rxvt-unicode code execution

No description provided...

[RT-SA-2014-003] Metadata Information Disclosure in OrbiTeam BSCW

Advisory: Metadata Information Disclosure in OrbiTeam BSCW RedTeam Pentesting discovered an information disclosure vulnerability in OrbiTeam's BSCW collaboration software. An unauthenticated attacker can disclose metadata about internal objects which are stored in BSCW. Details ======= Product:...

[oss-security] Linux kernel floppy ioctl kernel code execution

Hi, As this was posted to linux-distros, and was supposed to be made public earlier this week, but so far wasn't published on oss-sec ... Reported by Matthew Daley to [email protected]. There apparently exists a proof of concept root exploit, that allows local users with access to a floppy devi...

[security bulletin] HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04036775 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04036775 Version: 1 HPSBHF02946 rev....

Сross-Site Request Forgery (CSRF) in TAO

Advisory ID: HTB23211 Product: TAO Vendor: Open Assessment Technologies S.A. Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Advisory Publication: April 16, 2014 without technical details Vendor Notification: April 16, 2014 Public Disclosure: May 7, 2014 Vulnerability Type:...

[SECURITY] [DSA 2925-1] rxvt-unicode security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2925-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 08, 2014 http://www.debian.org/security/faq -...

[USN-2210-1] cups-filters vulnerability

========================================================================== Ubuntu Security Notice USN-2210-1 May 08, 2014 cups-filters vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[oss-security] CVE Request - Predictable temporary filenames in GNU Emacs

I reported these bugs on the Debian tracker on Monday: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100 In brief some of the bundled Emacs Lisp uses predictable /tmpfile names insecurely: lisp/gnus/gnus-fun.el: In the function gnus-grab-cam-face the file "/tmp/gnus.face.ppm" is used,...

[security bulletin] HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04277407 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04277407 Version: 1 HPSBST03038 rev....

[oss-security] CVE Request - Local File inclusion in Cobbler

hi, as reported in https://github.com/cobbler/cobbler/issues/939 A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI in all versions. Cobbler ease setup of network installation environments. After informing cobbler team, a patch...

[ MDVSA-2014:083 ] mediawiki

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:083 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : May 8, 2014 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix security vulnerabilities: Login CSRF...

[oss-security] CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message

Hello, Linux kenrel built with the BPF interpreter support in the networking core is vulnerable to an out of bounds buffer access flaw. It occurs when accessing a netlink attribute from the skb-data buffer. An unprivileged user/program could use this flaw to crash the system kernel resulting in...

AVG Remote Administration multiple security vulnerabilities

Authentication bypass, code execution, static encryption key...

Apache mod_security protection bypass

Protection bypass via chunked encoding...

Cisco WebEx multiple security vulnerabilities

Memory corruption on different formats parsing...

SSH key cloning problem in OnApp templates

OnApp sells a "complete IaaS platform" for hosting providers to offer virtual servers. Their platform ships with templates disk images for many different operating systems, which it automatically customizes passwords, network settings, etc. when a new virtual server is deployed. During each...

[oss-security] Unsafe Query Risk in Active Record

This advisory concerns a security risk in all supported versions of Active Record. There is no patch to apply for this issue. Due to the query API that Active Record supports, there is a risk of unsafe query generation in two scenarios. Databases with a table that contains a column with the same...

[oss-security] [CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations

There is a vulnerability in the 'implicit render' functionality in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2014-0130. Versions Affected: All Supported Not affected: None Fixed Versions: 4.1.1, 4.0.5, 3.2.18 Impact ------ The implicit render functionality allows...

cups-filters code execution

cups-browsed shell characters vulnerabiilty...

[USN-2208-2] OpenStack Quantum vulnerability

========================================================================== Ubuntu Security Notice USN-2208-2 May 06, 2014 quantum vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

Citrix Netscaler security vulnerabilities

Weak Diffie-Hellman protocol implementation, lack of SSL cerificate check...

libxml2 DoS

CPU exhaustion on XML parsing...

IBM AIX security vulnerabilities

ptrace information leak and DoS...

[USN-2208-1] OpenStack Cinder vulnerability

========================================================================== Ubuntu Security Notice USN-2208-1 May 06, 2014 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

CVE-2014-2845 - Cyberduck (Windows): Failure validating some certificates (using FTP-SSL) with untrusted root certificate authority

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-004 Product: Cyberduck Affected Versions: 4.4.3 14140 Windows only Not Affected Versionss: 4.4.3 14140 and 4.2.1 9350 both OS X 10.9.2 Tested Versions: 4.4.3 Windows 7 32 bit and Windows 8.1 64 bit Vulnerability Type: X.509...

[ANN] Struts 2.3.16.3 GA release available - security fix

The Apache Struts group is pleased to announce that Struts 2.3.16.3 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...

[USN-2206-1] OpenStack Horizon vulnerability

========================================================================== Ubuntu Security Notice USN-2206-1 May 06, 2014 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

[SECURITY] [DSA 2922-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2922-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez May 05, 2014 http://www.debian.org/security/faq -...

libvirt security vulnerabilities

DoS, smbolic links vulnerability...

Apache Struts multiple security vulnerabilities

Few ClassLoader manipulation vulnerabilities with potential RCE impact...

[USN-2193-1] OpenStack Glance vulnerability

========================================================================== Ubuntu Security Notice USN-2193-1 May 05, 2014 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

OpenStack multiple security vulnerabilities

Glance code execution, Neutron and Swift unauthorized access, Horizon crossite scripting, Quantum / Cinder / Oslo information leakage...

Openswan / Strongswan security vulnerabilities

Buffer overflow, DoS, protection bypass...

Cyberduck protection bypass

Invali FTP-SSL root ceritificates check...

[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04275280 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04275280 Version: 1 HPSBMU03037 rev....

CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler

Vulnerability title: Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler CVE: CVE-2014-2881 Vendor: Citrix Product: Netscaler Affected version: All prior to 10.1-122.17/9.3-66.5 Fixed version: 10.1-122.17/9.3-66.5 Reported by: Graham Sutherland Details: The remote...

[USN-2194-1] OpenStack Neutron vulnerability

========================================================================== Ubuntu Security Notice USN-2194-1 May 05, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX

Vulnerability title: Kernel Memory Leak And Denial Of Service Condition in IBM AIX CVE: CVE-2014-0930 Vendor: IBM Product: AIX Affected version: 5.3, 6.1 and 7.1 releases VIOS 2.2. Fixed version: Interim version Reported by: Tim Brown Details: It has been identified that the ptrace system call ca...

[USN-2209-1] libvirt vulnerabilities

========================================================================== Ubuntu Security Notice USN-2209-1 May 07, 2014 libvirt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler

Vulnerability title: Lack of SSL Certificate Validation in Citrix Netscaler CVE: CVE-2014-2882 Vendor: Citrix Product: Netscaler Affected version: All prior to 10.1-122.17/9.3-66.5 Fixed version: 10.1-122.17/9.3-66.5 Reported by: Graham Sutherland Details: The remote configuration Java applet...

[USN-2207-1] OpenStack Swift vulnerability

========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

[oss-security] CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled

Hi, It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file...

[USN-2196-1] Linux kernel vulnerability

========================================================================== Ubuntu Security Notice USN-2196-1 May 06, 2014 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

GetGo Download Manager buffer overflow

Buffer overflow on server response parsing...

CVE-2014-5795 - Database Credentials Leak in Oracle Demantra

Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2014-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...

[SECURITY] [DSA 2867-1] otrs2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2867-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 23, 2014 http://www.debian.org/security/faq -...

ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability

ESA-2014-019.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability EMC Identifier: ESA-2014-019 CVE Identifier: CVE-2014-0636 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected Products:...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[SECURITY] [DSA 2895-1] prosody security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 [email protected] http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq -...

Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE

CVE-2014-1861 Affected versions: 4.3.3 4.3.1 and probably prior versions. Jetro Cockpit Secure Browsing makes use of a client running on a user's workstation in the enterprise's internal network, and a server in the DMZ that connects on the client's behalf to the internet. Attack scenario: User...