BugTraq Mode:
(Page 259 of 1747)  < Prev  254 255 256 257 258 259 260 261 262 263 264  Next >
Call for Paper/Event - nullcon Goa 2014 2013-09-04
nullcon (nullcon nullcon net)
Hello All,

V are V

On our fifth Anniversary we are super excited to officially open the
CFP (Call for PARTYcipation!). Yes, this is going to be the biggest
nullcon till now with lot of sub-events, CTFs, villages, workshops,
talks, parties.

Time to tickle your gray cells and submit your research.

[ more ]  [ reply ]
SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities 2013-09-04
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20130904-0 >
=======================================================================
title: Undocumented password reset and admin takeover &
Cross-Site Scripting vulnerabilities
product: GroupLink everyt

[ more ]  [ reply ]
[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow 2013-09-04
bugtraq packetstormsecurity org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-----------------------------------------------------------------------
-------+
| Packet Storm Advisory 2013-0903-1 |
| http://packetstormsecurity.com/ |
+---------

[ more ]  [ reply ]
[SECURITY] [DSA 2750-1] imagemagick security update 2013-09-03
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2750-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
September 03, 2013

[ more ]  [ reply ]
PayPal's "invalid" aksession Padding Oracle Flaw 2013-09-03
Timothy D. Morgan (tmorgan vsecurity com)
Re-posting this, since the moderators ignored it (and my follow up emails to them).

The main PayPal web site sets a cookie named "aksession" which
contains a blob of base64-encoded ciphertext. This ciphertext is
encrypted using a 64-bit block cipher in CBC mode and does not have
any other integrit

[ more ]  [ reply ]
ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities 2013-09-03
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-057: RSA Archer® GRC Multiple Vulnerabilities

EMC Identifier: ESA-2013-057

CVE Identifier: CVE-2013-3276, CVE-2013-3277

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected Products:

RSA Arch

[ more ]  [ reply ]
[ MDVSA-2013:225 ] libdigidoc 2013-09-02
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:225
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[ MDVSA-2013:224 ] libtiff 2013-09-02
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:224
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
[SECURITY] [DSA 2749-1] asterisk security update 2013-09-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2749-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
September 02, 2013

[ more ]  [ reply ]
Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption 2013-09-02
king cope (isowarez isowarez isowarez googlemail com)
Hello lists,

here you find the analysis of a vulnerability I recently discovered.

Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-
remote-preauth-heap-corruption/

Additionally it includes a way to drop into

[ more ]  [ reply ]
[SECURITY] [DSA 2748-1] exactimage security update 2013-09-01
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2748-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
September 01, 2013

[ more ]  [ reply ]
[SECURITY] [DSA 2740-2] python-django regression update 2013-09-01
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2740-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
September 01, 2013

[ more ]  [ reply ]
IndiaNIC Testimonail WP plugin - Multiple vulnerabilities 2013-09-01
roguecoder hush com
Details
========================
Application: Testimonial
Version: 2.2
Type: Wordpress plugin
Vendor: IndiaNIC
Vulnerability:
- XSS (CWE-79)
- CSRF (CWE-352)
- SQL Injection (CWE-89)

Description
========================
Testimonial Plugin allows you to add, delete, edit and place what others said a

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 9): erroneous documentation 2013-08-31
Stefan Kanthak (stefan kanthak nexgo de)
Hi,

in <http://seclists.org/fulldisclosure/2013/Aug/75> I documented
beginners errors (unquoted pathnames containing spaces) not only
in Microsoft products.

Microsofts developer documentation but shows these beginners errors
too (and is inconsistent, even in single topics).

Examples:

<http://msd

[ more ]  [ reply ]
Full Disclosure - Multiple vulnerabilities in five Zoom ADSL Modem/Routers 2013-09-01
kyle Lovett (krlovett gmail com)
Five models of the Zoom Telephonics ADSL Modem/Router line suffer from
multiple critical vulnerabilities, almost all being of a remote access
attack vector.

Models affected:
Zoom X3 ADSL Modem/Router
Zoom X4 ADSL Modem/Router
Zoom X5 ADSL Modem/Router
Zoom ADSL Bridge Modem Model 5715 (1 vulnerabil

[ more ]  [ reply ]
list of vulnerability discovered by RealPentesting 2013-08-31
Pedro Guillen (pgn pedroguillen gmail com)
HI all!

I'm part of realpentesting members and although these vulnerability was
published some moths ago, now we can publicity with these CVEs identifiers.
Also you can get more information about the vulnerablities which we
discovered in http://realpentesting.blogspot.com.es/p/advisories.html

Buff

[ more ]  [ reply ]
[SECURITY] [DSA 2747-1] cacti security update 2013-08-31
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2747-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Florian Weimer
August 31, 2013

[ more ]  [ reply ]
[slackware-security] gnutls (SSA:2013-242-03) 2013-08-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnutls (SSA:2013-242-03)

New gnutls packages are available for Slackware 14.0 and -current to fix a
security issue.

Sorry about having to reissue this one -- I pulled it from ftp.gnu.org not
realizing that the latest version the

[ more ]  [ reply ]
[slackware-security] gnutls (SSA:2013-242-01) 2013-08-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnutls (SSA:2013-242-01)

New gnutls packages are available for Slackware 14.0, and -current to fix a
security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/gnutls-3

[ more ]  [ reply ]
VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059) 2013-08-30
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Microsoft Internet Explorer
"ReplaceAdjacentText" Use-after-free (MS13-059)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part o

[ more ]  [ reply ]
[ MDVSA-2013:223 ] asterisk 2013-08-30
security mandriva com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:223
http://www.mandriva.com/en/support/security/
___________________________________________________________

[ more ]  [ reply ]
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) 2013-08-30
VUPEN Security Research (advisories vupen com)
VUPEN Security Research - Microsoft Internet Explorer Protected Mode
Sandbox Bypass (Pwn2Own 2013 / MS13-059)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included a

[ more ]  [ reply ]
VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) 2013-08-30
VUPEN Security Research (advisories vupen com)
Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013
/ MS13-063)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Windows is a series of software operating systems and graphical
user interfaces produced by Micros

[ more ]  [ reply ]
[slackware-security] php (SSA:2013-242-02) 2013-08-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2013-242-02)

New php packages are available for Slackware 14.0, and -current to fix a
security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/php-5.4.19-i48

[ more ]  [ reply ]
NEW VMSA-2013-0011 VMware ESXi and ESX address an NFC Protocol Unhandled Exception 2013-08-30
VMware Security Team (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2013-0011
Synopsis: VMware ESXi and ESX address an NFC Protocol Unhandled
Exception
Issue date: 2013-08-29
Updated on:

[ more ]  [ reply ]
Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability 2013-08-29
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability

Date:
=====
2013-07-28

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1026

Microsoft Security Response Center (MSRC) ID: 15180

Video: http://www.vulnerability-lab.com/get_content.php?id=1028

V

[ more ]  [ reply ]
Department of Transport UK - SQL Injection Vulnerability 2013-08-29
Vulnerability Lab (research vulnerability-lab com)
Title:
======
Department of Transport UK - SQL Injection Vulnerability

Date:
=====
2013-08-29

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=732

VL-ID:
=====
732

Common Vulnerability Scoring System:
====================================
8.6

Introduction:
=======

[ more ]  [ reply ]
UTA EDU University ENG - SQL Injection Vulnerability 2013-08-29
Vulnerability Lab (research vulnerability-lab com)
Title:
======
UTA EDU University ENG - SQL Injection Vulnerability

Date:
=====
2013-08-28

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=256

VL-ID:
=====
256

Common Vulnerability Scoring System:
====================================
8.4

Introduction:
===========

[ more ]  [ reply ]
[SECURITY] [DSA 2746-1] icedove security update 2013-08-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2746-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 29, 2013

[ more ]  [ reply ]
CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability 2013-08-29
kerem kocaer gmail com
Application Performance Guard
Vendor CapaSystems
Link http://www.capasystems.com/it-performance-monitorin

Discovered by Kerem Kocaer <kerem.kocaer(at)gmail(dot)com>

Problem
-------
Path traversal vulnerability in the "download logs" section allows remote attackers to read
arb

[ more ]  [ reply ]
(Page 259 of 1747)  < Prev  254 255 256 257 258 259 260 261 262 263 264  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus