APPLE-SA-2014-02-11-1 Boot Camp 5.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-11-1 Boot Camp 5.1 Boot Camp 5.1 is now available and addresses the following: Boot Camp Available for: Macs running Boot Camp 5 Impact: Loading a malformed executable file may cause memory corruption in the kernel Description: A boun...

Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability

Document Title: =============== Private Photo+Video v1.1 Pro iOS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1249 Release Date: ============= 2014-04-01 Vulnerability Laboratory ID VL-ID: ===================================...

[security bulletin] HPSBHF02981 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4), IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04197764 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04197764 Version: 1 HPSBHF02981 rev....

MobileIron authentication bypass

Unauthorized XML files access...

CA Erwin Web Portal directory traversal

File request is not checked...

Public disclosure of Buffer Overflow Dassault Systems

''' Exploit Title: Dassault Systemes Catia V5-6R2013 "CATV5AllApplications" Stack Buffer Overflow Date: 2-18-2014 Exploit Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 &...

SEC Consult SA-20140218-0 :: Multiple critical vulnerabilities in Symantec Endpoint Protection

SEC Consult Vulnerability Lab Security Advisory 20140218-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec Endpoint Protection vulnerable version: 11.0, 12.0, 12.1 fixed version: =11.0.7405.1424 =12.1.4023.4080...

lxc protection bypass

Invalid sshd mount permissions template...

[SECURITY] [DSA 2892-1] a2ps security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2892-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 31, 2014 http://www.debian.org/security/faq -...

CA20140403-01: Security Notice for CA Erwin Web Portal

-----BEGIN PGP SIGNED MESSAGE----- CA20140403-01: Security Notice for CA Erwin Web Portal Issued: April 03, 2014 CA Technologies Support is alerting customers to multiple vulnerabilities with CA Erwin Web Portal. The vulnerabilities, CVE-2014-2210, occur due to insufficient path verification. A...

[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP 5.9...

SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager

SEC Consult Vulnerability Lab Security Advisory 20140402-0 ======================================================================= title: Multiple vulnerabilities product: Rhythm Software File Manager Rhythm Software File Manager HD vulnerable version: File Manager 1.16.6 File Manager HD 1.11.5...

ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities

ESA-2014-020.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-020: RSA Adaptive Authentication On-Premise Multiple Vulnerabilities EMC Identifier: ESA-2014-020 CVE Identifier: CVE-2014-0637, CVE-2014-0638 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected...

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...

RSA BSAFE multiple security vulnerabilities

Buffer overflows, SSL attacks, protection bypass...

APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact...

Apple Safari multiple security vulnerabilities

Multiple memory corruptions, restrictions bypass...

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31 Vulnerability Laboratory ID VL-ID:...

CA 2E Web Option session spooging

Pridictable session token...

EMC RSA Data Loss Prevention privilege escalation

Session management vulnerability...

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...

SFR ADSL/Fiber Box multiple security vulnerabilities

Crossite scripting...

curl multiple security vulnerabilities

Information leaks, certificate checks bypass...

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities

Document Title: =============== Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1235 Release Date: ============= 2014-03-28 Vulnerability Laboratory ID VL-ID: ====================================...

Barracuda Message Archiver crossite scripting

Web interface crossite scripting...

CA20140218-01: Security Notice for CA 2E Web Option

CA20140218-01: Security Notice for CA 2E Web Option Issued: February 18, 2014 CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option C2WEB. A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attac...

PhonerLite information leak

Password digest information leak...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

[slackware-security] curl (SSA:2014-086-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2014-086-01 New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

Barracuda Message Archiver 650 - Persistent Web Vulnerability

Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...

CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box

CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone estimated DSL user base of 5.2 Millions. affected product: SFR BOX NB6-MAIN-R3.3.4 vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS...

PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1239 Release Date: ============= 2014-03-27 Vulnerability Laboratory ID VL-ID: ==================================== 123...

mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities

Document Title: =============== mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1198 Release Date: ============= 2014-02-14 Vulnerability Laboratory ID VL-ID: ==================================== 1198...

My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities

Document Title: =============== My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1201 Release Date: ============= 2014-02-16 Vulnerability Laboratory ID VL-ID: ====================================...

Imagemagic security vulnerabilities

Memory corruptions on JPEG and PSD parsing...

Android protection bypass

It's possible to install and run application silently...

PowerArchiver weak encrption

Native ZIP encryption is used instead of AES...

Huawei E5331 Multiple security vulnerabilities

Unauthorized access, CSRF...

WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1192 Release Date: ============= 2014-02-08 Vulnerability Laboratory ID VL-ID: ====================================...

ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities

ESA-2014-012.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities EMC Identifier: ESA-2014-012 CVE Identifier: CVE-2014-0629, CVE-2014-0630 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: Document...

ESA-2014-016: EMC VPLEX Multiple Vulnerabilities

ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...

Apache Tomcat multiple security vulnerabilities

Information leakage, DoS, session fixation...

libYAML buffer overflow

Buffer oveflow on oversized tag...

[oCERT-2014-003] LibYAML input sanitization errors

2014-003 LibYAML input sanitization errors Description: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for t...

Android Vulnerability: Install App Without User Explicit Consent

This vulnerability allows an app to install any number of apps with any type of permissions without user's explicit consent. It is based on two things: 1. You can install an app from Google Play using just the browser, even from PC. 2. An app can embed a browser and automatically login into your...

[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue

Affected Vendor: https://www.apple.com/ - Affected Software: Safari/Facetime on iOS - Affected Version: iOS 7 prior to 7.1 - Issue Type: Lack of user confirmation leading to a call being established, revealing the user's identity phone number or email address - Release Date: March 10, 2014 -...

[USN-2131-1] IcedTea Web vulnerability

========================================================================== Ubuntu Security Notice USN-2131-1 March 06, 2014 icedtea-web vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator

SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...

Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1233 Release Date: ============= 2014-03-21 Vulnerability Laboratory ID VL-ID:...

My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability

Document Title: =============== My Photo Wifi Share & PS 1.1 iOS - Local Command Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1232 Release Date: ============= 2014-03-24 Vulnerability Laboratory ID VL-ID:...