[USN-2436-1] X.Org X server vulnerabilities

========================================================================== Ubuntu Security Notice USN-2436-1 December 09, 2014 xorg-server, xorg-server-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of...

[oss-security] PowerDNS Security Advisory 2014-02

Hi everybody, Please be aware of PowerDNS Security Advisory 2014-02 http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/, which you can also find below. The good news is that the currently released version of the PowerDNS Recursor is safe. The bad news is that users of older versions wi...

[USN-2435-1] Graphviz vulnerability

========================================================================== Ubuntu Security Notice USN-2435-1 December 09, 2014 graphviz vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

FreeBSD Security Advisory FreeBSD-SA-14:27.stdio

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:27.stdio Security Advisory The FreeBSD Project Topic: Buffer overflow in stdio Category: core Module: libc Announced: 2014-12-10 Credits: Adrian Chadd and...

FreeBSD Security Advisory FreeBSD-SA-14:28.file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:28.file Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in file1 and libmagic3 Category: contrib Module: file Announced: 2014-12-10...

FreeBSD stdlib fflush vulnereability

Under some condition, heap buffer overflow can be caused by invalid fflush behavior...

FreeBSD Security Advisory FreeBSD-SA-14:29.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:29.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service vulnerability Category: contrib Module: bind Announced: 2014-12-10 Credits...

ISC bind named DoS

Crash on recursive query parsing. Crash on GeoIP handling...

[oss-security] CVE question: Return of POODLE

Hi All, Before i ask my question: It seems some TLS implementations may be vulnerable to POODLE like attack if they use SSL 3.0 type padding and the padding bytes are not checked by the implementation. https://www.imperialviolet.org/2014/12/08/poodleagain.html...

OpenSSL multiple security vulnerabilities

Poodle attack. Protocol version downgrade to SSL 3.0. Memory leaks in SRTP and session tickets. Insufficient no-ssl3 protection. Data leakage via padding attack...

qemu multiple security vulnerabilities

Multiple memory corruptions, DoS, information leakage...

[oCERT-2014-009] JasPer input sanitization errors

2014-009 JasPer input sanitization errors Description: The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by two heap-based buffer overflows which can lead to arbitrary code execution. The vulnerability is present in functions jpcdeccpsetfromcox a...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Memory corruptions, buffer overflows, information leakage, DoS, privilege escalation...

ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-156: EMC Documentum Content Server Insecure Direct Object Reference Vulnerability EMC Identifier: ESA-2014-156 CVE Identifier: CVE-2014-4629 Severity Rating: CVSS v2 Base Score: 8.2 AV:N/AC:M/Au:S/C:C/I:P/A:C Affected products: • All EMC...

[SECURITY] [DSA 3087-1] qemu security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3087-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 04, 2014 http://www.debian.org/security/faq -...

tcpdump multiple security vulnerabilities

DoS, code execution, information leakage...

[SECURITY] [DSA 3086-1] tcpdump security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3086-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 03, 2014 http://www.debian.org/security/faq -...

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

D-Link DAP-1360 multiple security vulnerabilities

Crossite request forgery, information leakage, crossite scripting in web interface...

OpenVPN DoS

DoS after authentication via control characters...

CSRF and XSS vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. In addition to previous Abuse of Functionality, Brute Force, Information Leakage, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities in...

IBM Endpoint Manager code execution

Code execution in Mobile Device Management Components...

[USN-2430-1] OpenVPN vulnerability

========================================================================== Ubuntu Security Notice USN-2430-1 December 02, 2014 openvpn vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

PicsArt Photo Studio missed SSL certificate check

No description provided...

WordPress Wordfence Firewall 5.1.2 Cross Site Scripting

WordPress Wordfence Firewall plugin version 5.1.2 suffers from a cross site scripting vulnerability. =============================================== Product: Wordfence Firewall Plugin For Wordpress Vendor: Wordfence Vulnerable Versions: 5.1.2 Tested Version: 5.1.2 Advisory Publication: June 30,...

Codemeter privilege escalation

Weak service privileges...

Slider Revolution/Showbiz Pro shell upload exploit

!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...

CVE-2014-8419 - CodeMeter Weak Service Permissions

CodeMeter Weak Service Permissions Vendor Website : http://www.codemeter.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerability 5. Solution 6. Credit 7. Disclosure Timeline 8. CVE 1. BACKGROUND ---------------------------------------...

[CORE-2014-0010] - Advantech WebAccess Stack-based Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Stack-based Buffer Overflow 1. Advisory Information Title: Advantech WebAccess Stack-based Buffer Overflow Advisory ID: CORE-2014-0010 Advisory URL:...

Multiple SQL Injection in SP Client Document Manager plugin

Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product: https://wordpress.org/plugins/sp-client-document-manager/ Affected version: version 2.4.1 and previous version Fixed version: N/A Goog...

[USN-2410-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2410-1 November 19, 2014 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

[The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360

Hi, This is part 9 of the ManageOwnage series. For previous parts see 1. Today we have yet another 0 day - an arbitrary file download vulnerability that be exploited unauthenticated in NetFlow Analyzer and authenticated in IT360. I'm releasing this as a 0 day because ManageEngine have been making...

sniffit buffer overflow

Buffer overflow in configuration file...

Modx CMS CSRF Bypass & XSS Vulnerabilities

Public Disclosure - http://hacktivity.websecgeeks.com/modx-csrf-and-xss/ =========================================== Product: MODX Revolution Severity: Critical Versions: 2.0.0–2.2.14 Vulnerability type: CSRF & XSS Report date: 2014-Jul-10 Fixed date: 2014-Jul-15 Description A significant...

Ahrareandeysheh CMS Cross-Site Scripting Vulnerability

Ahrareandeysheh CMS All version suffers from a Cross-Site Scripting Vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@...

Missing SSL certificate validation in MercadoLibre app for Android [STIC-2014-0211]

Fundacion Dr. Manuel Sadosky - Programa STIC Advisory www.fundacionsadosky.org.ar Missing SSL certificate validation in MercadoLibre app for Android 1. Advisory Information Title: Missing SSL cert validation in MercadoLibre app for Android Advisory ID: STIC-2014-0211 Advisory URL:...

EntryPass N5200 information leakage

Memory content leakage...

[USN-2402-1] KDE workspace vulnerabilities

========================================================================== Ubuntu Security Notice USN-2402-1 November 11, 2014 kde-workspace vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

[ MDVSA-2014:237 ] perl-Mojolicious

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...

[ MDVSA-2014:235 ] perl-Plack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:235 http://www.mandriva.com/en/support/security/ Package : perl-Plack Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Plack package fixes security vulnerability:...

[ MDVSA-2014:216 ] php-ZendFramework

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:216 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : November 20, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in...

OpenStack multiple security vulnerabilities

OpenStack Cinder information leakage, Keystone information leakage, Nova information leakage and restrictions bypass, Neutron restrictions bypass...

Prey Anti-theft missing SSL certificate check

No description provided...

Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer

Description: The flash file accept its configuration via a JSON object. This object can be passed directly or via a file. The old version of this flash file was vulnerable because of loading insecure external flash files. The latest version and the previous ones are also vulnerable because of lac...

MercadoLibre missing SSL certificate checks

No description provided...

Advantech AdamView buffer overflow

Buffer overflow on .gni files parsing...

[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- Tuleap = 7.6-4 register.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Links: https://www.tuleap.org/ https://www.enalean.com/ - Affected Versions: Version 7.6-4...

CVE-2014-8683 XSS in Gogs Markdown Renderer

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. taken from 1 It is very similiar to the github...

BookFresh - Persistent Clients Invite Vulnerability

Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...

NetFlow Analyzer security vulnerabilities

Directory traversal...