libxml DoS

Resources exhaustion on XML parsing...

[ MDVSA-2014:204 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:204 http://www.mandriva.com/en/support/security/ Package : libxml2 Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial...

pidgin security vulnerabilities

Insufficient certificates check, directory traversal, memory corruptions, information leakage...

ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability EMC Identifier: ESA-2014-094 CVE Identifier: CVE-2014-4623 Severity Rating: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products: ? EMC Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE...

FreeBSD Security Advisory FreeBSD-SA-14:22.namei

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:22.namei Security Advisory The FreeBSD Project Topic: memory leak in sandboxed namei lookup Category: core Module: kernel Announced: 2014-10-21 Credits: Mateus...

FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold8 remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits...

[ MDVSA-2014:202 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:202 http://www.mandriva.com/en/support/security/ Package : php Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: A heap...

[ MDVSA-2014:197 ] python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:197 http://www.mandriva.com/en/support/security/ Package : python Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Updated python packages fix security vulnerability: Python before...

python integer overflow

Integer overflow in buffer...

FreeBSD routed DoS

Crash on RIP packet from non-local network...

ESA-2014-087: EMC NetWorker Module for MEDITECH (NMMEDI) Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-087: EMC NetWorker Module for MEDITECH NMMEDI Information Disclosure Vulnerability EMC Identifier: ESA-2014-087 CVE Identifier: CVE-2014-4620 Severity Rating: CVSS v2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC NetWork...

Apple Quicktime multiple security vulnerabilities

Memory corruptions on video decoding, MIDI and m4a...

[ MDVSA-2014:207 ] ejabberd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:207 http://www.mandriva.com/en/support/security/ Package : ejabberd Date : October 24, 2014 Affected: Business Server 1.0 Problem Description: Updated ejabberd packages fix security vulnerability: A flaw was...

ejabberd protection bypass

Server does not enforces encryption...

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2014-096 CVE Identifier: CVE-2014-4624 Severity Rating: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected products: • EMC Avamar Data Store ADS and Avamar Virtual Editio...

OpenBSD <= 5.5 Local Kernel Panic

OpenBSD = 5.5 All architectures is prone to a local DoS condition by triggering a kernel panic through a malformed ELF executable. A patch has been released to address this issue. See "013 Reliability Fix" at: http://www.openbsd.org/errata55.html013kernexec More details and PoC code:...

OpenBSD DoS

System crash on ELF parsing...

APPLE-SA-2014-10-20-1 iOS 8.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-20-1 iOS 8.1 iOS 8.1 is now available and addresses the following: Bluetooth Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious Bluetooth input device may bypass pairing...

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-20-2 Apple TV 7.0.1 Apple TV 7.0.1 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious Bluetooth input device may bypass pairing Description: Unencrypted...

Apple TV security vulnerabilities

Unauthorized bluetooth pairing, SSL poodle attack...

[ MDVSA-2014:201 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:201 http://www.mandriva.com/en/support/security/ Package : kernel Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

Linux kernel multiple security vulnerabilities

DoS conditions and buffer overflows in multiple drivers, multiple Ceph network file system vulnerabilities...

Apple iTunes multiple security vulnerabilities

84 vulnerabilities on different formats and protocols parsing...

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

APPLE-SA-2014-10-16-6 iTunes 12.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-6 iTunes 12.0.1 iTunes 12.0.1 is now available and addresses the following: iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead t...

SAP Netweaver DoS

DoS against "Standalone Enqueue Server" service...

APPLE-SA-2014-10-16-5 OS X Server v2.2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-5 OS X Server v2.2.5 OS X Server v2.2.5 is now available and addresses the following: Server Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known...

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-4 OS X Server v3.2.2 OS X Server v3.2.2 is now available and addresses the following: Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are kno...

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

NCCIC / US-CERT National Cyber Awareness System: TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack 10/17/2014 12:27 PM EDT Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer SSL 3.0 with cipher-block chaining CBC mode...

APPLE-SA-2014-10-16-2 Security Update 2014-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-2 Security Update 2014-005 Security Update 2014-005 is now available and addresses the following: Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: An attacker may be able to decrypt data...

APPLE-SA-2014-10-16-3 OS X Server v4.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-3 OS X Server v4.0 OS X Server v4.0 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service...

Apple OS X / OS X Server multiple security vulnerabilities

62 vulnerabilities in different system components...

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

XSS vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many other web sites. In 2012...

Bypassing blacklists based on IPy

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses and networks" https://github.com/haypo/python-ipy. This library is sometimes used to implement blacklists forbidding internal, private or loopback addresses. Using octal encoding supported by urllib2, it is possible to bypas...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Cisco Telepresence multiple security vulnerabilities

Few DoS conditions...

IPy limitations bypass

It's possible to bypass IP addresses filtering...

HP Operations Agent crossite scripting

No description provided...

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04472444 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472444 Version: 1 HPSBMU03126 rev....

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst stefan.horstatsektioneins.de Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in...

[slackware-security] openssl (SSA:2014-288-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security openssl SSA:2014-288-01 New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities

Kunena forum extension for Joomla multiple reflected cross-site scripting vulnerabilities Class: Input Validation Error CVE N/A Remote Yes Local No Published 02/07/2014 Credit Raymond Rizk of Dionach [email protected] Vendor Kunena Vulnerable Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena...

Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080

We discovered a vulnerability in the Symantec Endpoint Protection Manager web application. Vulnerability Type: Login Bruteforce Original Release: June 20, 2014 Discovered by: Security Team - A2SECURE Artлm Tsvetkov [email protected] Sisco Barrera [email protected] Andrea Bodei...

Kerio Control <= 8.3.1 Boolean-based blind SQL Injection

Document Title: ====================== Kerio Control = 8.3.1 Boolean-based blind SQL Injection Primary Informations: ====================== Product Name: Kerio Control Software Description: Kerio Control brings together multiple capabilities including a network firewall and router, intrusion...

LPAR2RRD code execution

No description provided...

[KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability

----------------------------------------------------------------- OpenCart = 1.5.6.4 cart.php PHP Object Injection Vulnerability ----------------------------------------------------------------- - Software Link: http://www.opencart.com/ - Affected Versions: Version 1.5.6.4 and prior versions. -...

OS Command Injection Infoblox Network Automation

Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Versions: 6.4.X.X-6.8.4.X Tested Version: 6.8.2.11 Vendor Notification: May 12th, 2014 Vendor Patch Availability to Customers: May 16th, 20...

SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop

SEC Consult Vulnerability Lab Security Advisory 20140710-1 ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high...

[SE-2014-01] Breaking Oracle Database through Java exploits (details)

Hello All, Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM implementation embedded in Oracle Database software. We have published details of the fixed issues and a description of some privilege elevation techniques abusing a complete Java security sandbox bypass condition for...