47153 matches found
[USN-2507-1] e2fsprogs vulnerabilities
========================================================================== Ubuntu Security Notice USN-2507-1 February 23, 2015 e2fsprogs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
Freetype multiple security vulnerabilities
Multiple memory corruptions on fonts parsing...
Apache taglibs security vulnerabilities
Code executions, XXE...
[SECURITY] [DSA 3178-1] unace security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3178-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2015 http://www.debian.org/security/faq -...
unace buffer overflow
Buffer overflow on archives extraction...
[USN-2510-1] FreeType vulnerabilities
========================================================================== Ubuntu Security Notice USN-2510-1 February 24, 2015 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
Vulnerabilities in ASUS RT-G32
Hello 3APA3A! There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in ASUS Wireless Router RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G3...
[security bulletin] HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04582371 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04582371 Version: 1 HPSBST03274 rev....
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Severity: Important Vendor: The Apache Software Foundation Versions Affected: Standard Taglibs 1.2.1 The unsupported 1.0.x and 1.1.x versions may also be affected. Description: When an application uses x:parse or x:transform tags to...
[ MDVSA-2015:050 ] patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:050 http://www.mandriva.com/en/support/security/ Package : patch Date : March 2, 2015 Affected: Business Server 1.0 Problem Description: Updated patch package fixes security vulnerabilities: It was reported...
[SECURITY] [DSA 3165-1] xdg-utils security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3165-1 [email protected] http://www.debian.org/security/ Michael Gilbert February 21, 2015 http://www.debian.org/security/faq -...
libicu multiple security vulnerabilities
Multiple memory corruptions...
GNU glibc multiple security vulnerabilities
Restrictions bypass, code execution, use-after-free, DoS...
CUPS integer overflow
Integer overflow on compressed raster files parsing...
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
Hi, A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow. Affected systems have reduced the stack entropy of the processes by four. Details at:...
[USN-2522-1] ICU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2522-1 March 05, 2015 icu vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[SECURITY] [DSA 3169-1] eglibc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-3169-1 [email protected] http://www.debian.org/security/ Aurelien Jarno February 23, 2015 http://www.debian.org/security/faq -...
[USN-2511-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2511-1 February 26, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 3172-1] cups security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3172-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 25, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3170-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 [email protected] http://www.debian.org/security/ Ben Hutchings February 23, 2015 http://www.debian.org/security/faq -...
FreeBSD DoS
Integer overflow on igmp packet parsing...
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol Category: core Module: igmp Announced: 2015-02-25 Credits: Mateusz...
[ MDVSA-2015:036 ] python-django
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:036 http://www.mandriva.com/en/support/security/ Package : python-django Date : February 6, 2015 Affected: Business Server 1.0 Problem Description: Updated python-django packages fix security vulnerabilities...
Samba memory corruption
Uninitilezed pointer free'ing potentially leads to code execution...
HP SiteScope privilege escalation
No description provided...
vorbis-tools DoS
out-of-bounds read on raw files processing...
Mooplayer buffer overflow
Buffer overflow on .m3u files parsing...
HP UCMDB information disclosure
No description provided...
LG On Screen Phone authentication bypass
Authentication is IP address based...
condor code execution
Unfiltered shell characters on mailx invocation...
Apache Tomcar request spoofing
Request spoofing on chunked encoding processing...
EMC Captiva Capture information leakage
Cleartext password may be logged...
articleFR CMS 3.0.5 - XSS vulnerability
Vulnerability title: articleFR CMS 3.0.5 - XSS vulnerability Product: articleFR Vendor: http://freereprintables.com Affected version: version 3.0.5 Download link: https://github.com/articlefr/articleFR Fixed version: N/A CVE ID: CVE-2015-1363 Author: Tran Dinh Tien [email protected] & ITAS Team...
CVE-2015-1172 Wordpress-theme remote arbitrary code
Product: holdingpattern Vendor: Liftux Vulnerable Versions: 0.6 and prior Tested Version: 0.6 Advisory Publication: January 18, 2015 Vendor Notification: January 14, 2015 Public Disclosure: January 18, 2015 Vulnerability Type: Exec Code Authentication: Not required to exploit CVE Reference:...
[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a...
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS)
About the Product: BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses. Advisory Details: During a Penetration testing, Help AG auditor Ayman Abdelaziz discovered the following: 1 Stored...
Cisco WebEx Meetings Server code execution
Shell injection...
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Landesk Management Suite Cross-Site scripting vulnerabilityProduct: Landesk Management Suite Vulnerable Versions: 9.5 possible previous versions, 9.6 Tested Version: 9.5 Advisory Publication: Feb 02, 2015 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5360...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
liveMedia integer overflow
Integer overflow on RTSP parsing...
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: • EMC Documentum D2 3.1 and all patch versions • EMC Documentum D2 3.1 SP1 and all patch versions • E...
[security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04539443 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04539443 Version: 3 HPSBMU03232 rev....
[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04553906 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04553906 Version: 1 HPSBMU03239 rev....
IBM Endpoint Manager crossite scripting
Relay Diagnostics crossite scripting...
[ MDVSA-2015:030 ] bugzilla
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:030 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : February 5, 2015 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerability: Some code ...
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5
CVE-2015-1467 Fork CMS - SQL Injection in Version 3.8.5 ---------------------------------------------------------------- Product Information: Software: Fork CMS Tested Version: 3.8.5, released on Wednesday 14 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link to tested version:...
Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC
!/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Vendor site: https://mooplayer.jaleco.com/ Version: 1.3.0...
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...
[SECURITY] [DSA 3149-1] condor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...
[ MDVSA-2015:037 ] vorbis-tools
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:037 http://www.mandriva.com/en/support/security/ Package : vorbis-tools Date : February 6, 2015 Affected: Business Server 1.0 Problem Description: Updated vorbis-tools package fixes security vulnerability:...