Pidgin multiple security vulnerabilities

Insufficient certificate validation, emoticons parsing DoS, Groupwise messages DoS, information leakages via XMPP...

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel

SEC Consult Vulnerability Lab Security Advisory 20141029-0 ======================================================================= title: Multiple critical vulnerabilities product: Vizensoft Admin Panel vulnerable version: 2014 fixed version: - impact: critical homepage: http://www.vizensoft.com...

PARSADEV CMS Cross-Site Scripting Vulnerability

PARSADEV CMS All version suffers from a Cross-Site Scripting Vulnerability @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@...

[USN-2391-1] php5 vulnerabilities

========================================================================== Ubuntu Security Notice USN-2391-1 October 30, 2014 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu systemd-shim DoS

Debugging is enabled by default...

torque privilege escalation

It's possible to kill the process of any user...

Dell SonicWall GMS XSS

XSS in web management interface...

libbfd memory corruptions

Memory corruptions on ELF parsing...

iFileExplorer v6.51 iOS - File Include Web Vulnerability

Document Title: =============== iFileExplorer v6.51 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1345 Release Date: ============= 2014-10-22 Vulnerability Laboratory ID VL-ID: ====================================...

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

SEC Consult Vulnerability Lab Security Advisory 20141029-1 ======================================================================= title: Persistent cross site scripting product: Confluence RefinedWiki Original Theme vulnerable version: 3.x - 4.0.x fixed version: 4.0.12 impact: high homepage:...

[KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness

---------------------------------------------------------------- TestLink = 1.9.12 database.class.php Path Disclosure Weakness ---------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 and prior versions. - Weakness...

WebDisk+ v2.1 iOS - Code Execution Vulnerability

Document Title: =============== WebDisk+ v2.1 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1349 Release Date: ============= 2014-10-23 Vulnerability Laboratory ID VL-ID: ==================================== 1349 Comm...

File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

Vulnerabilities in WordPress Database Manager v2.7.1

Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/ Downloads: 1,171,358 Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/ Contacted: 10/13/2014, Vulnerabilities addressed...

Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ====================================...

Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

Document Title: =============== Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1324 Video: http://www.vulnerability-lab.com/getcontent.php?id=1333 Article:...

phpfusion (Search Page) Denial of Service Vulnerability

phpfusion All version suffers from a denial of service vulnerability. !/usr/bin/perl @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@...

Aircrack-ng multiple security vulnerabilities

DoS conditions, buffer overflow, integer overflow...

[KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability

-------------------------------------------------------------------------- TestLink = 1.9.12 execSetResults.php PHP Object Injection Vulnerability -------------------------------------------------------------------------- - Software Link: http://testlink.org/ - Affected Versions: Version 1.9.12 a...

HP Color LaserJet security vulnerabilities

Unauthorized data access, DoS...

[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04483249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04483249 Version: 1 HPSBPI03147 rev....

PHP memory corruption

exifthumbnail memory corruption on JPEG parsing. XMLRPC buffer overflow. objectcustom function integer overflow...

LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183

Information ----------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in LiteCart Affected Software : LiteCart Affected Versions: 1.1.2.1 and possibly below Vendor Homepage : http://www.litecart.net Vulnerability Type : Cross-site Scripting Severity : Important CVE-ID: CVE-2014-7183...

[ MDVSA-2014:200 ] bugzilla

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:200 http://www.mandriva.com/en/support/security/ Package : bugzilla Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated bugzilla packages fix security vulnerabilities: If a new...

wget symbolic links vulnerability

Symbolic links vulnerability in FTP mirror mode...

[SECURITY] [DSA 3060-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3060-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 31, 2014 http://www.debian.org/security/faq -...

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

Quarterly update covers 138 different vulnerabilities...

quassel information leakage

Memory content leakage, DoS...

[SECURITY] [DSA 3063-1] quassel security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3063-1 [email protected] http://www.debian.org/security/ Luciano Bello November 02, 2014 http://www.debian.org/security/faq -...

SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

SEC Consult Vulnerability Lab Security Advisory 20141031-0 ======================================================================= title: XML External Entity Injection XXE and Reflected XSS product: Scalix Web Access vulnerable version: 11.4.6.12377 and 12.2.0.14697 fixed version: - impact:...

iFunBox Free v1.1 iOS - File Include Vulnerability

Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID: ==================================== 1344...

vulnerabilities in libbfd (CVE-2014-beats-me)

Yo, Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans the file for runs of printable...

[SECURITY] [DSA 3058-1] torque security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3058-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2014 http://www.debian.org/security/faq -...

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title: =============== Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1341 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ====================================...

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities Description: -------------------------------- Four vulnerabilities exist on aircrack-ng = 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: ...

Multiple vulnerabilities in EspoCRM

Advisory ID: HTB23238 Product: EspoCRM Vendor: http://www.espocrm.com Vulnerable Versions: 2.5.2 and probably prior Tested Version: 2.5.2 Advisory Publication: October 8, 2014 without technical details Vendor Notification: October 8, 2014 Vendor Patch: October 10, 2014 Public Disclosure: October...

[USN-2394-1] Linux kernel (Trusty HWE) vulnerabilities

========================================================================== Ubuntu Security Notice USN-2394-1 October 30, 2014 linux-lts-trusty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...

Apple iOS multiple security vulnerabilities

Unauthorized bluetooth access, insufficient encryption, insufficient certificate check, information leakage, SSL poodle attack...

[USN-2392-1] systemd-shim vulnerability

========================================================================== Ubuntu Security Notice USN-2392-1 October 30, 2014 systemd-shim vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare

Nuevolabs Nuevoplayer for clipshare SQL Injection ======================================================================= :: ADVISORY SUMMARY :: Title: Nuevolabs Nuevoplayer for clipshare Sql Injection Vendor: NUEVOLABS www.nuevolabs.com Product: NUEVOPLAYER for clipshare Credits: Cory Marsh -...

[SECURITY] [DSA 3059-1] dokuwiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3059-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 29, 2014 http://www.debian.org/security/faq -...

[ MDVSA-2014:208 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:208 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : October 24, 2014 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerability: In...

[ MDVSA-2014:212 ] wget

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:212 http://www.mandriva.com/en/support/security/ Package : wget Date : October 29, 2014 Affected: Business Server 1.0 Problem Description: Updated wget package fixes security vulnerability: Wget was...

FreeBSD Security Advisory FreeBSD-SA-14:21.routed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:21.routed Security Advisory The FreeBSD Project Topic: routed8 remote denial of service vulnerability Category: core Module: routed Announced: 2014-10-21...

FreeBSD rtsold buffer overflow

Buffer overflow on DNS response parsing...

FreeBSD namei information leakage

Kernel memoryr content leakage...

APPLE-SA-2014-10-22-1 QuickTime 7.7.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-22-1 QuickTime 7.7.6 QuickTime 7.7.6 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application...

EMC Avamar security vulnerabilities

Information leakage, weak passwords encryption...

EMC NetWorker Module for MEDITECH information leakage

Cleartext passwords in the log files...

[slackware-security] pidgin (SSA:2014-296-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security pidgin SSA:2014-296-02 New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...