BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 14 min 39 sec ago

London DEFCON - September 30th 2014

15 hours 11 min ago

Posted by Major Malfunction on Sep 30

Yes, that's tonight!

Apologies for the late notice - I've been travelling. A lot.

In the meantime, The Phoenix finished their refurb and is back up and
running, and looking pretty swanky, so I'm looking forward to seeing
what's new... Let's hope they haven't changed the beer! :)

We don't have any specific talks scheduled for this month, but as
always, if you've got something interesting you want to...
Categories:

[slackware-security] bash (SSA:2014-272-01)

15 hours 19 min ago

Posted by Slackware Security Team on Sep 30

[slackware-security] bash (SSA:2014-272-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.050-i486-1_slack14.1.txz: Upgraded.
Another bash update. Here's some information included with the patch:
"This patch changes the encoding bash uses for...
Categories:

[slackware-security] seamonkey (SSA:2014-271-03)

15 hours 27 min ago

Posted by Slackware Security Team on Sep 30

[slackware-security] seamonkey (SSA:2014-271-03)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.29.1-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:...
Categories:

[slackware-security] mozilla-thunderbird (SSA:2014-271-02)

15 hours 36 min ago

Posted by Slackware Security Team on Sep 30

[slackware-security] mozilla-thunderbird (SSA:2014-271-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-24.8.1-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[ MDVSA-2014:191 ] perl-XML-DT

15 hours 47 min ago

Posted by security on Sep 30

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:191
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : perl-XML-DT
Date : September 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]

September 29, 2014 - 7:55am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass (insecure message signing) : CVE-2014-5376]##

Software: Moab
Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8
CVE Reference: CVE-2014-5376
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Provided additional guidance in 7.2.9 release notes (MOAB-7480)

##[Description]...
Categories:

Moab User Impersonation [CVE-2014-5375]

September 29, 2014 - 7:41am

Posted by john . fitzpatrick on Sep 29

##[Moab User Impersonation : CVE-2014-5375]##

Software: Moab
Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8.
CVE Reference: CVE-2014-5375
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Updates in Moab 7.2.9 and Moab 8 provide some mitigations

##[Description]

It is possible to submit jobs...
Categories:

Moab Authentication Bypass [CVE-2014-5300]

September 29, 2014 - 7:33am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass : CVE-2014-5300]##

Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Resolved in Moab 7.2.9 and Moab 8

##[Description]

It is possible to bypass authentication within Moab in order to impersonate and run commands/operations as...
Categories:

[slackware-security] mozilla-firefox (SSA:2014-271-01)

September 29, 2014 - 7:25am

Posted by Slackware Security Team on Sep 29

[slackware-security] mozilla-firefox (SSA:2014-271-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[SECURITY] [DSA 3039-1] chromium-browser security update

September 29, 2014 - 7:15am

Posted by Michael Gilbert on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3039-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
September 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-3160...
Categories:

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

September 29, 2014 - 7:05am

Posted by Pedro Ribeiro on Sep 29

Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload with directory traversal as well as an
arbitrary file deletion vulnerability. The file upload can be abused
to deliver a WAR payload in the Tomcat...
Categories:

[SECURITY] [DSA 3038-1] libvirt security update

September 29, 2014 - 6:57am

Posted by Salvatore Bonaccorso on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3038-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2014-0179 CVE-2014-3633
Debian...
Categories:

Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon

September 29, 2014 - 6:47am

Posted by Aditya Gupta on Sep 29

Hello everyone,

I'm glad to announce that, I'll be running a 2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro
and on a set of vulnerable labs built for Toorcon...
Categories:

WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies

September 29, 2014 - 6:38am

Posted by ML on Sep 29

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[SECURITY] [DSA 3037-1] icedove security update

September 29, 2014 - 5:38am

Posted by Yves-Alexis Perez on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3037-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
September 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1568

Antoine...
Categories:

SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

September 26, 2014 - 8:53am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
SmarterTools Smarter Track 6-10 - Information Disclosure

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1298

Tracking ID: 088-1B879F0C-0A22

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1298

Common Vulnerability Scoring System:
====================================
6.1

Product & Service...
Categories:

Oracle Corporation MyOracle - Persistent Vulnerability

September 26, 2014 - 8:43am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001

Release Date:
=============
2014-09-17

Vulnerability Laboratory ID (VL-ID):
====================================
1261

Common Vulnerability Scoring System:...
Categories:

Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

September 26, 2014 - 8:32am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=660

Release Date:
=============
2014-09-18

Vulnerability Laboratory ID (VL-ID):
====================================
660

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...
Categories:

Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

September 26, 2014 - 8:20am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=716

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
716

Common Vulnerability Scoring System:
====================================
4.1

Product & Service Introduction:...
Categories:

GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

September 26, 2014 - 8:08am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1325

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:...
Categories: