AppCrashView - View Application Crashes (.wer files)

AppCrashView is a small utility for Windows Vista and Windows 7 that displays the details of all application crashes occurred in your system. The crashes information is extracted from the .wer files created by the Windows Error Reporting WER component of the operating system every time that a cra...

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)

OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. bsc912296...

openssl: only allow ephemeral RSA keys in export ciphersuites (FREAK)

It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method...

openssl security update

1.0.1e-34.7 - fix CVE-2014-3570 - incorrect computation in BNsqr - fix CVE-2014-3571 - possible crash in dtls1getrecord - fix CVE-2014-3572 - possible downgrade of ECDH ciphersuite to non-PFS state - fix CVE-2014-8275 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support f...

SPSControl v1.2 iOS - (.spc) Persistent Vulnerability

Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Vulnerability

Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP...

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection

Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection Overview Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from ...

DEBIAN-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

UBUNTU-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

Mantis Bug Tracker 1.2.17 PHP Code Injection Vulnerability

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability. ----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote...

Mantis Bug Tracker 1.2.17 PHP Code Injection

----------------------------------------------------------------------------- Mantis Bug Tracker $newId 108. $bugData = bugget $newId, true ; 109. 110. $bugLinkRegexp = '/^|^\w' . pregquote $this-source-issuelink, '/' . '\d+\b/e'; 111. $replacement = '"\1" . $this-getReplacementString "\2", "\3"...

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Note that this vulnerability is...

Design/Logic Flaw

The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...

Directory traversal

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...

CVE-2014-4844

The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...

CVE-2014-4844

The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...

CVE-2014-4844

CVE-2014-4844 affects IBM BPM and WebSphere Lombardi Edition: import/export of process applications and toolkits can be abused by remote authenticated users due to insufficient authorization checks. Affected versions include IBM BPM Standard/Express/Advanced 7.5.x, 8.0.x, and 8.5.x; the issue exi...

CVE-2014-6182

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.13.1-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2014-8502

Heap-based buffer overflow in the peprintedata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a truncated export table in a PE file...