torque buffer overflow

Buffer overflow on task processing...

Cisco Wide Area Application Services code execution

SharePoint prefetch memory corruption...

HP Operations Manager i code execution

No description provided...

[CVE-2014-0749] TORQUE Buffer Overflow

A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective. This issue is exploitable in all versions of the 2.5 branch, upto and including 2.5.13 Software: TORQUE Affected Versions: All 2.5 releases up to and...

[SECURITY] [DSA 2930-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2930-1 [email protected] http://www.debian.org/security/ Michael Gilbert May 17, 2014 http://www.debian.org/security/faq -...

[ MDVSA-2014:087 ] php

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:087 http://www.mandriva.com/en/support/security/ Package : php Date : May 15, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in php: PHP FPM in PHP...

PHP privilege escalation

Weak unix socket permissions...

Cisco NX-OS multiple security vulnerabilities

Privilege escalation, buffer overflow, DoS...

[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04307186 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04307186 Version: 1 HPSBMU03044 rev....

OpenSSL security vulnerabilities

Information leakage, key recovery. This vulnerability is actively used in-the-wild...

Apple Mac OS X multiple security vulnerabilities

Information disclosures, memory corruptions, DoS, privilege escalations, protection bypass...

[security bulletin] HPSBMU03042 rev.1 - HP Operations Manager i, Execution of Arbitrary Code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04296442 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04296442 Version: 1 HPSBMU03042 rev....

VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow (Pwn2Own)

VUPEN Security Research - Adobe Acrobat & Reader XI-X Barcode Heap Overflow Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create, vie...

APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact...

iTunes security vulnerabilities

Invalid HTTP headers processing, weak permissions...

[SECURITY] [DSA 2937-1] mod-wsgi security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...

mod-wsgi security vulnerabilities

Privilege escalation, information disclosure...

[SECURITY] CVE-2014-0097 Apache Tomcat information disclosure

CVE-2014-0097 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The code used to parse the request content length header did not check...

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...

D-Link routers multiple security vulnerabilities

XSS, information leakage...

check_mk symbolic links vulnerability

Symbolic links are not checked during files operation...

NICE Recording eXpress multiple security vulnerabilities

Multiple security vulnerability, including privileged backdoor access...

EMC RSA Archer crossite scripting

Multiple crossite scripting conditions...

Full Disclosure - DIR-652/DIR-835/DIR-855L/DGL-5500/DHP-1565 - Clear Text Password/XSS/Information Disclosure

The following five D-Link model routers suffer from several vulnerabilities including Clear Text Storage of Passwords, Cross Site Scripting and Sensitive Information Disclosure. DIR-652 D-Link Wireless N Gigabit Home Router DIR-835 D-Link Network DIR-835L Wireless N 750M Dual-band 802.11n 4Port...

[SECURITY] CVE-2014-0095 Apache Tomcat denial of service

CVE-2014-0095 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC2 to 8.0.3 Description: A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the...

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === LSE Leading Security Experts GmbH - Security Advisory LSE-2014-05-21 === CheckMK - Arbitrary File Disclosure Vulnerability - -------------------------------------------------- Affected Versions ================= Linux versions of CheckMK equal or...

APPLE-SA-2014-05-16-1 iTunes 11.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-16-1 iTunes 11.2.1 iTunes 11.2.1 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later Impact: A local user can compromise other local user accounts Description: Upon each reboot, the permission...

SEC Consult SA-20140528-0 :: Root Backdoor & Unauthenticated access to voice recordings in NICE Recording eXpress

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140528-0 ======================================================================= title: Root Backdoor & Unauthenticated access to voice recordings product: NICE Recording eXpress voice recording soluti...

APPLE-SA-2014-05-15-2 iTunes 11.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-15-2 iTunes 11.2 iTunes 11.2 is now available and addresses the following: iTunes Available for: Windows 8, Windows 7, Vista, XP SP3 or later Impact: An attacker in a privileged network position can obtain iTunes credentials...

APPLE-SA-2014-15-20-1 OS X Server 3.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-15-20-1 OS X Server 3.1.2 OS X Server 3.1.2 is now available and addresses the following: Ruby Available for: OS X Mavericks 10.9.3 or later Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an...

ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability

ESA-2014-045.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-045: EMC Documentum D2 Arbitrary DQL Query Execution Vulnerability EMC Identifier: ESA-2014-045 CVE Identifier: CVE-2014-2504 Severity: CVSSv2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: • EMC Documentum D2...

Apple Safari multiple security vulnerabilities

Multiple memory corruptions...

[SECURITY] [DSA 2936-1] torque security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2936-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 23, 2014 http://www.debian.org/security/faq -...

[oss-security] Fwd: [exim-announce] Exim 4.82.1 Security Release

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Short version: Exim MTA, CVE-2014-2957, remote code execution based on email header content when built with the EXPERIMENTALDMARC option. Flaw introduced with that option in Exim 4.82, which was previously the current release; no prior releases...

exim code execution

Code execution with EXPERIMENTALDMARC enabled...

EMC Documentum D2 privilege escalation

It's possible to execute DQL Query with super-user privileges...

ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities

ESA-2014-021.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-021: RSA Archer® GRC Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2014-021 CVE Identifier: CVE-2014-0639 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected Products: RSA Archer...

[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

CVE-2014-0075 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: It was possible to craft a malformed chunk size as part of a chucked reques...

[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

CVE-2014-0119 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.5 - Apache Tomcat 7.0.0 to 7.0.53 - Apache Tomcat 6.0.0 to 6.0.39 Description: In limited circumstances it was possible for a malicious web applicati...

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability

CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability Issued: April 13, 2014 Updated: May 12, 2014 CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CVE identifier CVE-2014-0160 has been...

Apache Tomcat multiple security vulnerabilities

DoS, information leakage...

Linux kernel multiple security vulnerabilities

Memory corruptions in STCP, DCCP and CIFS, KVM and pseudo tty privilege escalations, DoS...

Ruby security vulnerabilities

DoS, restrictions bypass...

[USN-2228-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2228-1 May 27, 2014 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Xen buffer overflow

Buffer overflow on guest system kernel image loading...

FD - Cobbler Arbitrary File Read CVE-2014-3225

Vulnerability title: Arbitrary file read CVE: CVE-2014-3225 Vendor: Cobbler Product: Cobbler Affected version: =2.6.0 Fixed version: N/A Reported by: Dolev Farhi ---------------------------- VULNERABILITY Details: ---------------------------- In all Cobbler versions = 2.6.0 an arbitrary system...

[oss-security] CVE-2014-0223 Qemu: qcow1: Validate image size

Hello, 'CVE-2014-0223' has been assigned to this issue. A huge image size could cause s-l1size to overflow. Make sure that images never require a L1 table larger than what fits in s-l1size. This cannot only cause unbounded allocations, but also the allocation of a too small L1 table, resulting in...

[oss-security] libgadu vulnerability: possible memory corruption

I'd like to request a CVE ID for the following issue: A crafted message from the file relay server may cause memory to beoverwritten. The memory is not overwritten with data sent directly by the server, but security implications cannot be ruled out. The bug is public:...

ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability

ESA-2014-005.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-005: EMC Documentum Foundation Services DFS Content Access Vulnerability EMC Identifier: ESA-2014-005 CVE Identifier: CVE-2014-0622 Severity Rating: CVSS v2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC DF...

[oss-security] Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities

hi, Several security issues were found in Zenoss monitoring system. 1. Stored XSS. A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title scriptalert"Xss"/script any user browsing to the relevant manufacturers page will get a client-side script execut...