47153 matches found
Open-Xchange Security Advisory 2013-08-16
Product: Open-Xchange AppSuite / HTMLCleaner Vendor: Open-Xchange GmbH / HTMLCleaner team Internal reference: 27708 Open-Xchange Bug ID, 86 HTMLcleaner ticket Vulnerability type: Race condition within a thread CWE-366 Vulnerable version: 7.2.2 Vulnerable component: backend Fixed version:...
[USN-1968-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1968-1 September 27, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[USN-1974-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1974-1 September 27, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
XAMPP 1.8.1 Local Write Access Vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...
[CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability
Affected Vendor: http://metaclassy.com/ - Affected Software: Byword for iOS - Affected Version: 2.x prior to 2.1 - Issue Type: Lack of validation/user confirmation leading to destruction of data - Release Date: 29 Sept 2013 - Discovered by: Guillaume Ross - CVE Identifier: CVE-2013-5725 - Issue...
CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.
Details =========================================================== Application: "HylaFAX+" Version: 5.2.4 April, 2008 through 5.5.3 August 6, 2013 Type: Daemon that manages a fax server via an FTP-like protocol. Vendor / Maintainer: Lee Howard faxguy at howardsilvan.com Project Homepage:...
Multiple vulnerabilities in InstantCMS
Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors:...
[SECURITY] [DSA 27671-1] proftpd-dfsg security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2767-1 [email protected] http://www.debian.org/security/ Nico Golde September 29, 2013 http://www.debian.org/security/faq -...
hplip symbolic lcinks vulnerability
Unsafe temporary files handling...
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
Title: ====== Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities Date: ===== 2013-08-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1062 VL-ID: ===== 1063 Common Vulnerability Scoring System: ==================================== 8.8 Introduction:...
eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability
Title: ====== eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability Date: ===== 2013-08-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1064 VL-ID: ===== 1064 Common Vulnerability Scoring System: ==================================== 3.8 Introduction:...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
proftpd DoS
DoS via modsftp and modsftppam modules...
[ MDVSA-2013:243 ] polkit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:243 http://www.mandriva.com/en/support/security/ Package : polkit Date : September 27, 2013 Affected: Business Server 1.0 Problem Description: Updated polkit packages fix security vulnerability: A race...
PolicyKit protection bypass
pkcheck race conditions...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Memory corruptions, integer overdlows, privilege escalations, code executions, information leakage...
ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability
ESA-2013-060.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-060: EMC VPLEX Information Disclosure Vulnerability EMC Identifier: ESA-2013-060 CVE Identifier: CVE-2013-3278 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: • EMC VPLEX Local/Metro/Geo...
Open-Xchange Security Advisory 2013-07-31
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 27473 Bug ID Vulnerability type: Phishing / Data injection Vulnerable version: 7.2.2 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev9, 7.2.1-rev10, 7.2.0-rev11, 7.0.2-rev14 Solution status: Fixed by...
[USN-1978-1] libKDcraw vulnerabilities
========================================================================== Ubuntu Security Notice USN-1978-1 September 30, 2013 libkdcraw vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivative...
libraw / libKDCraw DoS
Crash on raw images parsing...
[USN-1981-1] HPLIP vulnerabilities
========================================================================== Ubuntu Security Notice USN-1981-1 September 30, 2013 hplip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Firefox for Android - Same-origin bypass through symbolic links
CVE Number: CVE-2013-1727 Vender Identifier: MFSA 2013-84 Title: Firefox for Android - Same-origin bypass through symbolic links Affected Software: Prior to v24 confirmed on v14 Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v24 was released which fixes this...
[USN-1979-1] txt2man
========================================================================== Ubuntu Security Notice USN-1979-1 September 30, 2013 txt2man vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
USN-1976-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1976-1 September 30, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
XSS and Redirector vulnerabilities in InstantCMS
Hello 3APA3A! These are Cross-Site Scripting and Redirector vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors: ------------------------- InstantSo...
[ MDVSA-2013:244 ] davfs2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:244 http://www.mandriva.com/en/support/security/ Package : davfs2 Date : September 30, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and...
Multiple vulnerabilities in RokStories for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Subversion symbolic links vulnerabilitiy
Privilege escalation via symbolic links...
FreeBSD multiple security vulnerabilities
ifioctls privilege escalation, nullfs privilege escalation, sendfile information leakage...
HP ProCurve Manager, HP Identity Driven Manager multiple security vulnerabilities
Code execution, session reusage, SQL injection...
FreeBSD Security Advisory FreeBSD-SA-13:12.ifioctl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:12.ifioctl Security Advisory The FreeBSD Project Topic: Insufficient credential checks in network ioctl2 Category: core Module: sysnetinet6 sysnetatm Announced...
[ MDVSA-2013:229 ] bzr
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:229 http://www.mandriva.com/en/support/security/ Package : bzr Date : September 10, 2013 Affected: Business Server 1.0 Problem Description: Updated bzr packages fix security vulnerabilities: A denial of...
python libraries security vulnerabilities
SSL certificates parsing DoS, protection bypass...
FreeBSD Security Advisory FreeBSD-SA-13:11.sendfile
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:11.sendfile Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sendfile2 Category: core Module: sendfile Announced: 2013-09-10 Credits: E...
Sophos Web Protection Appliance code execution
Few command injections...
[slackware-security] subversion (SSA:2013-251-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security subversion SSA:2013-251-01 New subversion packages are available for Slackware 14.0 and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+...
[security bulletin] HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03897409 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03897409 Version: 1 HPSBPV02918 rev....
Microsoft Windows multiple security vulnerabilities
OLE code execution, Windows Theme files code execution, kernel mode drivers privilege escalation, SCM privilege escalation, Acrive Directory DoS...
Multiple vulnerabilities on D-Link Dir-505 devices
Multiple vulnerabilities on D-Link Dir-505 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link Dir-505 devices Discovery date: 05/04/2013 Release date: 09/09/2013 Credits: Alessandro Di Pinto alessandro.dipinto artificialstudio...
D-Link DIR-505 routers multiple security vulnerabilities
Code execution, directory taversal, weak encryption, privilege escalation, authentication bypass...
Microsoft Frontpage information leakage
XML information disclosure...
Microsoft Internet Explorer multiple security vulnerabilities
Multiple memory corruptions...
Microsoft Office multiple security vulnerabilities
Memory corruption on Outlook S/MIME parsing. Information leakage, multiple memory corruptions...
FreeBSD Security Advisory FreeBSD-SA-13:13.nullfs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:13.nullfs Security Advisory The FreeBSD Project Topic: Cross-mount links between nullfs5 mounts Category: core Module: nullfs Announced: 2013-09-10 Credits:...
[ MDVSA-2013:227 ] python-setuptools
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:227 http://www.mandriva.com/en/support/security/ Package : python-setuptools Date : September 9, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been...
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...
RSA Archer GRC security vulnerabilities
Invalid login restrictions, open redirect...
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059)
VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass Pwn2Own 2013 / MS13-059 Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Microsoft Internet Explorer is a web browser developed by Microsoft and included as pa...
[KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities
--------------------------------------------------------------------------------- vtiger CRM = 5.4.0 customerportal.php Two Local File Inclusion Vulnerabilities --------------------------------------------------------------------------------- - Software Link: http://www.vtiger.com/ - Affected...