47153 matches found
[security bulletin] HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04000397 Version: 1 HPSBMU02975 rev.1 - HP Smart Update Manager for Linux, Elevation of Privileges NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Relea...
OpenSSH protection bypass
Invalid wildcard expressions parsing...
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the...
libxalan security vulnerabilities
Information leak, code execution...
[security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04103553 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04103553 Version: 1 HPSBUX02963...
HP Systems Insight Manager multiple security vulnerabilities
DoS, code execution...
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev....
HP Unified Functional Testing code execution
No description provided...
VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)
VUPEN Security Research - Google Chrome Clipboard Format Processing Sandbox Escape Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Google Chrome is a freeware web browser developed by Google. Chrome version 28 and beyond uses the WebK...
HP System Management Homepage security vulnerabilities
Crossite scripting, information leakage...
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability
ESA-2014-011.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability EMC Identifier: ESA-2014-011 CVE Identifier: CVE-2014-0628 Severity Rating: CVSS v2 Base Score: 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C Affected Products: RSA BSAFE Micro...
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iNote: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 2 HPSBMU02967 rev...
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...
[security bulletin] HPSBMU02933 rev.2 - HP SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03969435 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03969435 Version: 2 HPSBMU02933 rev....
[security bulletin] HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04039138 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039138 Version: 1 HPSBMU02947 rev....
[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970 rev....
HP Rapid Deployment Pack / HP Insight Control Server Deployment multiple security vulnerabilities
Multiple different vulnerabilities...
CVE-2013-6955 Synology DSM remote code execution
Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...
Microsoft Office memory corruption
Microsoft Word RTF parsing 0-day vulnerability is exploited in-the-wild...
[USN-2153-1] initramfs-tools vulnerability
========================================================================== Ubuntu Security Notice USN-2153-1 March 24, 2014 initramfs-tools vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
initramfs-tools weak permissions
/run is mounted withour noexec option...
[SECURITY] [DSA 2883-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2883-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 23, 2014 http://www.debian.org/security/faq -...
Net-SNMP DoS
Few DoS conditions...
[ MDVSA-2014:052 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:052 http://www.mandriva.com/en/support/security/ Package : net-snmp Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated net-snmp packages fix two vulnerabilities: Remotely...
Open-Xchange Security Advisory 2014-03-17
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.4.1 and 7.4.2 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.1-rev10, 7.4.2-rev...
EMC Connectrix Manager information leakage
Files access is possible...
Apache security vulnerabilities
modlogconfig DoS, moddav buffer overflow...
OpenXchange crossite scripting
Crossite scripting on MS Office and EML documents viewing...
[ MDVSA-2014:065 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:065 http://www.mandriva.com/en/support/security/ Package : apache Date : March 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...
[ MDVSA-2014:066 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:066 http://www.mandriva.com/en/support/security/ Package : nss Date : March 20, 2014 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in mozilla NSS: In a...
Open-Xchange Security Advisory 2014-02-10
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30820 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev31, 7.4.0-rev27,...
[SECURITY] [DSA 2877-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...
lighttpd security vulnerabilities
SQL injection, directory traversal...
NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation
...................................... Vulnerability Summary ...................................... Title Nessus Authenticated Scan - Local Privilege Escalation Release Date 20 March 2014 Reference NGS00643 Discoverer Neil Jones Vendor Tenable Vendor Reference RWZ-21387-181 Systems Affected Nessu...
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability
ESA-2014-018.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability EMC Identifier: ESA-2014-018 CVE Identifier: CVE-2014-2276 Severity Rating: CVSS v2 Base Score: CVSS: 5 AV:N/AC:L/Au:N/C:P/I:N/A:N...
Cisco Unified SIP Phone 3905 unauthorized access
Undocumented TCP/7870 service...
Cisco Intrusion Prevention System multiple security vulnerabilities
Few different DoS conditions...
Cisco Wireless LAN Controller multiple security vulnerabilities
Memory corruption, race conditions, DoS...
Cisco AsyncOS code execution
Code execution on mail check...
Cisco UCS Director default credentials
default root account is accessible via ssh...
Cisco SMB routers authemtication bypass
It's possible to bypass authentication for web administration interface...
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
Title: ====== Router CISCO RV110W - RV215W - CVR100W - Bypass Login Page Date: ===== 05/03/2014 CVE Number: ============ CVE-2014-0683 Cisco Security Advisory: =========== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd Status: ======== Reported to Cisco...
Cisco Firewall Services Module DoS
Race conditions in cut-through proxy function...
[ MDVSA-2014:061 ] oath-toolkit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:061 http://www.mandriva.com/en/support/security/ Package : oath-toolkit Date : March 14, 2014 Affected: Business Server 1.0 Problem Description: Updated oath-toolkit packages fix security vulnerability: It w...
Microsoft Windows multiple security vulnerabilities
DirectShow memory corruptions, SilverLight restrictions bypass, SAMR restrictions bypass, kernel mode drivers privilege escalations...
sudo security vulnerabilities
Restrictions bypass...
Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20140311 Date: 11th March 2014 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...
[ MDVSA-2014:063 ] x2goserver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:063 http://www.mandriva.com/en/support/security/ Package : x2goserver Date : March 17, 2014 Affected: Business Server 1.0 Problem Description: Updated x2goserver package fixes security vulnerability: A...
Remote Root via HP-UX rlpdaemon
Invalid printing commands parsing allows code executions...
[ MDVSA-2014:060 ] imapsync
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:060 http://www.mandriva.com/en/support/security/ Package : imapsync Date : March 14, 2014 Affected: Business Server 1.0 Problem Description: Updated imapsync package fixes security vulnerabilities: Imapsync,...