BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 25 min 54 sec ago

Call for Papers - WorldCIST'15 - Azores, Deadline: November 23

October 30, 2014 - 8:54am

Posted by ML on Oct 30

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[slackware-security] wget (SSA:2014-302-01)

October 30, 2014 - 8:46am

Posted by Slackware Security Team on Oct 30

[slackware-security] wget (SSA:2014-302-01)

New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wget-1.14-i486-3_slack14.1.txz: Rebuilt.
This update fixes a symlink vulnerability that could allow an attacker
to write outside of the expected directory.
For more information,...
Categories:

[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

October 30, 2014 - 8:36am

Posted by security-alert on Oct 30

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 2

HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...
Categories:

[SECURITY] [DSA 3059-1] dokuwiki security update

October 30, 2014 - 8:26am

Posted by Moritz Muehlenhoff on Oct 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3059-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 29, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dokuwiki
CVE ID : CVE-2014-8761 CVE-2014-8762...
Categories:

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare

October 29, 2014 - 12:54pm

Posted by research on Oct 29

Nuevolabs Nuevoplayer for clipshare SQL Injection
=======================================================================

:: ADVISORY SUMMARY ::
Title: Nuevolabs Nuevoplayer for clipshare Sql Injection
Vendor: NUEVOLABS (www.nuevolabs.com)
Product: NUEVOPLAYER for clipshare
Credits: Cory Marsh - protectlogic.com
Discovery: 2014-10-10
Release: 2014-10-28

Nueovplayer is a popular flash video player with integration into multiple...
Categories:

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

October 29, 2014 - 12:44pm

Posted by SEC Consult Vulnerability Lab on Oct 29

SEC Consult Vulnerability Lab Security Advisory < 20141029-1 >
=======================================================================
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version: 4.0.12
impact: high
homepage: http://www.refinedwiki.com/
found: 2014-08-07
by: Manuel...
Categories:

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel

October 29, 2014 - 12:36pm

Posted by SEC Consult Vulnerability Lab on Oct 29

SEC Consult Vulnerability Lab Security Advisory < 20141029-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version: -
impact: critical
homepage: http://www.vizensoft.com
found: 2014-07-10
by: A. Antukh, A. Baranov...
Categories:

Multiple vulnerabilities in EspoCRM

October 29, 2014 - 12:26pm

Posted by High-Tech Bridge Security Research on Oct 29

Advisory ID: HTB23238
Product: EspoCRM
Vendor: http://www.espocrm.com
Vulnerable Version(s): 2.5.2 and probably prior
Tested Version: 2.5.2
Advisory Publication: October 8, 2014 [without technical details]
Vendor Notification: October 8, 2014
Vendor Patch: October 10, 2014
Public Disclosure: October 29, 2014
Vulnerability Type: PHP File Inclusion [CWE-98], Improper Access Control [CWE-284], Cross-Site Scripting [CWE-79]
CVE References:...
Categories:

[ MDVSA-2014:212 ] wget

October 29, 2014 - 12:16pm

Posted by security on Oct 29

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wget
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:211 ] wpa_supplicant

October 29, 2014 - 12:07pm

Posted by security on Oct 29

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:211
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wpa_supplicant
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

October 29, 2014 - 11:58am

Posted by security-alert on Oct 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 1

HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...
Categories:

[SECURITY] [DSA 3050-2] xulrunner update

October 29, 2014 - 11:48am

Posted by Moritz Muehlenhoff on Oct 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...
Categories:

phpfusion (Search Page) Denial of Service Vulnerability

October 28, 2014 - 11:04am

Posted by iedb . team on Oct 28

phpfusion All version suffers from a denial of service vulnerability.

#!/usr/bin/perl
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
#...
Categories:

[ MDVSA-2014:210 ] mariadb

October 28, 2014 - 10:54am

Posted by security on Oct 28

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mariadb
Date : October 28, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA

October 28, 2014 - 10:46am

Posted by liezelle on Oct 28

All the papers will be submitted to IEEE for potential inclusion to IEEE
Xplore as well as other Abstracting and Indexing (A&I) databases.
========================================================================
CALL FOR PAPERS
The Third International Conference on Digital Information,
Networking, and Wireless Communications (DINWC2015)
February 3-5, 2015
University of Synergy...
Categories:

[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code

October 28, 2014 - 10:34am

Posted by security-alert on Oct 28

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04473828

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04473828
Version: 1

HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache
Struts, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information

October 28, 2014 - 10:26am

Posted by security-alert on Oct 28

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487990

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487990
Version: 1

HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local
Security Manager (LSM) running SSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted...
Categories:

Re: vulnerabilities in libbfd (CVE-2014-beats-me)

October 28, 2014 - 10:17am

Posted by Mike Frysinger on Oct 28

a few have been reported recently, but not sure if this is the same one. best
to file a bug on sourceware.org/bugzilla/ and as people walk through the
reports, collapse as needed.

sure, but honestly, invoking bfd in any sort of security sensitive context is a
terrible terrible idea. it's full of range issues like this (by nature of its
job), and will continue to be so. unless we switch to a language like python
where exceeding...
Categories:

Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

October 28, 2014 - 10:06am

Posted by Vulnerability Lab on Oct 28

Document Title:
===============
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1352

Google Security ID: [9-5942000004564]

View: https://www.youtube.com/watch?v=656LM9zGLxc

Article:
http://vulnerability-db.com/magazine/articles/2014/10/25/google-youtube-persistent-cross-site-vulnerability-demonstration-video...
Categories:

Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

October 28, 2014 - 9:56am

Posted by Vulnerability Lab on Oct 28

Document Title:
===============
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1348

Release Date:
=============
2014-10-24

Vulnerability Laboratory ID (VL-ID):
====================================
1348

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...
Categories: