SUSE-SU-2015:1404-1 security update for xen

This security update of Xen fixes the following issues: bsc939712 XSA-140: QEMU leak of uninitialized heap memory in rtl8139 device model CVE-2015-5165 bsc939709 XSA-139: Use after free in QEMU/Xen block unplug protocol CVE-2015-5166...

Kaseya Virtual System Administrator Multiple Vulnerabilities - Active Check

Kaseya Virtual System Administrator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NetFlow Analyzer fails to restrict access permissions

Overview NetFlow Analyzer provided by Zoho Corporation fails to restrict access permissions. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Administrative operations, for...

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability CVE Identifier: CVE-2015-0540 Severity Rating: CVSSv2 Base Score: 8.0 AV:N/AC:L/Au:S/C:P/I:P/A:C Affected products: • EMC Document Sciences xPression 4.2 • EMC Document Sciences...

MGASA-2015-0135 Updated suricata packages fix security vulnerabilities

Updated suricata packages fix security vulnerability: It was reported that libhtp handling of streams in error state could lead to NULL pointer dereference, leading to caller crash. Suricata Intrusion Detection System embeds libhtp, and is one of the affected components...

MiniBB 3.1 - Blind SQL Injection

Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9254 Category: webapps 1. Description pregmatch only check if $GET'code'...

Cisco OpenH264 Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can force a dangling pointer to be referenced after it...

Cisco OpenH264 Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on applications using vulnerable versions of Cisco OpenH264. The specific flaw exists within the decoder logic. By providing malformed H.264 data to the decoder, an attacker can overwrite a heap buffer. This could result in the...

IBM Fixes Serious Code Execution Bug in Endpoint Manager Product

IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered...

SUSE-SU-2015:1177-1 Security update for MySQL

This MySQL update provides the following: upgrade to version 5.5.39, bnc887580 CVE's fixed: CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243 See also:...

MGASA-2014-0321 Updated eet packages fix security vulnerability

Integer overflow in the LZ4 algorithm implementation on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an AP...

[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04369484 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04369484 Version: 1 HPSBHF02913 rev....

Cisco Patches XSS Flaw in Security Appliances

There’s a reflected cross-site scripting vulnerability in a variety of Cisco security appliances that enables a remote, unauthenticated attacker to execute arbitrary code in the context of the user. The vulnerability affects the Cisco Email Security Appliance, the Cisco Web Security Appliance and...

Threat Outbreak Alert: Fake Security Software Patch Email Messages on May 20, 2014

Medium Alert ID: 34300 First Published: 2014 May 20 15:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a security software program for the recipient. The text in the email message attempts to convince the recipient to...

SRTT Vulnerability in BIND Software Puts DNS Protocol Security At Risk

After the Heartbleed bug that exposed half of the Internet vulnerable to hackers thereby marking as one of the largest Internet vulnerability in recent history, the critical flaw in the implementation of the DNS protocol could also represent a serious menace to the Internet security. A Serious...

[security bulletin] HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04140965 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04140965 Version: 1 HPSBMU02971 rev....

MGASA-2014-0067 Updated mpg123 packages fix a buffer overflow

Updated mpg123 packages fix security vulnerability: mpg123 1.14.1 and later are vulnerable to a buffer overflow that could allow a maliciously crafted audio file to crash applications that use the libmpg123 library. mpg123 has been updated to version 1.18.0, which fixes this issue, as well as...

MGASA-2013-0339 Updated memcached packages fix CVE-2011-4971

Updated memcached packages fix security vulnerability: Memcached is vulnerable to a denial of service as it can be made to crash when it receives a specially crafted packet over the network CVE-2011-4971. The updated packages have been upgraded to the 1.4.15 version and patched to resolve this fl...

Oracle Java multiple security vulnerabilities

40 different vulnerabilities...

Easy to buy program SQL injection vulnerability-vulnerability warning-the black bar safety net

Easy to buy management system is a positioning high-end market group buying content management system,to the lowest cost,minimal human input in the shortest time to set up a fully functional, excellent performance, huge size and easy to maintain website platform. Not filtered lead injection ! ! T...