[Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager

Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15. Details ======= Product: F5 BIG-IP Application Security Manager ASM Vulnerability: Cross Site Scripting Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x...

Apache qpid DoS

Multiple asserts...

Microsoft Windows multiple security vulnerabilities

Multiple Internet Explorer vulnerabilities, VBScript Scripting Engine code execution, graphics system JPEG parsing information leakage...

F5 BIG-IP Application Security Manager crossite scripting

self-XSS...

CVE-2015-0203: Apache Qpid's qpidd can be crashed by authenticated user

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be crashed by authenticated user CVE-2015-0203 CVS: 5.2 Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30 Description: Certain unexpected protocol...

[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3123-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 13, 2015 http://www.debian.org/security/faq -...

Multiple snom IP phones vulnerabilities

Crossite scripting, CSRF, directory traversal, authentication bypass, privilege escalation, code execution, backdoor access...

HP Insight Control server deployment information disclosure

No description provided...

GNU binutils multiple security vulnerabilities

Multiple memory corruptions...

Microsoft Office multiple security vulnerabilities

Memory corruptions, index overflows, use-after-free, uninitialized pointers...

libevent integer overflow

evbuffers integer overflow...

[ MDVSA-2015:022 ] wireshark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...

[ MDVSA-2015:007 ] unrtf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:007 http://www.mandriva.com/en/support/security/ Package : unrtf Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated unrtf package fixes security vulnerabilities: Michal Zalewsk...

[ MDVSA-2015:018 ] asterisk

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:018 http://www.mandriva.com/en/support/security/ Package : asterisk Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated asterisk packages fix security vulnerability: Double free...

[ MDVSA-2015:009 ] krb5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:009 http://www.mandriva.com/en/support/security/ Package : krb5 Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated krb5 packages fix security vulnerability: In MIT krb5, when...

[ MDVSA-2015:013 ] znc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:013 http://www.mandriva.com/en/support/security/ Package : znc Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated znc packages fix security vulnerabilities: Multiple...

OpenXchange XSS

Dangerous content from application/xhtml+xml is not removed...

[SECURITY] [DSA 3118-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3118-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 05, 2015 http://www.debian.org/security/faq -...

[ MDVSA-2015:017 ] libevent

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:017 http://www.mandriva.com/en/support/security/ Package : libevent Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated libevent packages fix security vulnerability: Andrew...

Multiple znc security vulnerabilities

Multiple DoS conditions...

Open-Xchange Security Advisory 2015-01-05

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version:...

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities EMC Identifier: ESA-2014-180 CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639 Severity Rating: See below for individual scores for each...

exivw library DoS

Crash on videofiles parsing...

[ MDVSA-2015:014 ] libjpeg

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:014 http://www.mandriva.com/en/support/security/ Package : libjpeg Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated libjpeg packages fix security vulnerability: Passing a...

OpenSSL multiple security vulnerabilities

DoS, incorrect fingerprint handling, insufficient certificates validation, downgrade attacks, authentication bypass...

pwgen weak passwords generation

Weak passwords generation, weak PRNG usage...

ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities

Document Title: =============== ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1392 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

MIT Kerberos 5 DoS

NULL pointer dereference then LDAP is used...

unrtf memory corruption

Memory corruption on RTF parsing...

[ MDVSA-2015:020 ] libssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:020 http://www.mandriva.com/en/support/security/ Package : libssh Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated libssh packages fix security vulnerability: Double free...

Corel Software DLL Hijacking

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Corel Software DLL Hijacking 1. Advisory Information Title: Corel Software DLL Hijacking Advisory ID: CORE-2015-0001 Advisory URL: http://www.coresecurity.com/advisories/corel-software-dll-hijacking Date published: 2015-01-12 Dat...

libjpeg buffer overflow

Stack overrun...

libCurl headers injection

Headers injections in URL...

Apache Subversion DoS

moddavsvn NULL pointer dereference on REPORT request processing...

[USN-2454-1] Exiv2 vulnerability

========================================================================== Ubuntu Security Notice USN-2454-1 January 07, 2015 exiv2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

wireshark multiple security vulnerabilities

Memory corruptions in multiple protocols dessectors...

[USN-2459-1] OpenSSL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2459-1 January 12, 2015 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[ MDVSA-2015:008 ] pwgen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:008 http://www.mandriva.com/en/support/security/ Package : pwgen Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated pwgen package fixes security vulnerabilities: Pwgen was foun...

libssh double free vulnerability

sshpacketkexinit double free vulnerability...

ZTE Ucell 3G Modem App / Datacard privilege escalation

Weak permissions for sustem service files...

PCRE buffer overflow

Buffer overflow on regular expressions parsing...

[ MDVSA-2015:005 ] subversion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:005 http://www.mandriva.com/en/support/security/ Package : subversion Date : January 5, 2015 Affected: Business Server 1.0 Problem Description: Updated subversion packages fix security vulnerabilities: A NUL...

ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities

Document Title: =============== ZTE Datacard PCWTelecom MF180 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1405 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

[ MDVSA-2015:002 ] pcre

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:002 http://www.mandriva.com/en/support/security/ Package : pcre Date : January 5, 2015 Affected: Business Server 1.0 Problem Description: Updated pcre packages fix security vulnerability: A flaw was found in...

[ MDVSA-2015:021 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:021 http://www.mandriva.com/en/support/security/ Package : curl Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: When libcurl sends...

Strongswan DoS

DoS on IKEv2 key exchange...

Corel multiple appliucations unsafe DLL search path

Unsafe DLL search path...

EMC RSA BSAFE triple handhsake TLS attacks

Certificate is not validated on renegotiation...

[KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability

----------------------------------------------------------------------------- Mantis Bug Tracker = 1.2.17 ImportXml.php PHP Code Injection Vulnerability ----------------------------------------------------------------------------- - Software Link: http://www.mantisbt.org/ - Affected Versions: All...

EMC Replication Manager / EMC AppSync privilege escalation

Registry path is stored without quotes...