CVE-2014-3324

CVE-2014-3324 affects Cisco TelePresence Server Software 4.0(2.8). The vulnerability is in the administrative web interface login page, where insufficient input validation of certain HTTP GET/POST parameters allows unauthenticated remote attackers to inject arbitrary script/HTML (XSS). Cisco’s ad...

Microsoft July 2014 Patch Tuesday fixes 29 IE Vulnerabilities

Microsoft today issued two critical-, three important-, and one moderate-rated security bulletins in the July edition of its monthly Patch Tuesday release. The updates address 29 security vulnerabilities in the company’s Windows operating system, Internet Explorer browser, and server software. Th...

Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. Th...

DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8438/info A vulnerability has been reported to exist in the DWebPro web server software. This problem allows an attacker to view database authentication credentials by accessing a plain text file named 'http.ini'. An...

EasyCafe 2.1/2.2 Security Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19401/info EasyCafe is prone to a vulnerability that lets attackers bypass security restrictions. This issue occurs because the application fails to prevent an attacker from gaining unauthorized access to a client compute...

openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)

Multiple remote vulnerabilities in the MIT krb5 package have been fixed. They affect client as well as server software. CVE-2010-1323, CVE-2010-1324,CVE-2010-4020 and CVE-2010-4021 have been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Microsoft Releases January 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language,...

Microsoft Releases Advance Notification for December Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its December 2013 release will contain 11 bulletins. These bulletins will have severity ratings of critical and important and will be for Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft...

Microsoft Releases October 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information...

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...

Mac OS X : OS X Server < 2.2.2 Multiple Vulnerabilities

The remote Mac OS X 10.8 host has a version of OS X Server installed that is prior to 2.2.2. It is, therefore, affected by the following vulnerabilities : - Two vulnerabilities exist in the included ClamAV software, the most serious of which could allow an attacker to execute arbitrary code...

MS13-067: Description of the security update for Office Web Apps Server 2013: September 10, 2013

Resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account.IntroductionThis security update resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the...

[SECURITY] Fedora 18 Update: lighttpd-1.4.32-1.fc18

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Microsoft Releases August 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...

Apple Developer Site Compromised

Several days after taking its developer Web site down without a mention of the reason, Apple has revealed that attackers had breached the site. The company said that while it can’t rule out the theft of developers’ data, all of the sensitive personal information was encrypted. Apple posted a noti...

Mozilla Firefox - Cookie Verification Denial of Service

Mozilla Firefox - Cookie Verification Denial of Service source: https://www.securityfocus.com/bid/62969/info Mozilla Firefox is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject specia...

Google Chrome - Cookie Verification Denial of Service

Google Chrome - Cookie Verification Denial of Service source: https://www.securityfocus.com/bid/58857/info Google Chrome is prone to a denial-of-service vulnerability because it fails to verify the user supplied input. Successfully exploiting this issue will allow an attacker to inject special...

Microsoft Releases April 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...

Microsoft Releases March 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Silverlight, and Server Software as part of the Microsoft Security Bulletin summary for March 2013. These vulnerabilities could allow remote code execution, elevation of privilege, or...