[ MDVSA-2014:202 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:202 http://www.mandriva.com/en/support/security/ Package : php Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: A heap...

FreeBSD routed DoS

Crash on RIP packet from non-local network...

EMC NetWorker Module for MEDITECH information leakage

Cleartext passwords in the log files...

OpenBSD <= 5.5 Local Kernel Panic

OpenBSD = 5.5 All architectures is prone to a local DoS condition by triggering a kernel panic through a malformed ELF executable. A patch has been released to address this issue. See "013 Reliability Fix" at: http://www.openbsd.org/errata55.html013kernexec More details and PoC code:...

libxml DoS

Resources exhaustion on XML parsing...

FreeBSD Security Advisory FreeBSD-SA-14:21.routed

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:21.routed Security Advisory The FreeBSD Project Topic: routed8 remote denial of service vulnerability Category: core Module: routed Announced: 2014-10-21...

FreeBSD rtsold buffer overflow

Buffer overflow on DNS response parsing...

Linux kernel multiple security vulnerabilities

DoS conditions and buffer overflows in multiple drivers, multiple Ceph network file system vulnerabilities...

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2014-096 CVE Identifier: CVE-2014-4624 Severity Rating: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected products: • EMC Avamar Data Store ADS and Avamar Virtual Editio...

APPLE-SA-2014-10-22-1 QuickTime 7.7.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-22-1 QuickTime 7.7.6 QuickTime 7.7.6 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application...

[ MDVSA-2014:201 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:201 http://www.mandriva.com/en/support/security/ Package : kernel Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

python integer overflow

Integer overflow in buffer...

FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold8 remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits...

FreeBSD Security Advisory FreeBSD-SA-14:22.namei

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:22.namei Security Advisory The FreeBSD Project Topic: memory leak in sandboxed namei lookup Category: core Module: kernel Announced: 2014-10-21 Credits: Mateus...

ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability EMC Identifier: ESA-2014-094 CVE Identifier: CVE-2014-4623 Severity Rating: 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Affected products: ? EMC Avamar Data Store ADS GEN4S and Avamar Virtual Edition AVE...

[ MDVSA-2014:207 ] ejabberd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:207 http://www.mandriva.com/en/support/security/ Package : ejabberd Date : October 24, 2014 Affected: Business Server 1.0 Problem Description: Updated ejabberd packages fix security vulnerability: A flaw was...

EMC Avamar security vulnerabilities

Information leakage, weak passwords encryption...

APPLE-SA-2014-10-20-1 iOS 8.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-20-1 iOS 8.1 iOS 8.1 is now available and addresses the following: Bluetooth Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A malicious Bluetooth input device may bypass pairing...

pidgin security vulnerabilities

Insufficient certificates check, directory traversal, memory corruptions, information leakage...

APPLE-SA-2014-10-20-2 Apple TV 7.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-20-2 Apple TV 7.0.1 Apple TV 7.0.1 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A malicious Bluetooth input device may bypass pairing Description: Unencrypted...

FreeBSD namei information leakage

Kernel memoryr content leakage...

[ MDVSA-2014:204 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:204 http://www.mandriva.com/en/support/security/ Package : libxml2 Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial...

SAP Netweaver DoS

DoS against "Standalone Enqueue Server" service...

Apple OS X / OS X Server multiple security vulnerabilities

62 vulnerabilities in different system components...

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...

APPLE-SA-2014-10-16-5 OS X Server v2.2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-5 OS X Server v2.2.5 OS X Server v2.2.5 is now available and addresses the following: Server Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known...

APPLE-SA-2014-10-16-2 Security Update 2014-005

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-2 Security Update 2014-005 Security Update 2014-005 is now available and addresses the following: Secure Transport Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: An attacker may be able to decrypt data...

Apple iTunes multiple security vulnerabilities

84 vulnerabilities on different formats and protocols parsing...

APPLE-SA-2014-10-16-4 OS X Server v3.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-4 OS X Server v3.2.2 OS X Server v3.2.2 is now available and addresses the following: Server Available for: OS X Mavericks v10.9.5 or later Impact: An attacker may be able to decrypt data protected by SSL Description: There are kno...

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

NCCIC / US-CERT National Cyber Awareness System: TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack 10/17/2014 12:27 PM EDT Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer SSL 3.0 with cipher-block chaining CBC mode...

APPLE-SA-2014-10-16-6 iTunes 12.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-6 iTunes 12.0.1 iTunes 12.0.1 is now available and addresses the following: iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead t...

APPLE-SA-2014-10-16-3 OS X Server v4.0

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-3 OS X Server v4.0 OS X Server v4.0 is now available and addresses the following: BIND Available for: OS X Yosemite v10.10 or later Impact: Multiple vulnerabilities in BIND, the most serious of which may lead to a denial of service...

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 OS X Yosemite v10.10 is now available and addresses the following: 802.1X Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to...

IPy limitations bypass

It's possible to bypass IP addresses filtering...

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04472444 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472444 Version: 1 HPSBMU03126 rev....

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst stefan.horstatsektioneins.de Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Bypassing blacklists based on IPy

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses and networks" https://github.com/haypo/python-ipy. This library is sometimes used to implement blacklists forbidding internal, private or loopback addresses. Using octal encoding supported by urllib2, it is possible to bypas...

XSS vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! These are Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many other web sites. In 2012...

Cisco Telepresence multiple security vulnerabilities

Few DoS conditions...

HP Operations Agent crossite scripting

No description provided...

[slackware-security] openssl (SSA:2014-288-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security openssl SSA:2014-288-01 New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-0 ======================================================================= title: Multiple SSRF vulnerabilities product: Alfresco Community Edition vulnerable version: =4.2.f fixed version: 5.0.a...

[SECURITY] [DSA 2983-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2983-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 20, 2014 http://www.debian.org/security/faq -...

[SE-2014-01] Breaking Oracle Database through Java exploits (details)

Hello All, Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM implementation embedded in Oracle Database software. We have published details of the fixed issues and a description of some privilege elevation techniques abusing a complete Java security sandbox bypass condition for...

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

LPAR2RRD code execution

No description provided...

[oCERT-2014-005] LPAR2RRD input sanitization errors

2014-005 LPAR2RRD input sanitization errors Description: LPAR2RRD is a performance monitoring and capacity planning software for IBM Power Systems. LPAR2RRD generates historical, future trends and nearly "real-time" CPU utilization graphs of LPAR's and shared CPU usage. Insufficient input...

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

Advisory ID: HTB23236 Product: WP Google Maps WordPress plugin Vendor: WP Google Maps Vulnerable Versions: 6.0.26 and probably prior Tested Version: 6.0.26 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: September 29, 2014...

Kerio Control <= 8.3.1 Boolean-based blind SQL Injection

Document Title: ====================== Kerio Control = 8.3.1 Boolean-based blind SQL Injection Primary Informations: ====================== Product Name: Kerio Control Software Description: Kerio Control brings together multiple capabilities including a network firewall and router, intrusion...