47153 matches found
HP System Management Homepage security vulnerabilities
Crossite scripting, information leakage...
HP Smart Update Manager privilege escalation
No description provided...
[security bulletin] HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04174142 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04174142 Version: 1 HPSBUX02976...
MS14-010 CVE-2014-0293 Technical Details and Code(I changed the web permanently)
Origin: Visit http://technet.microsoft.com/en-us/security/bulletin/ms14-010 Check "Acknowledgments" for "CVE-2014-0293". It says "Dieyu" and links to my website http://dieyu.org/ Technical Details: showModalDialog to keep script running, HTTP redirecting to target domain. Then script will run in...
EMC RSA Authentication Manager crossframe scripting
Self-Service Console cross frame scripting...
CVE-2013-6955 Synology DSM remote code execution
Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...
HP StoreOnce unauthorized access
No description provided...
[security bulletin] HPSBMU02967 rev.2 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iNote: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04122007 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04122007 Version: 2 HPSBMU02967 rev...
Synology DiskStation Manager code execution
Code execution via web interface...
[security bulletin] HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04039150 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04039150 Version: 1 HPSBMU02948 rev....
[security bulletin] HPSBST02968 rev.1 - HP StoreOnce, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04126368 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04126368 Version: 1 HPSBST02968 rev....
[security bulletin] HPSBUX02963 SSRT101297 rev.1 - HP-UX m4(1), Local Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04103553 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04103553 Version: 1 HPSBUX02963...
Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
Buffer overflows, memory corruptions, information leakage, privilege escalation, protection bypass, unauthorized access, interface spoofing...
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
Hi, We have recently discovered a series of vulnerabilities in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data such as cookies and cached information which reside in...
[oCERT-2014-002] Xalan-Java insufficient secure processing
2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...
EMC RSA BSAFE Micro Edition DoS
Server crash on certificate check...
OpenSSH protection bypass
Invalid wildcard expressions parsing...
[SECURITY] [DSA 2884-1] libyaml security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2884-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 26, 2014 http://www.debian.org/security/faq -...
[USN-2153-1] initramfs-tools vulnerability
========================================================================== Ubuntu Security Notice USN-2153-1 March 24, 2014 initramfs-tools vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
[SECURITY] [DSA 2883-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2883-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 23, 2014 http://www.debian.org/security/faq -...
initramfs-tools weak permissions
/run is mounted withour noexec option...
Microsoft Office memory corruption
Microsoft Word RTF parsing 0-day vulnerability is exploited in-the-wild...
Open-Xchange Security Advisory 2014-02-10
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 30820 Bug ID Vulnerability type: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page Vulnerable version: 7.4.1 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev31, 7.4.0-rev27,...
EMC Connectrix Manager information leakage
Files access is possible...
lighttpd security vulnerabilities
SQL injection, directory traversal...
[ MDVSA-2014:065 ] apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:065 http://www.mandriva.com/en/support/security/ Package : apache Date : March 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...
[SECURITY] [DSA 2877-1] lighttpd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2877-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 12, 2014 http://www.debian.org/security/faq -...
OpenXchange crossite scripting
Crossite scripting on MS Office and EML documents viewing...
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability
ESA-2014-018.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability EMC Identifier: ESA-2014-018 CVE Identifier: CVE-2014-2276 Severity Rating: CVSS v2 Base Score: CVSS: 5 AV:N/AC:L/Au:N/C:P/I:N/A:N...
[ MDVSA-2014:066 ] nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:066 http://www.mandriva.com/en/support/security/ Package : nss Date : March 20, 2014 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in mozilla NSS: In a...
[ MDVSA-2014:052 ] net-snmp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:052 http://www.mandriva.com/en/support/security/ Package : net-snmp Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated net-snmp packages fix two vulnerabilities: Remotely...
Apache security vulnerabilities
modlogconfig DoS, moddav buffer overflow...
NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation
...................................... Vulnerability Summary ...................................... Title Nessus Authenticated Scan - Local Privilege Escalation Release Date 20 March 2014 Reference NGS00643 Discoverer Neil Jones Vendor Tenable Vendor Reference RWZ-21387-181 Systems Affected Nessu...
Net-SNMP DoS
Few DoS conditions...
Open-Xchange Security Advisory 2014-03-17
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 31065 Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.4.1 and 7.4.2 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.4.1-rev10, 7.4.2-rev...
Cisco AsyncOS code execution
Code execution on mail check...
[CVE-2014-0683]Router Cisco RV110W - RV215W - CVR100W - Bypass Login Page - Admin Password Disclosure
Title: ====== Router CISCO RV110W - RV215W - CVR100W - Bypass Login Page Date: ===== 05/03/2014 CVE Number: ============ CVE-2014-0683 Cisco Security Advisory: =========== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd Status: ======== Reported to Cisco...
Cisco Wireless LAN Controller multiple security vulnerabilities
Memory corruption, race conditions, DoS...
Cisco Unified SIP Phone 3905 unauthorized access
Undocumented TCP/7870 service...
Cisco Firewall Services Module DoS
Race conditions in cut-through proxy function...
Cisco SMB routers authemtication bypass
It's possible to bypass authentication for web administration interface...
Cisco Intrusion Prevention System multiple security vulnerabilities
Few different DoS conditions...
Cisco UCS Director default credentials
default root account is accessible via ssh...
oath-toolkit replay attack
Implementation bug leads to replay attack possibility...
[ MDVSA-2014:063 ] x2goserver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:063 http://www.mandriva.com/en/support/security/ Package : x2goserver Date : March 17, 2014 Affected: Business Server 1.0 Problem Description: Updated x2goserver package fixes security vulnerability: A...
sudo security vulnerabilities
Restrictions bypass...
[USN-2146-1] Sudo vulnerabilities
========================================================================== Ubuntu Security Notice USN-2146-1 March 13, 2014 sudo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
imapsync information leakage
Few information leaks...
[ MDVSA-2014:060 ] imapsync
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:060 http://www.mandriva.com/en/support/security/ Package : imapsync Date : March 14, 2014 Affected: Business Server 1.0 Problem Description: Updated imapsync package fixes security vulnerabilities: Imapsync,...
BlackBerry QNX Neutrino RTOS privilege escalation
Privilege escalation via ifwatchd and ppoectl...