BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 9 min ago

[ MDVSA-2015:050 ] patch

7 hours 16 min ago

Posted by security on Mar 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:050
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : patch
Date : March 2, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[security bulletin] HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS)

7 hours 35 min ago

Posted by security-alert on Mar 02

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04582371

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04582371
Version: 1

HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online
Help for Windows and Linux, Remote Cross-site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon...
Categories:

[ MDVSA-2015:049 ] cups

11 hours 58 min ago

Posted by security on Mar 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:049
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : cups
Date : March 2, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated cups...
Categories:

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2

12 hours 7 min ago

Posted by edricteo on Mar 02

[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2

----------------------------------------------------------------

Product Information:

Software: ATutor LCMS
Tested Version: 2.2, released 25.8.2014
Vulnerability Type: Cross-Site Request Forgery, CSRF (CWE-352)
Download link: http://atutor.ca/atutor/download.php
Description: ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility...
Categories:

BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0

12 hours 15 min ago

Posted by edricteo on Mar 02

BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0

----------------------------------------------------------------

Product Information:

Software: BEdita CMS
Tested Version: 3.5.0, released 19.1.2015
Vulnerability Type: Cross-Site Scripting (CWE-79) & Cross-Site Request Forgery, CSRF (CWE-352)
Download link: http://www.bedita.com/download-bedita
Description: A software to create, manage content and organize it with semantic rules....
Categories:

SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home

February 27, 2015 - 7:30am

Posted by SEC Consult Vulnerability Lab on Feb 27

SEC Consult Vulnerability Lab Security Advisory < 20150227-0 >
=======================================================================
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware: 5.49; Android-App: 3.4.1
fixed version: 6.3
impact: High
homepage: http://www.loxone.com
found: 2014-07-02
by: Daniel Schwarz...
Categories:

Wordpress Media Cleaner Plugin - XSS Vulnerability

February 27, 2015 - 7:20am

Posted by iletisim on Feb 27

# Exploit Title: Wordpress Media Cleaner - XSS
# Author: &#304;smail SAYGILI
# Web Site: www.ismailsaygili.com.tr
# E-Mail: iletisim () ismailsaygili com tr
# Date: 2015-02-26
# Plugin Download: https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip
# Version: 2.2.6

# Vulnerable File(s):
                [+] wp-media-cleaner.php

# Vulnerable Code(s):
[+] 647. Line...
Categories:

[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

February 27, 2015 - 7:13am

Posted by Jeremy Boynes on Feb 27

CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Standard Taglibs 1.2.1
The unsupported 1.0.x and 1.1.x versions may also be affected.

Description:
When an application uses <x:parse> or <x:transform> tags to process untrusted XML documents, a request may utilize
external entity references to access resources on the host system or utilize...
Categories:

HelpDezk 1.0.1 Multiple Vulnerabilities

February 27, 2015 - 7:06am

Posted by dennis . veninga on Feb 27

# Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities
# Google Dork: "intext: helpdezk-community-1.0.1"
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://www.helpdezk.org/
# Vendor contacted: 26-2-2015
# Version: 1.0.1
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

HelpDezk ->
Version: 1.0.1
Type: Multiple Critical Vulnerabilities
Severity: Critical...
Categories:

Cross-Site-Scripting (XSS) in tcllib's html::textarea

February 27, 2015 - 6:57am

Posted by Ben Fuhrmannek on Feb 27

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Cross-Site-Scripting (XSS) in tcllib's html::textarea
Release Date: 26 February 2015
Last Modified: 26 February 2015
Author: Ben Fuhrmannek [ben.fuhrmannek[at]sektioneins.de]

Application: tcllib - Tcl standard library - versions 1.0.0 to 1.16;...
Categories:

[SECURITY] [DSA 3176-1] request-tracker4 security update

February 26, 2015 - 1:18pm

Posted by Salvatore Bonaccorso on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3176-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
February 26, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : request-tracker4
CVE ID : CVE-2014-9472...
Categories:

Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities

February 26, 2015 - 11:16am

Posted by Vulnerability Lab on Feb 26

Document Title:
===============
Wireless File Transfer Pro Android - CSRF Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1437

Release Date:
=============
2015-02-25

Vulnerability Laboratory ID (VL-ID):
====================================
1437

Common Vulnerability Scoring System:
====================================
2.3

Product & Service Introduction:...
Categories:

Data Source: Scopus CMS - SQL Injection Web Vulnerability

February 26, 2015 - 11:06am

Posted by Vulnerability Lab on Feb 26

Document Title:
===============
Data Source: Scopus CMS - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1436

Release Date:
=============
2015-02-25

Vulnerability Laboratory ID (VL-ID):
====================================
1436

Common Vulnerability Scoring System:
====================================
8.9

Abstract Advisory Information:...
Categories:

DSS TFTP 1.0 Server - Path Traversal Vulnerability

February 26, 2015 - 10:56am

Posted by Vulnerability Lab on Feb 26

Document Title:
===============
DSS TFTP 1.0 Server - Path Traversal Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1440

Release Date:
=============
2015-02-26

Vulnerability Laboratory ID (VL-ID):
====================================
1440

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:
===============================...
Categories:

D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities

February 26, 2015 - 10:47am

Posted by Peter Adkins on Feb 26

Discovered by:
----
Peter Adkins <peter.adkins () kernelpicnic net>

Access:
----
Local network; unauthenticated access.
Remote network; unauthenticated access*.
Remote network; 'drive-by' via CSRF.

Tracking and identifiers:
----
CVE - Mitre contacted; not yet allocated.

Platforms / Firmware confirmed affected:
----
D-Link DIR-820L (Rev A) - v1.02B10
D-Link DIR-820L (Rev A) - v1.05B03
D-Link DIR-820L (Rev B) - v2.01b02
TRENDnet...
Categories:

[slackware-security] mozilla-firefox (SSA:2015-056-01)

February 26, 2015 - 10:36am

Posted by Slackware Security Team on Feb 26

[slackware-security] mozilla-firefox (SSA:2015-056-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.5.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[slackware-security] mozilla-thunderbird (SSA:2015-056-02)

February 26, 2015 - 10:27am

Posted by Slackware Security Team on Feb 26

[slackware-security] mozilla-thunderbird (SSA:2015-056-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.5.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

February 26, 2015 - 10:18am

Posted by security-alert on Feb 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04580241

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04580241
Version: 1

HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories:

[security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites

February 26, 2015 - 10:07am

Posted by security-alert on Feb 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04556853

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04556853
Version: 2

HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS) and Other Vulnerabilites

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[SECURITY] [DSA 3175-1] kfreebsd-9 security update

February 26, 2015 - 9:57am

Posted by Moritz Muehlenhoff on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3175-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kfreebsd-9
CVE ID : CVE-2015-1414

Mateusz...
Categories: