[SECURITY] [DSA 3134-1] sympa security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3134-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2015 http://www.debian.org/security/faq -...

[USN-2469-1] Django vulnerabilities

========================================================================== Ubuntu Security Notice USN-2469-1 January 13, 2015 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

CVE-2014-4835

The CVE-2014-4835 issue affects IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63. The root cause is credentials being written to log files, enabling a local user to read sensitive information. Impact is partial confidentiality...

CVE-2014-4835

IBM ServerGuide before 9.63, UpdateXpress System Packs Installer UXSPI before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file...

PYSEC-2015-6

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service memory consumption via a long line in a file...

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2469-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2469-1 advisory. Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers i...

CVE-2014-10010

Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the id parameter in a pjActionDownload action to the pjBackup controller...

PT-2015-02: Arbitrary File Reading in Arbor Peakflow SP

The specialists of the Positive Research center have detected an Arbitrary File Reading vulnerability in Arbor Peakflow SP. The vulnerability allows remote attackers to read arbitrary files. How to fix Update your system up to the latest version Advisory status 13.01.2015 - Vendor gets...

CVE-2014-9427

sapi/cgi/cgimain.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a character and lacks a newline character, whi...

CVE-2014-8452

Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-9301

Server-side request forgery SSRF vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. Recent assessments:...

CVE-2014-7816

Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. dot dot in a resource URI...

CVE-2014-8552

The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets...

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

CVE-2013-0347

The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file...

CVE-2014-3209

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file...

CVE-2014-8510

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance IWSVA before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters...

CVE-2014-7177

CVE-2014-7177 : Enalean Tuleap

CVE-2014-8519

McAfee Network Data Loss Prevention (NDLP)

CVE-2014-4447

Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a 1 profile setup or 2 profile edit occurs...