owncloud multiple security vulnerabilities

CSRF, XSS, limitations bypass...

[slackware-security] qt (SSA:2015-111-13)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security qt SSA:2015-111-13 New qt packages are available for Slackware 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

[USN-2590-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2590-1 April 30, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] [DSA 3237-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3237-1 [email protected] http://www.debian.org/security/ Ben Hutchings April 26, 2015 http://www.debian.org/security/faq -...

HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability

Document Title: =============== HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1389 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID:...

[USN-2579-1] autofs vulnerability

========================================================================== Ubuntu Security Notice USN-2579-1 April 27, 2015 autofs vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

automount privilege escalation

Insufficient local variables filtering...

Elasticsearch directory traversal

Directory traversal via requests to /plugin...

SQLite multiple security vulnerabilities

Over 20 errors, including uninitialized memory access...

Elasticsearch vulnerability CVE-2015-3337

Summary: All Elasticsearch versions prior to 1.5.2 and 1.4.5 are vulnerable to a directory traversal attack that allows an attacker to retrieve files from the server running Elasticsearch. This vulnerability is not present in the initial installation of Elasticsearch. The vulnerability is exposed...

qt multiple security vulnerabilities

Memory corruptions on different graphics formats parsing...

icecast DoS

NULL pointer dereference on authentication by URL...

Dnsmasq 2.72 Unchecked returned value

"Dnsmasq 2.72 Unchecked returned value" Description ------------------------------------------------------------ Dnsmasq does not properly check the return value of the setupreply function called during a tcp connection by the tcprequest function. This return value is then used as a size argument...

[SECURITY] [DSA 3244-1] owncloud security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3244-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 02, 2015 http://www.debian.org/security/faq -...

[ MDVSA-2015:218 ] glibc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:218 http://www.mandriva.com/en/support/security/ Package : glibc Date : April 30, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been found and...

GNU glibc security vulnerabilities

пgethostbynamer buffer overflow, getaddrinfo race conditions...

[USN-2583-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2583-1 April 30, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

usb-creator privilege escalation

No description provided...

AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries statically compiled. The problem appears because some mmapped objects VDSO, libraries, etc. are poorly randomized in a...

librsync weak permission

Weak hash function is used...

PHP security vulnerabilities

apache2handler code execution, memory corruption on archives parsing...

[USN-2591-1] curl vulnerabilities

========================================================================== Ubuntu Security Notice USN-2591-1 April 30, 2015 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...

ProFTPD unauthorized files access

Unauthorized files copy via modcopy...

[ MDVSA-2015:210 ] qemu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:210 http://www.mandriva.com/en/support/security/ Package : qemu Date : April 27, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated qemu packages fix security vulnerabilitie...

Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities

Document Title: =============== Grindr v2.1.1 iOS Bounty 1 - Session Auth Bypass Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1419 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID:...

[USN-2593-1] Dnsmasq vulnerability

========================================================================== Ubuntu Security Notice USN-2593-1 May 04, 2015 dnsmasq vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

[ MDVSA-2015:221 ] clamav

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:221 http://www.mandriva.com/en/support/security/ Package : clamav Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Multiple vulnerabilities has been found and...

Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability

Document Title: =============== Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1447 Release Date: ============= 2015-03-13 Vulnerability Laboratory ID VL-ID: ====================================...

Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

Document Title: =============== Photo Manager Pro v4.4.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1445 Release Date: ============= 2015-03-12 Vulnerability Laboratory ID VL-ID: ====================================...

iPassword Manager v2.6 iOS - Persistent Vulnerabilities

Document Title: =============== iPassword Manager v2.6 iOS - Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1453 Release Date: ============= 2015-04-21 Vulnerability Laboratory ID VL-ID: ==================================== 14...

Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability

Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID:...

[ MDVSA-2015:224 ] ruby

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:224 http://www.mandriva.com/en/support/security/ Package : ruby Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated ruby packages fix security vulnerability: Ru...

DirectFB security vulnerabilities

Signess errors, buffer overflow, memory corruption...

FastCGI buffer overflow

Buffer overflow on fdset structure handling...

EMC Autostart data injection

Commands injection is possible...

PhotoWebsite v3.1 iOS - File Include Web Vulnerability

Document Title: =============== PhotoWebsite v3.1 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1474 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 147...

[ MDVSA-2015:223 ] directfb

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:223 http://www.mandriva.com/en/support/security/ Package : directfb Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 Problem Description: Updated directfb packages fix security...

ClamAV multiple security vulnerabilities

DoS conditions, buffer overflow, memory corruption...

[ MDVSA-2015:226 ] fcgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform...

Cherokee authentication bypass

LDAP authentication allows to authenticate with empty password...

SevDesk v1.1 iOS - Persistent Dashboard Vulnerability

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

Grindr v2.1.1 iOS - (eMail) Session Vulnerability

Document Title: =============== Grindr v2.1.1 iOS - eMail Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1426 Release Date: ============= 2015-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 1426 Commo...

[ MDVSA-2015:225 ] cherokee

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:225 http://www.mandriva.com/en/support/security/ Package : cherokee Date : May 4, 2015 Affected: Business Server 1.0 Problem Description: Updated cherokee packages fix security vulnerability: The...

XML::LibXML information leakage

Information disclosure on expandentities...

Ruby SSL checks bypass

Invalid hostname matching limplementation...

[USN-2592-1] XML::LibXML vulnerability

========================================================================== Ubuntu Security Notice USN-2592-1 May 04, 2015 libxml-libxml-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability

Document Title: =============== Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1444 Release Date: ============= 2015-03-10 Vulnerability Laboratory ID VL-ID: ====================================...

EMC SourceOne DoS

Management account lockout is possible...

ESA-2015-084: EMC AutoStart Packet Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-084: EMC AutoStart Packet Injection Vulnerability EMC Identifier: ESA-2015-084 CVE Identifier: CVE-2015-0538 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: • EMC AutoStart versions 5.4.3 and prior all...

ESA-2015-077: EMC SourceOne Email Management Account Lockout

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-077: EMC SourceOne Email Management Account Lockout Policy Vulnerability EMC Identifier: ESA-2015-077 CVE Identifier: CVE-2015-0531 Severity Rating: Medium CVSS v2 Base Score: 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N Affected products: • EMC SourceOne...