47153 matches found
[SECURITY] [DSA 3165-1] xdg-utils security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3165-1 [email protected] http://www.debian.org/security/ Michael Gilbert February 21, 2015 http://www.debian.org/security/faq -...
[ MDVSA-2015:050 ] patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:050 http://www.mandriva.com/en/support/security/ Package : patch Date : March 2, 2015 Affected: Business Server 1.0 Problem Description: Updated patch package fixes security vulnerabilities: It was reported...
Freetype multiple security vulnerabilities
Multiple memory corruptions on fonts parsing...
Apache taglibs security vulnerabilities
Code executions, XXE...
[SECURITY] [DSA 3178-1] unace security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3178-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 02, 2015 http://www.debian.org/security/faq -...
unace buffer overflow
Buffer overflow on archives extraction...
[security bulletin] HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04582371 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04582371 Version: 1 HPSBST03274 rev....
[USN-2510-1] FreeType vulnerabilities
========================================================================== Ubuntu Security Notice USN-2510-1 February 24, 2015 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Severity: Important Vendor: The Apache Software Foundation Versions Affected: Standard Taglibs 1.2.1 The unsupported 1.0.x and 1.1.x versions may also be affected. Description: When an application uses x:parse or x:transform tags to...
Vulnerabilities in ASUS RT-G32
Hello 3APA3A! There are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in ASUS Wireless Router RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G3...
[SECURITY] [DSA 3167-1] sudo security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...
libicu multiple security vulnerabilities
Multiple memory corruptions...
GNU glibc multiple security vulnerabilities
Restrictions bypass, code execution, use-after-free, DoS...
[SECURITY] [DSA 3169-1] eglibc security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-3169-1 [email protected] http://www.debian.org/security/ Aurelien Jarno February 23, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3172-1] cups security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3172-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 25, 2015 http://www.debian.org/security/faq -...
CUPS integer overflow
Integer overflow on compressed raster files parsing...
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
Hi, A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow. Affected systems have reduced the stack entropy of the processes by four. Details at:...
[USN-2511-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-2511-1 February 26, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-2522-1] ICU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2522-1 March 05, 2015 icu vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[SECURITY] [DSA 3170-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3160-1 [email protected] http://www.debian.org/security/ Ben Hutchings February 23, 2015 http://www.debian.org/security/faq -...
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:04.igmp Security Advisory The FreeBSD Project Topic: Integer overflow in IGMP protocol Category: core Module: igmp Announced: 2015-02-25 Credits: Mateusz...
FreeBSD DoS
Integer overflow on igmp packet parsing...
[ MDVSA-2015:037 ] vorbis-tools
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:037 http://www.mandriva.com/en/support/security/ Package : vorbis-tools Date : February 6, 2015 Affected: Business Server 1.0 Problem Description: Updated vorbis-tools package fixes security vulnerability:...
[SECURITY] [DSA 3156-1] liblivemedia security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3156-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini February 07, 2015 http://www.debian.org/security/faq -...
[ MDVSA-2015:036 ] python-django
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:036 http://www.mandriva.com/en/support/security/ Package : python-django Date : February 6, 2015 Affected: Business Server 1.0 Problem Description: Updated python-django packages fix security vulnerabilities...
articleFR CMS 3.0.5 - Arbitrary File Upload
Vulnerability title: articleFR CMS 3.0.5 - Arbitrary File Upload Product: articleFR CMS Vendor: http://freereprintables.com Affected version: version 3.0.5 Fixed version: N/A Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn ::DESCRITION:: - Vulnerabilities related to the upload ...
Samba memory corruption
Uninitilezed pointer free'ing potentially leads to code execution...
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability EMC Identifier: EMC-2015-012 CVE Identifier: CVE-2015-0519 Severity Rating: CVSS v2 Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C Affected products: • EMC Captiva Capture 7....
HP SiteScope privilege escalation
No description provided...
articleFR CMS 3.0.5 - SQL injection vulnerability
Vulnerability title: articleFR CMS 3.0.5 - SQL injection vulnerability Product: articleFR Vendor: http://freereprintables.com Affected version: version 3.0.5 Download link: https://github.com/articlefr/articleFR Fixed version: N/A CVE ID: CVE-2015-1364 Author: Tran Dinh Tien [email protected] &...
LG On Screen Phone authentication bypass (CVE-2014-8757)
LG On Screen Phone authentication bypass vulnerability ------------------------------------------------------ SEARCH-LAB Ltd. discovered a serious security vulnerability in the On Screen Phone protocol used by LG Smart Phones. A malicious attacker is able to bypass the authentication phase of the...
vorbis-tools DoS
out-of-bounds read on raw files processing...
Mooplayer buffer overflow
Buffer overflow on .m3u files parsing...
HP UCMDB information disclosure
No description provided...
LG On Screen Phone authentication bypass
Authentication is IP address based...
condor code execution
Unfiltered shell characters on mailx invocation...
Apache Tomcar request spoofing
Request spoofing on chunked encoding processing...
EMC Captiva Capture information leakage
Cleartext password may be logged...
Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC
!/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Vendor site: https://mooplayer.jaleco.com/ Version: 1.3.0...
[SECURITY] [DSA 3149-1] condor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3149-1 [email protected] http://www.debian.org/security/ Sebastien Delafond February 02, 2015 http://www.debian.org/security/faq -...
articleFR CMS 3.0.5 - XSS vulnerability
Vulnerability title: articleFR CMS 3.0.5 - XSS vulnerability Product: articleFR Vendor: http://freereprintables.com Affected version: version 3.0.5 Download link: https://github.com/articlefr/articleFR Fixed version: N/A CVE ID: CVE-2015-1363 Author: Tran Dinh Tien [email protected] & ITAS Team...
Radexscript CMS 2.2.0 - SQL Injection vulnerability
Vulnerability title: Radexscript CMS 2.2.0 - SQL Injection vulnerability Vendor: http://redaxscript.com/ Product: Radexscript CMS Software link: http://redaxscript.com/download/releases Affected version: Redaxscript 2.2.0 Fixed version: Redaxscript 2.3.0 CVE ID: CVE-2015-1518 Author: Pham Kien...
CVE-2015-1172 Wordpress-theme remote arbitrary code
Product: holdingpattern Vendor: Liftux Vulnerable Versions: 0.6 and prior Tested Version: 0.6 Advisory Publication: January 18, 2015 Vendor Notification: January 14, 2015 Public Disclosure: January 18, 2015 Vulnerability Type: Exec Code Authentication: Not required to exploit CVE Reference:...
[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
Advisory: Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page During a penetration test, RedTeam Pentesting discovered that the IBM Endpoint Manager Relay Diagnostics page allows anybody to persistently store HTML and JavaScript code that is executed when the page is opened in a...
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS)
About the Product: BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses. Advisory Details: During a Penetration testing, Help AG auditor Ayman Abdelaziz discovered the following: 1 Stored...
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...
Cisco WebEx Meetings Server code execution
Shell injection...
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Landesk Management Suite Cross-Site scripting vulnerabilityProduct: Landesk Management Suite Vulnerable Versions: 9.5 possible previous versions, 9.6 Tested Version: 9.5 Advisory Publication: Feb 02, 2015 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5360...
liveMedia integer overflow
Integer overflow on RTSP parsing...
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities EMC Identifier: ESA-2015-010 CVE Identifier: CVE-2015-0517, CVE-2015-0518 Affected products: • EMC Documentum D2 3.1 and all patch versions • EMC Documentum D2 3.1 SP1 and all patch versions • E...