[ MDVSA-2014:178 ] ppp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:178 http://www.mandriva.com/en/support/security/ Package : ppp Date : September 5, 2014 Affected: Business Server 1.0 Problem Description: Updated ppp packages fix security vulnerability: A vulnerability in...

[ MDVSA-2014:167 ] file

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:167 http://www.mandriva.com/en/support/security/ Package : file Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated file packages fix security vulnerability: A flaw was found ...

[SECURITY] [DSA 3016-1] lua5.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3016-1 [email protected] http://www.debian.org/security/ Florian Weimer September 01, 2014 http://www.debian.org/security/faq -...

file utility memory corruption

Memory corruption CDF format parsing...

Lua buffer overflow

Buffer overflow on function call with large number of arguments...

[USN-2332-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2332-1 September 02, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

F5 BIG-IP crossite scripting

Crossite scripting via POST reuqest...

Mathematica10.0.0 on Linux /tmp/MathLink vulnerability

The problem reported for Mathematica is present still at version 10.0.0 for the GUI interface the command-line interface may be "safe". Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---...

SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140828-0 ======================================================================= title: Reflected Cross-Site Scripting product: F5 BIG-IP vulnerable version: = 11.5.1 fixed version: 11.6.0 impact: Medi...

[SECURITY] [DSA 3014-1] squid3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3014-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 28, 2014 http://www.debian.org/security/faq -...

Mathematica symbolic links vulnerability

Symbolic links vulnerability on temporary files creation...

squid DoS

DoS via Range: request...

[USN-2328-1] GNU C Library vulnerability

========================================================================== Ubuntu Security Notice USN-2328-1 August 29, 2014 eglibc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

GNU glibc buffer overflow

Off-by-one in gconvtranslitfind...

Panda Security privilege escalation

Privilege escalation via PavTPK.sys driver...

SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140805-0 ======================================================================= title: Multiple vulnerabilities product: Readsoft Invoice Processing / Process Director vulnerable version: Invoice...

serf certificate name spoofing vulnerability

Certificate spoofing via NUL byte...

[SECURITY] [DSA 3001-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3001-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 09, 2014 http://www.debian.org/security/faq -...

[USN-2311-1] pyCADF vulnerability

========================================================================== Ubuntu Security Notice USN-2311-1 August 11, 2014 python-pycadf vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

EMC RSA Archer multiple security vulnerabilities

CSRF, Pribilege escalation, unauthorized access...

ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

ESA-2014-071.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641 Severity Rating: CVSS v2 Base Score: See below for individual scor...

[SECURITY] [DSA 3007-1] cacti security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3007-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 20, 2014 http://www.debian.org/security/faq -...

Apache Subversion multiple security vulnerabilities

DoS, information leakage, certificate validation bypass...

ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities

ESA-2014-073.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2014-073 CVE Identifier: CVE-2014-2518 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC...

oxide-qt multiple security vulnerabilities

Information leakage, code execution...

ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities

ESA-2014-059.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2014-059 CVE Identifier: CVE-2014-2511 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC WebTop...

[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability

CVE-2014-0232: Apache OFBiz Cross-site scripting XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 11.04.01 to 11.04.04 Apache OFBiz 12.04.01 to 11.04.03 The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected...

CVE-2014-5307 - Privilege Escalation in Panda Security Products

Vulnerability title: Privilege Escalation in Panda Security CVE: CVE-2014-5307 Vendor: Panda Security Product: Multiple Affected version: Panda 2014 Products Fixed version: Hotfix hft131306s24r1 Reported by: Kyriakos Economou Details: Latest, and possibly earlier builds, of the PavTPK.sys kernel...

[CVE-2014-5335] CSRF in Innovaphone PBX

Title: Innovaphone PBX Admin-GUI CSRF Impact: High CVSS2 Score: 7.8 AV:N/AC:M/Au:S/C:P/I:C/A:C/E:F/RL:U/RC:C Announced: August 21, 2014 Reporter: Rainer Giedat NSIDE ATTACK LOGIC GmbH, www.nsideattacklogic.de Products: Innovaphone PBX Administration GUI Affected Versions: all known versions teste...

IBM Maximo: Cross-site Scripting Vulnerability Addressed in Asset and Service Management (CVE-2014-0914 and -0915)

Two classes of persistent XSS issues we reported in IBM Maximo a month or two back are now fixed: http://www.pentestpartners.com/blog/further-ibm-maximo-asset-management-vulnerabilities-reported/ Individual bulletins linked from the above, but tl;dr is I would suggest patching, as this could...

Grand MA 300 Fingerprint Reader insufficient encryption

PIN code is not encrypted during transfer...

HP Release Control XXE vulnerability

Few SSI possibilities...

Kolibri WebServer buffer overflow

Buffer overlow on oversized POST request...

[SECURITY] [DSA 3010-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass MZ-13-04 ---------------------------------------------------------------------...

HP Service Manager multiple security vulnerabilities

Crossite scripting, unauthorized access, privilege escalation...

ntopng XSS

XSS in web interface...

ESET application privilege escalation

Privilege escalation via EpFwNdis.sys driver...

IBM Maximo crossite scripting

Few different vulnerabilities...

[SECURITY] [DSA 2999-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2999-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 09, 2014 http://www.debian.org/security/faq -...

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - ------------------------------------------------------------------------------ Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability...

[security bulletin] HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04388127 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04388127 Version: 1 HPSBMU03079 rev....

APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-08-13-1 Safari 6.1.6 and Safari 7.0.6 Safari 6.1.6 and Safari 7.0.6 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.4 Impact...

Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)

Document Title: =============== Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities BNSEC-699 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=750 BARRACUDA NETWORK SECURITY ID: BNSEC-699 Release Date: ============= 2014-08-22...

BF and XSS vulnerabilities in Zyxel P660RT2 EE

Hello 3APA3A! These are Brute Force and Cross-Site Scripting vulnerabilities in Zyxel P660RT2 EE ADSL Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version: V3.40 AXN.1. This model with other firmware...

XSS and CSRF vulnerabilities in Zyxel P660RT2 EE

Hello 3APA3A! These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in Zyxel P660RT2 EE ADSL Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: Zyxel P660RT2 EE. ZyNOS Firmware Version: V3.40 AXN.1. This model with...

[USN-2320-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2320-1 August 20, 2014 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Reflected Cross-Site Scripting (XSS) in Jamroom

Advisory ID: HTB23224 Product: Jamroom Vendor: Talldude Networks, LLC Vulnerable Versions: 5.2.6 and probably prior Tested Version: 5.2.6 Advisory Publication: July 23, 2014 without technical details Vendor Notification: July 23, 2014 Vendor Patch: July 23, 2014 Public Disclosure: August 13, 2014...

SQL Injection Vulnerability in ArticleFR

Advisory ID: HTB23225 Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Advisory Publication: July 23, 2014 without technical details Vendor Notification: July 23, 2014 Public Disclosure: August 20, 2014 Vulnerability Type: SQL...