Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014113155187198159176104
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

[security bulletin] HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information security-alert (Jul 22)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04370307

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04370307
Version: 1

HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized
Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...

Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability Vulnerability Lab (Jul 22)
Document Title:
===============
Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=890

Barracuda Networks Security ID (BNSEC): BNSEC-1176
https://www.barracuda.com/support/knowledgebase/501600000013gvh

Solution #00006521
BNSEC-01176: Authenticated non-persistent XSS in Barracuda Spam and Virus...

Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 audit1 (Jul 22)
We discovered a vulnerability in the Symantec Endpoint Protection Manager web application.

Vulnerability Type: Login Bruteforce

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov () a2secure com
Sisco Barrera sbarrera () a2secure com
Andrea Bodei abodei () a2secure com

Products and affected versions:
SYMANTEC ENDPOINT PROTECTION MANAGER...

Cross-site Scripting in EventLog Analyzer 9.0 build #9000 audit1 (Jul 22)
We discovered a vulnerability in the EventLog Analyzer web application.

Vulnerability Type: Cross-site Scripting

Original Release: June 20, 2014

Discovered by:
Security Team - A2SECURE
Artëm Tsvetkov atsvetkov () a2secure com
Sisco Barrera sbarrera () a2secure com
Andrea Bodei abodei () a2secure com

Products and affected versions:
MANAGEENGINE EVENTLOG ANALYZER 9.0 build #9000

Company:...

[oCERT-2014-004] Ansible input sanitization errors Andrea Barisani (Jul 22)
#2014-004 Ansible input sanitization errors

Description:

The Ansible project is an open source configuration management platform.

The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an attacker is
able to control certain playbook variables.

The first vulnerability involves the escalation of a local permission access
level into arbitrary code execution. The code...

Call for Papers / Speakers for ISACA Ireland Conference on 3rd Oct in Dublin president (Jul 22)
ISACA Ireland is seeking innovated session proposals that will engage an audience of information security, assurance.
audit, privacy, governance, risk and compliance professionals. Speakers should offer real-world examples, “war
stories”, case studies, successes and failures, examples of actual tools and working papers used, and insights on
emerging issues. As a guideline the following is a list of suggested topics which is not intended to...

[SECURITY] [DSA 2983-1] drupal7 security update Moritz Muehlenhoff (Jul 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Multiple...

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update Moritz Muehlenhoff (Jul 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...

KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures (Jul 21)
Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation KoreLogic Disclosures (Jul 21)
Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. Jordan Sissel (Jul 21)
Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...

[SECURITY] [DSA 2981-1] polarssl security update Salvatore Bonaccorso (Jul 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure i amroot (Jul 21)
Product: Nessus
Vendor: Tenable Network Security‎
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...

ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability Security Alert (Jul 18)
ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability

EMC Identifier: ESA-2014-074

CVE Identifier: CVE-2014-2519

Severity Rating: CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)

Affected products:
• EMC RecoverPoint 4.1

Summary:
EMC RecoverPoint Appliance (RPA) 4.1 has the internal firewall disabled by default.

Details:

The firewall rule in EMC RPA 4.1 to drop incoming connections except...

Microsoft MSN HBE - Blind SQL Injection Vulnerability Vulnerability Lab (Jul 18)
Document Title:
===============
Microsoft MSN HBE - Blind SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1183

Video: http://www.vulnerability-lab.com/get_content.php?id=1282

Vulnerability Magazine:
http://vulnerability-db.com/magazine/articles/2014/07/17/vl-core-team-published-blind-sql-injection-vulnerability-video-poc-msrc

Release Date:
=============
2014-07-17...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]