47153 matches found
[SECURITY] [DSA 2847-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2847-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2014 http://www.debian.org/security/faq -...
Ammyy Admin - Hidden hard-coded option and Access Control vulnerability.
Title: ==== Ammyy Admin - Hidden hard-coded option and Access Control vulnerability. Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ==== - CVE-2013-5581 for hidden hard-coded option CWE-255. - CVE-2013-5582 for failure...
[CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)
ADVISORY INFORMATION ======================== Title: GoToMeeting Information Disclosure via Logging Output Android CVE: CVE-2014-1664 CVE Information: ASSIGNED Date published: PUBLIC Date of last update: 01/23/2014 Vendor Contacted: Citrix Release mode: Coordinated Release 2. VULNERABILITY...
[ MDVSA-2014:021 ] perl-Proc-Daemon
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:021 http://www.mandriva.com/en/support/security/ Package : perl-Proc-Daemon Date : January 24, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated perl-Proc-Daemon package...
AmmyAdmin hidden options
Few hidden options allow to use application as a backdoor...
Apache Cordova/PhoneGap multiple security vulnerabilities
Protection bypass, information leakage...
[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
Advisory ID: hag201476 Product: Mediatrix Web Management Interface Vendor: Media5 Corporation Vulnerable Versions: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 Advisory Publication: January 23, 2014 Vendor...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Multiple Vulnerabilities in Eventum
Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...
libotr downgrade attacks
It's possible to downgrade protocol to 1st version...
[USN-2096-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-2096-1 January 31, 2014 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-2091-1] OTR vulnerabilities
========================================================================== Ubuntu Security Notice USN-2091-1 January 29, 2014 libotr vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 2849-1] curl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...
QEMU / Xen multiple security vulnerabilities
DoS, privilege escalation...
[USN-2092-1] QEMU vulnerabilities
========================================================================== Ubuntu Security Notice USN-2092-1 January 30, 2014 qemu, qemu-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its...
Mozilla Thunderbird code execution
It's possible to execute javascript via object tag...
Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability
Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
Hello All, Those concerned about security of Java PaaS Platform as a Service or cloud services in general might find the following information interesting. Security Explorations discovered multiple security vulnerabilities in the environment of Oracle 1 Java Cloud Service 2. Among a total of 28...
[ MDVSA-2014:010 ] memcached
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:010 http://www.mandriva.com/en/support/security/ Package : memcached Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been...
memcached multiple security vulnerabilities
Authentication bypass if SASL is used, few DoS conditions...
[ MDVSA-2014:019 ] elinks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:019 http://www.mandriva.com/en/support/security/ Package : elinks Date : January 22, 2014 Affected: Business Server 1.0 Problem Description: Updated elinks package fixes security vulnerability: When verifyin...
[ MDVSA-2014:022 ] augeas
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:022 http://www.mandriva.com/en/support/security/ Package : augeas Date : January 24, 2014 Affected: Business Server 1.0 Problem Description: Updated augeas packages fix security vulnerabilities: Multiple fla...
[FFRRA-20131213] Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20
FFRI, Inc. Security Advisory Crafted packet can cause denial of service on Juniper SSG20 2014/01/14 === Summary === Crafted ICMP ECHO REQUEST can cause denial of service on Juniper SSG20 === Severity === Middle === Affected Products === Juniper SSG20 Screen OS Firmware Version 6.1.0r5.0 ===...
libsvg information leakage
Information leakage via external entities...
[ MDVSA-2014:009 ] librsvg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:009 http://www.mandriva.com/en/support/security/ Package : librsvg Date : January 17, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Updated librsvg and gtk+3.0 packages fix...
OpenJPEG library multiple security vulnerabilities
Memory corruptions, buffer overflows, information leakage...
Mozilla NSS SSL connection spoofing
Invalid TLS False Start feature implementation...
elinks SSL vulnerability
User is not warned on certificate problems...
[ MDVSA-2014:008 ] openjpeg
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:008 http://www.mandriva.com/en/support/security/ Package : openjpeg Date : January 17, 2014 Affected: Business Server 1.0 Problem Description: Updated openjpeg package fixes security vulnerabilities: Multipl...
PHP DoS
Crash on parsing date intervals...
libvirt security vulnerabilities
Few DoS conditions...
APPLE-SA-2014-01-22-1 iTunes 11.1.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-01-22-1 iTunes 11.1.4 iTunes 11.1.4 is now available and addresses the following: iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may...
Juniper SSG20 DoS
Crash on ICMP packet processing...
Augeas multiple security vulnerabilities
Weak permissions, symbolic links vulnerabilities...
[SECURITY] [DSA 2846-1] libvirt security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2846-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 17, 2014 http://www.debian.org/security/faq -...
Apple iTunes multiple security vulnerabilities
Multiple vulnerabilities on different formats parsing...
[USN-2088-1] NSS vulnerability
========================================================================== Ubuntu Security Notice USN-2088-1 January 23, 2014 nss vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[ MDVSA-2014:014 ] php
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:014 http://www.mandriva.com/en/support/security/ Package : php Date : January 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in php: Th...
bsnmpd buffer overflow
Buffer overflow on GETBULK request processing...
CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...
[USN-2082-1] CUPS vulnerability
========================================================================== Ubuntu Security Notice USN-2082-1 January 15, 2014 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
ejabberd weak cypher
Weak cyphers vulnerability allows to lower protocol version...
Starbucks mobile application information leakage
Insecure user data storing...
libxslt DoS
Crash on XSLT documents parsing...
[CVE-2014-1238] Cross Site Scripting(XSS) in q-pulse application
Cross-Site Scripting XSS in Q-Pulse application Advisory ID: hag201475 Product: q-pulse risk management software Vendor: q-pulse Vulnerable Versions: 0.6 and probably prior Tested Version: 0.6 Advisory Publication: Januray 14, 2013 Vendor Notification: July 31, 2013 Public Disclosure: December 31...
[SECURITY] [DSA 2841-1] movabletype-opensource security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2841-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 11, 2014 http://www.debian.org/security/faq -...
[ MDVSA-2014:005 ] ejabberd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:005 http://www.mandriva.com/en/support/security/ Package : ejabberd Date : January 16, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been discovered and corrected in ejabberd: T...
[CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application
Title: CVE-2014-0647 Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application Published: January 13, 2014 Reported to Vendor: December 2013 no direct response CVE Reference: CVE-2014-0647 Credit: This issue was discovered by Daniel E. Wood...
cups information leakage
lppasswd allows to read information from local files...