DP300,TE60,TP3106,ViewPoint 9030,eCNS210 TD,eSpace 7950,eSpace IAD,eSpace U1981 Security Vulnerabilities

Fedora Update for xen FEDORA-2014-15503

Check the version of...

Fedora Update for xen FEDORA-2014-15521

Check the version of...

Fedora 19 : xen-4.2.5-5.fc19 (2014-15503)

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

Fedora 20 : xen-4.3.3-5.fc20 (2014-15521)

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen Note that Tenable...

[SECURITY] Fedora 20 Update: xen-4.3.3-5.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

[SECURITY] Fedora 19 Update: xen-4.2.5-5.fc19

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

Code injection

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-8420

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

Code injection

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted...

CVE-2014-9030

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. Bugs ...

Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web...

Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling

ISSUE DESCRIPTION An error handling path in the processing of MMU_MACHPHYS_UPDATE failed to drop a page reference which was acquired in an earlier processing step. IMPACT Malicious or buggy stub domain kernels or tool stacks otherwise living outside of Domain0 can mount a denial of service attack.....

Security Advisory-Bash Code Injection Vulnerability

This security advisory (SA) describes the impact of 6 Bash vulnerabilities discovered in third-party software (Vulnerability ID: HWPSIRT-2014-0951). 1.OS Command Injections vulnerability (CVE-2014-6271). GNU Bash through 4.3 processes trailing strings after function definitions in the values of...

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816) These vulnerabilities are referenced in this document as follows: 1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in...

Twitter Files Suit Over Government Restrictions on National Security Letter Data

Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free...

PayPal France Mail Encoding Script Insertion

...

PayPal Inc BB #70 FR - Persistent Mail Vulnerability

...

PayPal Inc BB #70 FR - Persistent Mail Vulnerability

...

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability

Description GNU Bash is prone to remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Advantech EKI-1320 1.98 ...

VxWorks WDB Agent 远程内存读取漏洞

VxWorks安全初探 404@KnownSec 0x00 前言 关于VxWorks，这里引用44CON议题《攻击 VxWorks：从石器时代到星际》探究 一文章中的介绍： VxWorks 是世界上使用最广泛的一种在嵌入式系统中部署的实时操作系统，是由美国WindRiver公司（简称风河公司，即WRS 公司）于1983年设计开发的。其市场范围跨越所有的安全关键领域，仅举几例，包括火星好奇心流浪者、波音787梦幻客机、网络路由器。这些应用程序的安全高危性质使得VxWorks的安全被高度关注。 VxWorks操作系统是由美国Wind...

Security Advisory-Apache Struts2 vulnerability on Huawei multiple products

Some versions of Apache Struts2 software used in Huawei devices have security vulnerabilities. A patch released for the software to fix vulnerabilities CVE-2014-0050 and CVE-2014-0094 has the risk of being bypassed. (Vulnerability ID: HWPSIRT-2014-0420) This Vulnerability has been assigned Common.....

Photo Server 2.0 iOS - Multiple Vulnerabilities

No description provided by...

Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation

No description provided by...

FdWeB Espace Membre <= 2.01 (path) Remote File Include Exploit

No description provided by...

SonicWALL GMS 6 Arbitrary File Upload

No description provided by...

elgg (xss/csrf/change password) Multiple Vulnerabilities

No description provided by...

CesarFTP 0.99 g Remote CWD Denial of Service Vulnerability

No description provided by...

SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

No description provided by...

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow PoC

No description provided by...

SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x Remote Root/SYSTEM Exploit

No description provided by...

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory (SA) describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability (CVE-2014-0224). An unauthenticated, remote attacker with the ability to...

openSUSE Security Update : otrs (openSUSE-SU-2013:1338-1)

The ticket system OTRS was updated to 3.1.18 to fix various bugs and security issues. Update to 3.1.18 : OSA-2013-05, CVE-2013-4717, CVE-2013-4718 fixed. Fixed bug#9561 - ACL restriction with CustomerID for DynamicFields at new Ticket screen not working. Fixed bug#9425 - Wrong created...

Localize: User credentials are sent in clear text

Vulnerability description User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users. This vulnerability affects /pages/sign_up. Discovered by: MANUALLY Attack details...

Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products

Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private.....

Huawei eSpace Meeting Service 'eMservice.exe'本地权限提升漏洞

Bugtraq ID:66107 Huawei eSpace Meeting是一款移动视频解决方案。 Huawei eSpace Meeting产品的用户权限设置不合理。获取普通用户权限的攻击者，可以通过特定的操作，提升权限并访问和设置某些关键资源。 0 Huawei eSpace Meeting 1.x 厂商补丁： Huawei Huawei eSpace Meeting V100R001C03SPC202已经修复该漏洞，建议用户下载更新：...

Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation

Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege...

Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation

...

Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation

Huawei Technologies eSpace Meeting Service version 1.0.0.23 suffers from a local privilege escalation...

Huawei eSpace Meeting Service 1.0.0.23 Privilege Escalation

...

Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation

Title: Huawei Technologies eSpace Meeting Service 1.0.0.23 Local Privilege Escalation Advisory ID: ZSL-2014-5171 Type: Local Impact: Privilege Escalation Risk: (3/5) Release Date: 10.03.2014 Summary Huawei's eSpace Meeting solution fully meets the needs of enterprise customers for an integrated...

Security Advisory-Improper User Permission Setting Vulnerability in Huawei eSpace Meeting

User permissions are not properly set on Huawei eSpace Meeting. Attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. (HWPSIRT-2014-0241). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID:...

RSA Conference 2014 Art Coviello RSA keynote

SAN FRANCISCO – RSA Security executive chairman Art Coviello today at RSA Conference 2014 made his first public comments about the security company’s relationship with the National Security Agency, painting the landmark firm as a victim of the spy agency’s blurring of the lines between its...

Threat Outbreak Alert: Fake Online Order Details Email Messages on February 8, 2014

Medium Alert ID: 32785 First Published: 2014 February 10 18:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to French-language spam email messages that claim to contain an online order notification for the recipient. The text in the email message attempts to...

Threat Outbreak Alert: Fake Purchase Order Notification Email Messages on November 13, 2013

Medium Alert ID: 31769 First Published: 2013 November 14 17:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the...