F5 BIG-IP Application Security Manager crossite scripting

self-XSS...

CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be crashed by authenticated user CVE-2015-0203 CVS: 5.2 Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30 Description: Certain unexpected protocol...

Multiple snom IP phones vulnerabilities

Crossite scripting, CSRF, directory traversal, authentication bypass, privilege escalation, code execution, backdoor access...

SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi

SEC Consult Vulnerability Lab Security Advisory 20150113-2 ======================================================================= title: Cross-Site Request Forgery product: Kodi/XBMC vulnerable version: XBMC/Kodi =14 fixed version: no fixed version available impact: medium homepage:...

GNU binutils multiple security vulnerabilities

Multiple memory corruptions...

[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3123-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 13, 2015 http://www.debian.org/security/faq -...

[security bulletin] HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04537915 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04537915 Version: 1 HPSBMU03230 rev....

HP Insight Control server deployment information disclosure

No description provided...

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, VBScript Scripting Engine code execution, graphics system JPEG parsing information leakage...

SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones

SEC Consult Vulnerability Lab Security Advisory 20150113-0 ======================================================================= title: Multiple critical vulnerabilities product: snom IP phones vulnerable version: all firmware versions 8.7.5.15, all firmware branches of all snom desktop IP phon...

unrtf memory corruption

Memory corruption on RTF parsing...

MIT Kerberos 5 DoS

NULL pointer dereference then LDAP is used...

[ MDVSA-2015:021 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:021 http://www.mandriva.com/en/support/security/ Package : curl Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: When libcurl sends...

Open-Xchange Security Advisory 2015-01-05

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version:...

Corel multiple appliucations unsafe DLL search path

Unsafe DLL search path...

Strongswan DoS

DoS on IKEv2 key exchange...

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities EMC Identifier: ESA-2014-180 CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639 Severity Rating: See below for individual scores for each...

Multiple znc security vulnerabilities

Multiple DoS conditions...

[ MDVSA-2015:013 ] znc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:013 http://www.mandriva.com/en/support/security/ Package : znc Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated znc packages fix security vulnerabilities: Multiple...

libjpeg buffer overflow

Stack overrun...

Apache Subversion DoS

moddavsvn NULL pointer dereference on REPORT request processing...

ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities

Document Title: =============== ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1392 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] [DSA 3118-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3118-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 05, 2015 http://www.debian.org/security/faq -...

ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities

Document Title: =============== ZTE Datacard PCWTelecom MF180 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1405 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

[ MDVSA-2015:017 ] libevent

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:017 http://www.mandriva.com/en/support/security/ Package : libevent Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated libevent packages fix security vulnerability: Andrew...

[ MDVSA-2015:018 ] asterisk

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:018 http://www.mandriva.com/en/support/security/ Package : asterisk Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated asterisk packages fix security vulnerability: Double free...

OpenSSL multiple security vulnerabilities

DoS, incorrect fingerprint handling, insufficient certificates validation, downgrade attacks, authentication bypass...

[ MDVSA-2015:002 ] pcre

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:002 http://www.mandriva.com/en/support/security/ Package : pcre Date : January 5, 2015 Affected: Business Server 1.0 Problem Description: Updated pcre packages fix security vulnerability: A flaw was found in...

[USN-2459-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2459-1 January 12, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

PCRE buffer overflow

Buffer overflow on regular expressions parsing...

ZTE Ucell 3G Modem App / Datacard privilege escalation

Weak permissions for sustem service files...

[ MDVSA-2015:009 ] krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:009 http://www.mandriva.com/en/support/security/ Package : krb5 Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated krb5 packages fix security vulnerability: In MIT krb5, when...

Corel Software DLL Hijacking

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Corel Software DLL Hijacking 1. Advisory Information Title: Corel Software DLL Hijacking Advisory ID: CORE-2015-0001 Advisory URL: http://www.coresecurity.com/advisories/corel-software-dll-hijacking Date published: 2015-01-12 Dat...

[ MDVSA-2015:007 ] unrtf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:007 http://www.mandriva.com/en/support/security/ Package : unrtf Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated unrtf package fixes security vulnerabilities: Michal Zalewsk...

[ MDVSA-2015:005 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:005 http://www.mandriva.com/en/support/security/ Package : subversion Date : January 5, 2015 Affected: Business Server 1.0 Problem Description: Updated subversion packages fix security vulnerabilities: A NUL...

[ MDVSA-2015:014 ] libjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:014 http://www.mandriva.com/en/support/security/ Package : libjpeg Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated libjpeg packages fix security vulnerability: Passing a...

OpenXchange XSS

Dangerous content from application/xhtml+xml is not removed...

exivw library DoS

Crash on videofiles parsing...

libevent integer overflow

evbuffers integer overflow...

[ MDVSA-2015:022 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...

wireshark multiple security vulnerabilities

Memory corruptions in multiple protocols dessectors...

[ MDVSA-2015:020 ] libssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:020 http://www.mandriva.com/en/support/security/ Package : libssh Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated libssh packages fix security vulnerability: Double free...

libssh double free vulnerability

sshpacketkexinit double free vulnerability...

libCurl headers injection

Headers injections in URL...

[USN-2454-1] Exiv2 vulnerability

========================================================================== Ubuntu Security Notice USN-2454-1 January 07, 2015 exiv2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[ MDVSA-2015:008 ] pwgen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:008 http://www.mandriva.com/en/support/security/ Package : pwgen Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated pwgen package fixes security vulnerabilities: Pwgen was foun...

pwgen weak passwords generation

Weak passwords generation, weak PRNG usage...

[KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability

-------------------------------------------------------------- Osclass = 3.4.2 ajax.php Local File Inclusion Vulnerability -------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior versions. -...

EMC RSA BSAFE triple handhsake TLS attacks

Certificate is not validated on renegotiation...

EMC Replication Manager / EMC AppSync privilege escalation

Registry path is stored without quotes...