Home page logo
/
bugtraq logo
Bugtraq Mailing List

The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2014113155187198159176158108
2013132157159192130126202208149164147150
2012192192173233157192172226130147123157
2011193272320296203184236217198218189188
2010286236267274296269271375236273230284
2009298247289297302270263263243314200318
2008443460400323341233304271351269228272
2007704526485492435369387490407453439364
2006519559598603699763564569514524599439
2005383532553516361300524445366393376342
2004329681368393330476367421467366402470
2003274393464396331260155359528352352353
2002393383438440302380433434312435387278
2001507347479301443776436269276311316
2000439488357266397455434450504448409525
19994024862573001998269377451303385395
1998144118231194234243378306240242296222
199710911910616322521119716477150219188
19962025112021717326892166131153
19952832602272662455080112103299937
199433861201895210613696364144264
19933421

Latest Posts

CVE-2014-4973 - Privilege Escalation in ESET Windows Products Portcullis Advisories (Aug 20)
Vulnerability title: Privilege Escalation in ESET Windows Products
CVE: CVE-2014-4973
Vendor: ESET
Product: ESET Windows Products
Affected version: v5.0 - 7.0 (Firewall Module Build 1183 (20140214) and
earlier)
Fixed version: v6 - v7 (Firewall Module Build 1212 (20140609))
Reported by: Kyriakos Economou

Details:

Versions 5.0 - 7.0 of ESET Smart Security and ESET Endpoint Security
products for Windows XP OS allow a low privileged user to execute...

SQL Injection Vulnerability in ArticleFR High-Tech Bridge Security Research (Aug 20)
Advisory ID: HTB23225
Product: ArticleFR
Vendor: Free Reprintables
Vulnerable Version(s): 3.0.4 and probably prior
Tested Version: 3.0.4
Advisory Publication: July 23, 2014 [without technical details]
Vendor Notification: July 23, 2014
Public Disclosure: August 20, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-5097
Risk Level: High
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Solution...

CVE-2014-5307 - Privilege Escalation in Panda Security Products Portcullis Advisories (Aug 20)
Vulnerability title: Privilege Escalation in Panda Security
CVE: CVE-2014-5307
Vendor: Panda Security
Product: Multiple
Affected version: Panda 2014 Products
Fixed version: Hotfix hft131306s24_r1
Reported by: Kyriakos Economou

Details:

Latest, and possibly earlier builds, of the PavTPK.sys kernel mode
driver of Panda Security software suffer from a heap overflow bug that
allows any user to elevate their privileges through an IOCTL request and...

[SECURITY] [DSA 3007-1] cacti security update Moritz Muehlenhoff (Aug 20)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3007-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
August 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cacti
CVE ID : CVE-2014-5025 CVE-2014-5026...

Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities CERT (Aug 20)
Deutsche Telekom CERT Advisory [DTC-A-20140820-001]

Summary:
Several vulnerabilities were found in check_mk prior versions 1.2.4p4 and 1.2.5i4.
The vulnerabilities are:
1 - Reflected Cross-Site Scripting (XSS)
2 - write access to config files (.mk files)
3 - arbitrary code execution

Recommendations:
Install software release 1.2.4p4, 1.2.5i4 or later.

Homepage: http://mathias-kettner.de/check_mk.html

Details:
a) application
b) problem...

ICETC2014 - IEEE Extended Submission until Aug. 28, 2014 jackie (Aug 20)
Apologies for cross-posting.
Kindly forward to those who may be of interest.
=======================================================================
International Conference on Education Technologies and Computers
(ICETC2014)
Lodz University of Technology, Lodz, Poland
September 22-24, 2014

http://sdiwc.net/conferences/2014/icetc2014

The...

[security bulletin] HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities security-alert (Aug 20)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04404655

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04404655
Version: 1

HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-08-14
Last Updated:...

[security bulletin] HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 20)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398943

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398943
Version: 1

HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as...

[security bulletin] HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert (Aug 20)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04398922

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04398922
Version: 1

HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as...

[security bulletin] HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access security-alert (Aug 20)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401858

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401858
Version: 1

HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running
OpenSSL, Remote Disclosure of Information or Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as...

[security bulletin] HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access security-alert (Aug 20)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04401666

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04401666
Version: 1

HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of
Information or Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...

[Call For Papers] RiseCON - Rosario, Argentina Info RiseCON (Aug 20)
RiseCON - Rosario Information Security Conference 2014
www.risecon.org
Fechas: 6 y 7 de noviembre de 2014
Locación: Plataforma Lavarden (Av Mendoza 1085) - Rosario, Santa Fe, Argentina

RiseCON es el primer y mayor evento de seguridad informática y hacking
realizado en la ciudad de Rosario, con nivel y trascendencia
internacional.

Para la 1º edición de RiseCON convocamos a todos aquellos que se
encuentren interesados en exponer sus...

ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerab ilities Security Alert (Aug 19)
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

EMC Identifier: ESA-2014-071

CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected Products:
RSA Archer GRC Platform version 5.x

Summary:
RSA Archer GRC Platform 5.5 SP1 contains fixes for multiple security vulnerabilities that could potentially be
exploited by malicious...

[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato (Aug 19)
CVE-2014-0232: Apache OFBiz Cross-site scripting (XSS) vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 11.04.01 to 11.04.04
Apache OFBiz 12.04.01 to 11.04.03
The unsupported Apache OFBiz 09.04.x, 10.04.x versions may be also affected

Description:
Result and error messages returned by some OFBiz services could be a vector for XSS attacks.

Mitigation:
11.04.x users should upgrade to...

ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities Security Alert (Aug 19)
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2014-079

CVE Identifier: See below for individual CVEs

Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE

Affected products:
• All EMC Documentum Content Server versions of 7.1 prior to P07
• All EMC Documentum Content Server versions of 7.0
• All EMC Documentum Content Server versions of 6.7...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]