47153 matches found
APPLE-SA-2014-11-17-3 Apple TV 7.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-3 Apple TV 7.0.2 Apple TV 7.0.2 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: An attacker with a privileged network position may cause an unexpected application...
APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 OS X 10.10.1 is now available and addresses the following: CFNetwork Available for: OS X Yosemite v10.10 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy...
libcurl information leakage
Memory content leakage via POST...
[ MDVSA-2014:213 ] curl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:213 http://www.mandriva.com/en/support/security/ Package : curl Date : November 18, 2014 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: Symeon Paraschoud...
APPLE-SA-2014-11-17-1 iOS 8.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-1 iOS 8.1.1 iOS 8.1.1 is now available and addresses the following: CFNetwork Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: Website cache may not be fully cleared after leaving...
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload
CVE-2014-8767 tcpdump denial of service in verbose mode using malformed OLSR payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attache...
wireshark multiple security vulnerabilities
Buffer overflow and DoS-conditions on different protocols parsing...
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload
CVE-2014-8769 tcpdump unreliable output using malformed AOVD payload 1. Background tcpdump is a powerful command-line packet analyzer. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. 2. Summary...
Microsoft Active Directory Federation Services information leakage
It's possible to access closed session...
Microsoft SharePoint Server crossite scripting
Stored XSS...
Microsoft Office multiple security vulnerabilities
Few different memory corruptions on different documents parsing...
Cisco RV multiple security vulnerabilities
Files access, code execution, crossite scripting...
ZTE ZXDSL 831CII Direct Object Reference
The modem usually serves html files & protects them with HTTP Basic authentication. however, the cgi files, does not get this protection. so simply requesting any cgi file without no authentication would give a remote attacker full access to the modem and then can easily be used to root the modem...
[SECURITY] [DSA 3066-1] qemu security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3066-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 06, 2014 http://www.debian.org/security/faq -...
CVE-2014-6616 Softing FG-100 Webui XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6616 Subject: XSS Risk: High Effect: Remotely exploitable Author: Johannes Klick Daniel Marzin Ingmar Rosenhagen Date: 05.11.2014 Introduction:...
RSA Web Threat Detection SQL injection
SQL injection by authenticated user...
Cisco RV Series multiple vulnerabilities
------------------------------------------------------------------------ Cisco RV Series multiple vulnerabilities ------------------------------------------------------------------------ Yorick Koster, June 2013 ------------------------------------------------------------------------ Abstract...
KL-001-2014-004 : VMWare vmx86.sys Arbitrary Kernel Read
Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...
FreeBSD OpenSSH DoS
Race condition because of invalid thread-safe library linking...
Symantec Endpoint Protection multiple security vulnerabilities
XSS, XXE, unauthroized files access...
FreeBSD Security Advisory FreeBSD-SA-14:25.setlogin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:25.setlogin Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in setlogin2 / getlogin2 Category: core Module: kernel Announced: 2014-11-04...
FreeBSd ftp code execution
Shell characters vulnerability on server response parsing...
CA Cloud Service Management multiple security vulnerabilities
Replay-атаки, XSS, XXE, token validation vulnerability...
ZTE modems multiple security vulnereabilities
Multiple vulnerabilities in Web interface...
FreeBSD information leakage
Kernel information disclosure in setlogin/getlogin calls...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Advisory ID: cisco-sa-20141105-rv Revision 1.0 For Public Release 2014 November 5 16:00 UTC GMT...
ZTE 831CII Multiple Vulnerablities
Hardcoded default misconfiguration - The modem comes with admin:admin user credintials. Stored XSS - http://192.168.1.1/psilan.cgi?action=saveðIpAddress=192.168.1.1ðSubnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home27;alert28029;//&enblUpnp=1&enblLan2=0 Any user browsing to...
Vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This...
SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection
SEC Consult Vulnerability Lab Security Advisory 20141106-0 ======================================================================= title: XXE & XSS & Arbitrary File Write vulnerabilities product: Symantec Endpoint Protection vulnerable version: 12.1.4023.4080 fixed version: 12.1.5 RU 5 impact:...
ZTE ZXDSL 831 Multiple Cross Site Scripting
TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html...
VMWare Workstation / Player DoS
Uninitialized potiner dereference on IOCTL processing...
Open-Xchange SQL injection
SQLi in jslob API...
FreeBSD Security Advisory FreeBSD-SA-14:26.ftp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:26.ftp Security Advisory The FreeBSD Project Topic: Remote command execution in ftp1 Category: core Module: ftp Announced: 2014-11-04 Credits: Jared McNeill,...
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:24.sshd Security Advisory The FreeBSD Project Topic: Denial of service attack against sshd8 Category: contrib Module: openssh Announced: 2014-11-04 Credits:...
Open-Xchange Security Advisory 2014-11-07
Product: OX App Suite Vendor: Open-Xchange GmbH Internal reference: 34765 Bug ID Vulnerability type: SQL Injection CWE-89 Vulnerable version: 7.6.0 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Researcher credits: SoftScheck GmbH Fixed...
CA20141103-01: Security Notice for CA Cloud Service Management
-----BEGIN PGP SIGNED MESSAGE----- CA20141103-01: Security Notice for CA Cloud Service Management Issued: November 3, 2014 CA Technologies Support is alerting customers to four resolved vulnerabilities with CA Cloud Service Management. Four vulnerabilities existed that could potentially allow a...
CVE-2014-6617 Softing FG-100 Backdoor Account
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Softing FG-100 PB Vendor: Softing AG www.softing.com CVD ID: CVE-2014-6617 Subject: Backdoor Account Risk: High Effect: Remotely exploitable Author: Ingmar Rosenhagen Daniel Marzin Johannes Klick Date: 05.11.2014...
ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-135: RSA® Web Threat Detection SQL Injection Vulnerability EMC Identifier: ESA-2014-135 CVE Identifier: CVE-2014-4627 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected Products: RSA Web Threat Detection 4.x versions...
IL and CSRF vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...
Softing FG-100 security vulnerabilities
Backdoor accounts, crossite scripting...
[ MDVSA-2014:212 ] wget
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:212 http://www.mandriva.com/en/support/security/ Package : wget Date : October 29, 2014 Affected: Business Server 1.0 Problem Description: Updated wget package fixes security vulnerability: Wget was...
[SECURITY] [DSA 3059-1] dokuwiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq -...
Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
Title: Elastix Multiple vulnerabilities Remote Command Execution, XSS, CSRF Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: September 1 2014 Published: October 17 2014 MorXploit Research http://www.MorXploit.com Software: Elastix Version: Elastix 2.4.0 Stable Vendor url:...
[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04491186 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04491186 Version: 2 HPSBUX03159...
HP-UX DoS
No description provided...
[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU
Hello All, We've been recently informed by a 3rd party that Oracle planned to release fixes for the vulnerabilities covered by our SE-2014-01 1 project in Nov 2014. We initially thought that someone mistakenly took Oct for Nov Oracle CPU was released on Oct 14, 2014, but the credibility of the...
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability
Document Title: =============== FileBug v1.5.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1342 Release Date: ============= 2014-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1342...
[ MDVSA-2014:208 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:208 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
File Manager v4.2.10 iOS - Code Execution Vulnerability
Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...