SecurityFocus

[slackware-security] seamonkey (SSA:2013-339-03) 2013-12-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2013-339-03)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packag

[ more ] [ reply ]

[slackware-security] mozilla-thunderbird (SSA:2013-339-02) 2013-12-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2013-339-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+---------------

[ more ] [ reply ]

[slackware-security] mozilla-nss (SSA:2013-339-01) 2013-12-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-nss (SSA:2013-339-01)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ] [ reply ]

ESA-2013-080: RSA Security Analytics Multiple Vulnerabilities 2013-12-04
Security Alert (Security_Alert emc com)

NEW VMSA-2013-0015 VMware ESX updates to third party libraries 2013-12-06
Edward Hawkins (security vmware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VMware Security Advisory

Advisory ID: VMSA-2013-0015
Synopsis: VMware ESX updates to third party libraries
Issue date: 2013-12-05
Updated on: 2013-12-05 (initial release)
CVE numbers: --- kernel (service console) ---

[ more ] [ reply ]

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability 2013-12-05
Egidio Romano (research karmainsecurity com)

----------------------------------------------------------
openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability
----------------------------------------------------------

[-] Software Link:

http://www.opensis.com/

[-] Affected Versions:

All versions from 4.5 to 5.2.

[-] Vulnerability D

[ more ] [ reply ]

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities 2013-12-05
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1152

Release Date:
=============
2013-12-04

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ] [ reply ]

Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day) 2013-12-05
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1099

Bulletin: Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability
http://www.sonicwal

[ more ] [ reply ]

[SECURITY] [DSA 2809-1] ruby1.8 security update 2013-12-04
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2809-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2013

[ more ] [ reply ]

[SECURITY] [DSA 2810-1] ruby1.9.1 security update 2013-12-04
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2810-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2013

[ more ] [ reply ]

Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities 2013-12-04
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1160

Release Date:
=============
2013-12-03

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ] [ reply ]

Cross-Site Scripting (XSS) in Jamroom 2013-12-04
High-Tech Bridge Security Research (advisory htbridge com)

Advisory ID: HTB23184
Product: Jamroom
Vendor: Talldude Networks, LLC
Vulnerable Version(s): 5.0.2 and probably prior
Tested Version: 5.0.2
Advisory Publication: November 13, 2013 [without technical details]
Vendor Notification: November 13, 2013
Vendor Patch: November 13, 2013
Public Disclosure

[ more ] [ reply ]

[PT-2013-63] Hash Length Extension in HTMLPurifier 2013-12-04
noreply ptsecurity com

-----------------------------------------------------------

(PT-2013-63) Positive Technologies Security Advisory
Hash Length Extension in HTMLPurifier

-----------------------------------------------------------

---[ Vulnerable software ]

HTMLPurifier
Version: 4.5.0 and earlier

Link:
htt

[ more ] [ reply ]

NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation 2013-12-04
\VMware Security Response Center\ (security vmware com)

bugs in IJG jpeg6b & libjpeg-turbo 2013-12-04
Michal Zalewski (lcamtuf coredump cx)

Dearly beloved,

So, for one reason or another, the IJG jpeg library has gained some
notoriety as one of the most robust pieces of complex,
security-critical C code. Despite countless fuzzing efforts, I don't
recall any reports of serious vulnerabilities at least since the
release of jpeg6b in 1998

[ more ] [ reply ]

[SECURITY] [DSA 2808-1] openjpeg security update 2013-12-03
Raphael Geissert (geissert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2808-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Raphael Geissert
December 03, 2013

[ more ] [ reply ]

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics). 2013-12-02
ScripT setInterval$function\(${for{alert$'fixme'$} } 10\) /scRIpt (tytusromekiatomek inbox com)

General info:
=============
The bn (multiprecision integer arithmetics) part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes.
Versions tested were between 0.9.8k and 1.0.1e. We were too laz*cough* busy to prepare the fancy table, sorry guys.
Some PoC

[ more ] [ reply ]

D-Link DIR-XXX remote root access exploit. 2013-12-02
ScripT setInterval$function\(${for{alert$'fixme'$} } 10\) /scRIpt (tytusromekiatomek inbox com)

General info:
=============
A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin.

knock knock
===========
-- cut
#!/bin/sh

if [ -z "$1" ]; then
echo "d-link DIR-300 (all), DIR-600 (all), DIR-615 (fw 4.0)";
echo "exploited by AKAT-1,

[ more ] [ reply ]

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities 2013-12-02
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1153

Release Date:
=============
2013-12-02

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ] [ reply ]

WorldCIST'14 - Submission deadline: December 7 2013-12-01
WorldCIST (marialemos72 gmail com)

* Proceedings published by Springer.

** Papers submitted for indexation by ISI, SCOPUS, DBLP, etc.

*** Extended versions of best papers published in ISI/SCI/JCR journals.

************************************************************************
**********
WorldCIST'14

[ more ] [ reply ]

[SECURITY] [DSA 2807-1] links2 security update 2013-11-30
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2807-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
November 30, 2013

[ more ] [ reply ]

[security bulletin] HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution 2013-11-29
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04026812

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04026812
Version: 2

HPSBGN02942 re

[ more ] [ reply ]

[SECURITY] [DSA 2806-1] nbd security update 2013-11-29
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2806-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
November 29, 2013

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-13:14.openssh [REVISED] 2013-11-29
FreeBSD Security Advisories (security-advisories freebsd org)

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability 2013-11-28
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1150

Lab News Article: http://www.vulnerability-lab.com/news/get_news.php?id=115

Release Date:
=========

[ more ] [ reply ]

RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface 2013-11-27
Ruckus Product Security Team (security ruckuswireless com)

[SECURITY] [DSA 2805-1] sup-mail security update 2013-11-27
Luciano Bello (luciano debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2805-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Luciano Bello
November 27, 2013

[ more ] [ reply ]

[HITB-Announce] #HITB2014AMS Call for Papers Now Open 2013-11-27
Hafez Kamal (aphesz hackinthebox org)

Hi everyone - The Call for Papers for the 5th annual HITB Security
Conference in Amsterdam is now open. #HITB2014AMS takes place at the
Beurs van Berlage from the 27th - 30th of May 2014. The official
conference hotel for the event is the Hilton DoubleTree.

As always we start with 2-days of hands o

[ more ] [ reply ]

SQL Injection in Chamilo LMS 2013-11-27
High-Tech Bridge Security Research (advisory htbridge com)

Advisory ID: HTB23182
Product: Chamilo LMS
Vendor: Chamilo Association
Vulnerable Version(s): 1.9.6 and probably prior
Tested Version: 1.9.6
Advisory Publication: November 6, 2013 [without technical details]
Vendor Notification: November 6, 2013
Vendor Patch: November 9, 2013
Public Disclosure:

[ more ] [ reply ]

SQL Injection in Dokeos 2013-11-27
High-Tech Bridge Security Research (advisory htbridge com)

Advisory ID: HTB23181
Product: Dokeos
Vendor: Dokeos
Vulnerable Version(s): 2.2 RC2 and probably prior
Tested Version: 2.2 RC2
Advisory Publication: October 30, 2013 [without technical details]
Vendor Notification: October 30, 2013
Public Disclosure: November 27, 2013
Vulnerability Type: SQL Inj

[ more ] [ reply ]