AST-2015-001: File descriptor leak when incompatible codecs are offered

Asterisk Project Security Advisory - AST-2015-001 Product Asterisk Summary File descriptor leak when incompatible codecs are offered Nature of Advisory Resource exhaustion Susceptibility Remote Authenticated Sessions Severity Major Exploits Known No Reported On 6 January, 2015 Reported By Y Ateya...

Pexip Infinity static ssh keys

Static ssh key is used on nodes creation...

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-013 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19...

FreeBSD Security Advisory FreeBSD-SA-15:03.sctp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:03.sctp Security Advisory The FreeBSD Project Topic: SCTP stream reset vulnerability Category: core Module: sctp Announced: 2015-01-27 Credits: Gerasimos...

FreeBSD security vulnerabilities

Memory corruption, memory disclosure, DoS on SCTP handling...

[CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FreeBSD Kernel Multiple Vulnerabilities 1. Advisory Information Title: FreeBSD Kernel Multiple Vulnerabilities Advisory ID: CORE-2015-0003 Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-multiple-vulnerabilities...

[CORE-2015-0002] - Android WiFi-Direct Denial of Service

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Android WiFi-Direct Denial of Service 1. Advisory Information Title: Android WiFi-Direct Denial of Service Advisory ID: CORE-2015-0002 Advisory URL: http://www.coresecurity.com/advisories/android-wifi-direct-denial-service Date...

APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 are now available and address the following: WebKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10...

Privoxy use-after-free

Multiple use-after-free cases...

Two XSS Vulnerabilities in SupportCenter Plus

Advisory ID: HTB23247 Product: SupportCenter Plus Vendor: Zoho Corp. Vulnerable Versions: 7.9 and probably prior Tested Version: 7.9 Advisory Publication: January 7, 2015 without technical details Vendor Notification: January 7, 2015 Vendor Patch: January 23, 2015 Public Disclosure: January 28,...

Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385

Information ------------ Advisory by Netsparker Name: XSS Vulnerability in Blubrry PowerPress Affected Software : Blubrry PowerPress Affected Versions: 6.0 and possibly below Vendor Homepage : https://wordpress.org/plugins/powerpress/ Vulnerability Type : Cross-site Scripting Severity : Important...

Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow

Qualys Security Advisory CVE-2015-0235 GHOST: glibc gethostbyname buffer overflow -- Contents ---------------------------------------------------------------- 1 - Summary 2 - Analysis 3 - Mitigating factors 4 - Case studies 5 - Exploitation 6 - Acknowledgments -- 1 - Summary...

[SECURITY] [DSA 3145-1] privoxy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3145-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 30, 2015 http://www.debian.org/security/faq -...

[SYSS-2014-012] FancyFon FAMOC - Session Fixation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-012 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Session Fixation CWE-384 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2015-01-...

Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in Banner Effect Header Affected Software : Banner Effect Header Affected Versions: 1.2.7 and possibly below Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/ Vulnerability Type : Cross-site Scripting...

WebKitGTK+ Security Advisory WSA-2015-0001

------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2015-0001 ------------------------------------------------------------------------ Date reported : January 26, 2015 Advisory ID : WSA-2015-0001 Advisory URL :...

[The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360)

Hi, This is part 12 of the ManageOwnage series. For previous parts, see 1. This time we have an arbitrary file download, directory content disclosure and blind SQL injection vulnerabilities in ManageEngine OpManager, Applications Manager and IT360. I've pushed two new Metasploit modules into the...

Reflected XSS vulnarbility in Asus RT-N10 Plus Router

Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router Author: Kaustubh G. Padwad Product: ASUS Router RT-N10 Plus Firmware: 2.1.1.1.70 Severity: Medium Auth: Requierd Description: Vulnerable Parameter: flag= Vulnerability Class: Cross Site Scripting...

[USN-2476-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2476-1 January 26, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-002 CVE Identifier: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901, CVE-2013-1902, CVE-2012-5885, CVE-2011-3389, CVE-2013-1767, CVE-2012-2137,...

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine...

Apple Mac OS X multiple security vulnerabilities

Protection bypass, memory corruptions, buffer overflows, code execution, crossite access, information disclosure...

Google Chrome / Chromium multiple security vulnerabilities

Multiple vulnerabilities on HTML and different formats parsing...

GNU glibc gethostbyname functions buffer overflow

Buffer overflow in nsshostnamedigitsdots...

Apple Safari / Webkit multiple security vulnerabilities

Multiple memory corruptions...

REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability

================================================================================ REWTERZ-20140101 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus...

CVE-2015-1175-xss-prestashop

CVE-2015-1175-xss-prestashop Information ——————– Advisory by Octogence. Name: Reflected XSS Vulnerability in prestashop ecommerce software Affected Software : Prestashop Affected Versions: 1.6.0.9 and possibly below Vendor Homepage : https://www.prestashop.com/ Vulnerability Type : Cross-site...

[SECURITY] [DSA 3133-1] privoxy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq -...

Program-O v2.4.6 - Multiple Web Vulnerabilities

Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 1414 Commo...

CVE-2015-1179-xss-mango-automation-scada

CVE-2015-1179-xss-mango-automation-scada Information ----------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software Affected Software : Mango Automation Affected Versions: 2.4.0 and possibly below Vendor Homepage : http://infiniteautomation.com/...

Samba privilege escalation

Active Directory user can get UFSERVERTRUSTACCOUNT bit...

Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP security vulnerabilities

SQL injections, crossite scripting, information disclosure, protection bypass...

AVM FRITZ!Box protection bypass

Image integrity protection bypass...

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP

SEC Consult Vulnerability Lab Security Advisory 20150122-0 ======================================================================= title: Multiple critical vulnerabilities products: Symantec Data Center Security: Server Advanced SDCS:SA Symantec Critical System Protection SCSP vulnerable version:...

PhotoSync v1.1.3 Android - Command Inject Vulnerability

Document Title: =============== PhotoSync v1.1.3 Android - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1410 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 14...

[SECURITY] [DSA 3134-1] sympa security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3134-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2015 http://www.debian.org/security/faq -...

Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...

REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...

MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

Mogwai Security Advisory MSA-2015-01 ---------------------------------------------------------------------- Title: WP Pixarbay Images Multiple Vulnerabilities Product: Pixarbay Images Wordpress Plugin Affected versions: 2.3 Impact: high Remote: yes Product link:...

[oCERT-2015-001] JasPer input sanitization errors

2015-001 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpcdecprocesssot, leading to a heap based buffer overflow, as well as multiple...

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

Document Title: =============== Remote Desktop v0.9.4 Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1413 Release Date: ============= 2015-01-20 Vulnerability Laboratory ID VL-ID: ====================================...

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

Advisory: AVM FRITZ!Box: Firmware Signature Bypass The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if t...

CVE-2015-1180-xss-eventsentry

CVE-2015-1180-xss-eventsentry Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface Affected Software : EventSentry Affected Versions: 3.1.0 and possibly below Vendor Homepage : http://eventsentry.com/ Vulnerability Type :...

[USN-2482-1] elfutils vulnerability

========================================================================== Ubuntu Security Notice USN-2482-1 January 23, 2015 elfutils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2015-1177-xss-exponent

CVE-2015-1177-xss-exponent Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Exponent CMS Affected Software : Exponent Affected Versions: 2.3.2 and possibly below Vendor Homepage : http://www.exponentcms.org/ Vulnerability Type : Cross-site Scripting Severit...

PhotoSync 1.1.3 Android - Command Inject Vulnerability

Document Title: =============== PhotoSync 1.1.3 Android - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1410 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 141...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[USN-2481-1] Samba vulnerability

========================================================================== Ubuntu Security Notice USN-2481-1 January 22, 2015 samba vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Different iOS / Android applications vulnerabilities

Information leaks, code execution, protection bypass, etc...

CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability

CVE-2015-1032 A cross-site scripting vulnerability in the "Kiwix" zim file reader was discovered by Emmanuel Engelhart on 31 October 2014, and was reported on Sourceforge here: http://sourceforge.net/p/kiwix/bugs/763/ This vulnerability does not affect most users of the program, only those using...