[MATTA-2013-004] CVE-2014-1409; MobileIron authentication bypass vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP 5.9...

ASUS RT Series Routers FTP Service - Default anonymous access

Five ASUS RT series routers suffer from a vendor vulnerability that default FTP service to anonymous access, full read/write permissions. The service, which is activated from the administrative console does not give proper instructions nor indications that the end user needs to manually add a use...

Symantec Endpoint Protection security vulnerabilities

SQL injection, information leakage...

a2ps code execution

Macro are not filtered in Postscript processin...

Dassault Systemes Catia buffer overflow

Buffer overflow on network request parsing...

Public disclosure of Buffer Overflow Dassault Systems

''' Exploit Title: Dassault Systemes Catia V5-6R2013 "CATV5AllApplications" Stack Buffer Overflow Date: 2-18-2014 Exploit Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 &...

[SECURITY] [DSA 2892-1] a2ps security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2892-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 31, 2014 http://www.debian.org/security/faq -...

ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities

ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: For the...

RSA BSAFE multiple security vulnerabilities

Buffer overflows, SSL attacks, protection bypass...

CA Erwin Web Portal directory traversal

File request is not checked...

ASUS router drive-by code execution via XSS and authentication bypass

ASUS router drive-by code execution via XSS and authentication bypass ===================================================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/asus-router-auth-bypass.txt Overview -------- Various ASUS routers contai...

SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager

SEC Consult Vulnerability Lab Security Advisory 20140402-0 ======================================================================= title: Multiple vulnerabilities product: Rhythm Software File Manager Rhythm Software File Manager HD vulnerable version: File Manager 1.16.6 File Manager HD 1.11.5...

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

ESA-2013-039.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities EMC Identifier: ESA-2013-039 CVE Identifier: CVE-2011-3389, CVE-2013-0169 Severity Rating: CVSS v2 Base Score: Refer NVD http://nvd.nist.gov/ for individual scores for each CVE...

MobileIron authentication bypass

Unauthorized XML files access...

EMC RSA Adaptive Authentication security vulnerabilities

Crossite scripting...

APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-01-1 Safari 6.1.3 and Safari 7.0.3 Safari 6.1.3 and Safari 7.0.3 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact...

Apple Safari multiple security vulnerabilities

Multiple memory corruptions, restrictions bypass...

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31 Vulnerability Laboratory ID VL-ID:...

Barracuda Message Archiver 650 - Persistent Web Vulnerability

Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...

curl multiple security vulnerabilities

Information leaks, certificate checks bypass...

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities

Document Title: =============== Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1235 Release Date: ============= 2014-03-28 Vulnerability Laboratory ID VL-ID: ====================================...

ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability

ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 7.4 AV:A/AC:M/Au:S/C:C/I:C/A:C Affected Products: RSA Da...

PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1239 Release Date: ============= 2014-03-27 Vulnerability Laboratory ID VL-ID: ==================================== 123...

[slackware-security] curl (SSA:2014-086-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security curl SSA:2014-086-01 New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

PhonerLite information leak

Password digest information leak...

EMC RSA Data Loss Prevention privilege escalation

Session management vulnerability...

PhonerLite 2.14 SIP Soft Phone - SIP Digest Leak Information Disclosure (CVE-2014-2560)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I. Advisory Summary Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone Date Published: March 30, 2014 Vendors contacted: Heiko Sommerfeldt, PhonerLite author Discovered by: Jason Ostrom Severity: Medium II. Vulnerability...

SFR ADSL/Fiber Box multiple security vulnerabilities

Crossite scripting...

CA 2E Web Option session spooging

Pridictable session token...

CA20140218-01: Security Notice for CA 2E Web Option

CA20140218-01: Security Notice for CA 2E Web Option Issued: February 18, 2014 CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option C2WEB. A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attac...

Barracuda Message Archiver crossite scripting

Web interface crossite scripting...

CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box

CVE-2014-1599 39 Type-1 XSS in SFR ADSL/Fiber Box. SFR is the french Vodafone estimated DSL user base of 5.2 Millions. affected product: SFR BOX NB6-MAIN-R3.3.4 vulnerabilities: /network/dns 5 non-filtered Type-1 XSS /network/dhcp 6 non-filtered Type-1 XSS /network/nat 7 non-filtered Type-1 XSS...

IcedTea Web information leakage

Weak permission for temporary files...

EMC Documentum TaskSpace security vulnerabilities

Privilege escalation, information leakage...

iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1237 Release Date: ============= 2014-03-26 Vulnerability Laboratory ID VL-ID:...

Office Assistant Pro v2.2.2 iOS - File Include Vulnerability

Document Title: =============== Office Assistant Pro v2.2.2 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1197 Release Date: ============= 2014-02-13 Vulnerability Laboratory ID VL-ID: ==================================...

[CVE-2013-6835] - iOS 7.0.6 Safari/Facetime-Audio Privacy issue

Affected Vendor: https://www.apple.com/ - Affected Software: Safari/Facetime on iOS - Affected Version: iOS 7 prior to 7.1 - Issue Type: Lack of user confirmation leading to a call being established, revealing the user's identity phone number or email address - Release Date: March 10, 2014 -...

Linux kernel security vulnerabilities

ptrace information leakage, debug functions privilege escalation, cprng weak PRNG, networking dissector DoS, multiple integer overflows, buffer overlows in WiMax, USB and different devices drivers, UDP fragmentation offload uninitialized memory, privilege escalations. NAT conntrack information...

File Hub v1.9.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Hub v1.9.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1195 Release Date: ============= 2014-02-15 Vulnerability Laboratory ID VL-ID: ==================================== 1195...

Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Wireless Drive v1.1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1229 Release Date: ============= 2014-03-19 Vulnerability Laboratory ID VL-ID: ====================================...

FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities

Document Title: =============== mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1198 Release Date: ============= 2014-02-14 Vulnerability Laboratory ID VL-ID: ==================================== 1198...

WiFiles HD v1.3 iOS - File Include Web Vulnerability

Document Title: =============== WiFiles HD v1.3 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1214 Release Date: ============= 2014-02-22 Vulnerability Laboratory ID VL-ID: ==================================== 1214...

SEC Consult SA-20140307-0 :: Unauthenticated access & manipulation of settings in Huawei E5331 MiFi mobile hotspot

SEC Consult Vulnerability Lab Security Advisory 20140307-0 ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobile hotspot vulnerable version: Software version 21.344.11.00.414 fixed version...

ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities

ESA-2014-012.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities EMC Identifier: ESA-2014-012 CVE Identifier: CVE-2014-0629, CVE-2014-0630 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: Document...

Apache Tomcat multiple security vulnerabilities

Information leakage, DoS, session fixation...

Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities

Document Title: =============== Dell SonicWall EMail Security Appliance Application v7.4.5 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1191 Dell SonicWall Security Bulletin:...

Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities

Document Title: =============== Easy FileManager 1.1 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1234 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID: ==================================== 12...

Android Vulnerability: Install App Without User Explicit Consent

This vulnerability allows an app to install any number of apps with any type of permissions without user's explicit consent. It is based on two things: 1. You can install an app from Google Play using just the browser, even from PC. 2. An app can embed a browser and automatically login into your...

Oracle VirtualBox memory corruptions

Multiple memory corruptions in 3D acceleration...