DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660, Security Vulnerabilities

SuSE 11.3 Security Update : Xen (SAT Patch Number 10018)

Xen has been updated to version 4.2.5 with additional patches to fix six security issues : Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling. (CVE-2014-9030) Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor. (CVE-2014-8867) Excessive...

Fedora 21 : xen-4.4.1-9.fc21 (2014-15951)

Excessive checking in compatibility mode hypercall argument translation, Insufficient bounding of 'REP MOVS' to MMIO emulated inside the hypervisor, fix segfaults and failures in xl migrate --debug Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on...

[SECURITY] Fedora 19 Update: xen-4.2.5-6.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 20 Update: xen-4.3.3-6.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 21 Update: xen-4.4.1-9.fc21

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

Fedora Update for xen FEDORA-2014-15995

Check the version of...

Fedora Update for xen FEDORA-2014-16017

Check the version of...

Fedora Update for xen FEDORA-2014-15503

Check the version of...

Fedora Update for xen FEDORA-2014-15521

Check the version of...

Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

[SECURITY] Fedora 20 Update: xen-4.3.3-5.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 19 Update: xen-4.2.5-5.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

Code injection

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

Code injection

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Bugs ...

Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web...

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling

ISSUE DESCRIPTION An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step. IMPACT Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack.....

CVE-2014-8660

SAP Document Management Services allows local users to execute arbitrary commands via unspecified...

CVE-2014-8660

SAP Document Management Services allows local users to execute arbitrary commands via unspecified...

Command injection

SAP Document Management Services allows local users to execute arbitrary commands via unspecified...

CVE-2014-8660

SAP Document Management Services allows local users to execute arbitrary commands via unspecified...

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...

Twitter Files Suit Over Government Restrictions on National Security Letter Data

Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow

No description provided by...

SonicWALL GMS 6 Arbitrary File Upload

No description provided by...

elgg (xss/csrf/change password) Multiple Vulnerabilities

No description provided by...

SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

No description provided by...

SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x Remote Root/SYSTEM Exploit

No description provided by...

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow PoC

No description provided by...

openSUSE Security Update : otrs (openSUSE-SU-2013:1338-1)

The ticket system OTRS was updated to 3.1.18 to fix various bugs and security issues. Update to 3.1.18 : OSA-2013-05, CVE-2013-4717, CVE-2013-4718 fixed. Fixed bug#9561 - ACL restriction with CustomerID for DynamicFields at new Ticket screen not working. Fixed bug#9425 - Wrong created...

HP Printers Information Disclosure Vulnerability (Apr 2014, Heartbleed)

A potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known...

HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information

Potential Security Impact Remote disclosure of information VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP Officejet Pro X printers and in certain Officejet Pro printers running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160)...

Yokogawa CENTUM CS3000 'BKHOdeq.exe'栈缓冲区溢出漏洞

Bugtraq ID:66111 Yokogawa CENTUM CS3000是一款生产控制系统。 Yokogawa CENTUM CS3000 'BKHOdeq.exe'处理特制报文时存在一个基于栈的缓冲区溢出，允许攻击者利用漏洞提交特殊的请求可使应用程序崩溃或执行任意代码。 0 Yokogawa CENTUM CS 3000 R3.08.50 厂商补丁： Yokogawa 用户可联系厂商获得相应的升级或补丁程序：...

Yokogawa CENTUM CS 3000 - 'BKHOdeq.exe' Remote Buffer Overflow (Metasploit)

...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow Vulnerability

This Metasploit module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow

...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow

This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003...

Threat Outbreak Alert: Fake Purchase Order Notification Email Messages on November 13, 2013

Medium Alert ID: 31769 First Published: 2013 November 14 17:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the...

CVE-2013-4653

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and...

CVE-2013-4653

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and...

Cross site scripting

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and...

CVE-2013-4653

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and...