|
|
Colapse all |
Post message
Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability 2014-02-28 Vulnerability Lab (research vulnerability-lab com) SEC Consult SA-20140228-1 :: Authentication bypass (SSRF) and local file disclosure in Plex Media Server 2014-02-28 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult SA-20140228-0 :: Privilege escalation vulnerability in MICROSENS Profi Line Modular Industrial Switch 2014-02-28 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] subversion (SSA:2014-058-01) 2014-02-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] subversion (SSA:2014-058-01) New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ pat [ more ] [ reply ] SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System) 2014-02-27 SEC Consult Vulnerability Lab (research sec-consult com) Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin 2014-02-27 High-Tech Bridge Security Research (advisory htbridge com) Advisory ID: HTB23199 Product: VideoWhisper Live Streaming Integration Vendor: VideoWhisper Vulnerable Version(s): 4.27.3 and probably prior Tested Version: 4.27.3 Advisory Publication: February 6, 2014 [without technical details] Vendor Notification: February 6, 2014 Vendor Patch: February 7, 20 [ more ] [ reply ] Update: CVE-2014-0053 Information Disclosure when using Grails 2014-02-27 Pivotal Security Team (security gopivotal com) CVE-2014-0053 Information Disclosure in Grails applications Severity: Important Vendor: Grails by Pivotal Product Affected: - Grails Resources plugin 1.0.0 to 1.2.5 Products known to depend on the affected product: - Grails 2.0.0 to 2.3.6 Description: The Grails resources plug-in, a default de [ more ] [ reply ] Office 365 - Account Hijacking Cookie Re-Use Flaw, extended 2014-02-27 "Oei, Géry" (geryoei oei-edv de) Title: Office 365 - Account Hijacking Cookie Re-Use Flaw, extended Vendor: - Microsoft Products affected: - Office 365 E3 package (version as of February 22nd, 2014) - Sharepoint Online Services Abstract: The well-known account hijacking through cookie re-use flaw was originally reported in [ more ] [ reply ] Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability 2014-02-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Networks Backup Appliance Application - Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=784 BARRACUDA NETWORK SECURITY ID: BNSEC-885 Release Date: ============= 2014-02-26 Vuln [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Infrastructure Command Execution Vulnerability 2014-02-26 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Infrastructure Command Execution Vulnerability Advisory ID: cisco-sa-20140226-pi Revision 1.0 For Public Release 2014 February 26 16:00 UTC (GMT) Summary ======= A vulnerability in Cisco Prime Infrastructure could allow an authenticate [ more ] [ reply ] Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability 2014-02-26 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Networks Bug Bounty #31 Firewall - Persistent Access Policy Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1070 Barracuda Networks Security ID (BNSEC): BNSEC-2068 Release Date: ============= 2 [ more ] [ reply ] Persistent XSS in Media File Renamer V1.7.0 wordpress plugin 2014-02-26 Larry W. Cashdollar (larry0 me com) Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Date: 1/31/2014 Author: Larry W. Cashdollar, @_larry0 Vendor: Notified 2/4/2014 CVE: 2014-2040 Download: http://www.meow.fr/media-file-renamer/ Vulnerability: The following functions do not sanitize input before being echoed out [ more ] [ reply ] Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher) 2014-02-26 innate gmx de *) Issue: Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher) *) Author: l0om ( http://l0om.org ) *) Date: 26.02.2013 *) Overview: Cosmoshop provides an admin backup-function which saves .htaccess protected MySQL dump files in a backup directory. This directory does only [ more ] [ reply ] APPLE-SA-2014-02-25-3 QuickTime 7.7.5 2014-02-25 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application ter [ more ] [ reply ] [security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates 2014-02-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04047415 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04047415 Version: 1 HPSBST02955 re [ more ] [ reply ] [security bulletin] HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information 2014-02-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04125866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04125866 Version: 1 HPSBMU02966 re [ more ] [ reply ] [security bulletin] HPSBPI02869 SSRT100936 rev.3 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files 2014-02-25 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03744742 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03744742 Version: 3 HPSBPI02869 SS [ more ] [ reply ] APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2 2014-02-25 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-2 Safari 6.1.2 and Safari 7.0.2 Safari 6.1.2 and Safari 7.0.2 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.1 Impa [ more ] [ reply ] APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 2014-02-25 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001 OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following: Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain [ more ] [ reply ] [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard 2014-02-25 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: McAfee ePolicy Orchestrator XML External Entity Expansion in Dashboard RedTeam Pentesting identified an XML external entity expansion vulnerability in McAfee ePolicy Orchestrator's (ePO) dashboard feature. Users with the ability to create new dashboards in the ePO web interface [ more ] [ reply ] Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities 2014-02-25 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Networks Firewall Bug Bounty #32 - Filter Bypass & Persistent Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1069 Barracuda Networks Security ID (BNSEC): BNSEC-2069 Release Date: ======= [ more ] [ reply ] [SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) 2014-02-25 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure) Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 - - Apache Tomcat 7.0.0 to 7.0.42 - - Apache Tomcat 6.0.0 to 6.0.37 Des [ more ] [ reply ] [SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications 2014-02-25 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4590 Information disclosure via XXE when running untrusted web applications Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat [ more ] [ reply ] [SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) 2014-02-25 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service) Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat 6.0.0 to 6.0 [ more ] [ reply ] [SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled 2014-02-25 Mark Thomas (markt apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 6.0.33 to 6.0.37 Description: Previous fixes to path parameter handling [1] intr [ more ] [ reply ] [security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure 2014-02-24 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04140965 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04140965 Version: 1 HPSBMU02971 re [ more ] [ reply ] [security bulletin] HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code 2014-02-24 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03995204 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03995204 Version: 1 HPSBST02937 re [ more ] [ reply ] [security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issue 2014-02-21 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04117626 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04117626 Version: 1 HPSBMU02964 re [ more ] [ reply ] WiFiles HD v1.3 iOS - File Include Web Vulnerability 2014-02-24 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WiFiles HD v1.3 iOS - File Include Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1214 Release Date: ============= 2014-02-22 Vulnerability Laboratory ID (VL-ID): ================================== [ more ] [ reply ] Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability 2014-02-24 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1101 Barracuda Networks Security ID (BNSEC): BNSEC-2361 Release Date: ============= 2014-02-21 Vulne [ more ] [ reply ] |
|
Privacy Statement |
===============
Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=811
Microsoft Security Response Center (MSRC) ID: 14095
Release Date:
=============
2014-0
[ more ] [ reply ]