiriccò (ilgrosso apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3503: Insecure Random implementations used to generate passwords in Apache Syncope Severity: Major Vendor: The Apache Software Foundation Versions Affected: This vulnerability affects all versions of Apache Syncope 1.1.x prior to 1.1.8 [ more ] [ reply ] |
|
Privacy Statement |
=======================================================================
title: Design Issue / Password Disclosure
product: All WAGO-I/O-SYSTEMs which provide a CODESYS V2.3 WebVisu
vulnerable version: Systems w
[ more ] [ reply ]