BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 40 min 22 sec ago

[ MDVSA-2014:228 ] phpmyadmin

1 hour 59 sec ago

Posted by security on Nov 26

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:228
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : November 26, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[SECURITY] [DSA 3076-1] wireshark security update

November 25, 2014 - 11:59pm

Posted by Moritz Muehlenhoff on Nov 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3076-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
November 25, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2014-8710 CVE-2014-8711...
Categories:

[security bulletin] HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass

November 25, 2014 - 11:50pm

Posted by security-alert on Nov 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04511778

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04511778
Version: 1

HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote
Authentication Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-11-25...
Categories:

[security bulletin] HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information

November 25, 2014 - 11:43pm

Posted by security-alert on Nov 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04507636

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04507636
Version: 1

HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-11-25...
Categories:

[security bulletin] HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of Information

November 25, 2014 - 11:33pm

Posted by security-alert on Nov 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04507535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04507535
Version: 1

HPSBGN03201 rev.1 - HP Asset Manager running SSLv3, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-11-25
Last...
Categories:

Slider Revolution/Showbiz Pro shell upload exploit

November 25, 2014 - 2:46pm

Posted by simo on Nov 25

#!/usr/bin/perl
#
# Title: Slider Revolution/Showbiz Pro shell upload exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 15 October 2014
# Coded: 15 October 2014
# Updated: 25 November 2014
# Published: 25 November 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: ThemePunch
# Vendor url: http://themepunch.com
# Software: Revslider/Showbiz Pro
# Versions: <= 3.0.95 (Revslider) / Version: <= 1.7.1...
Categories:

[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution

November 25, 2014 - 2:35pm

Posted by security-alert on Nov 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479974

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479974
Version: 1

HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information

November 25, 2014 - 2:27pm

Posted by security-alert on Nov 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04510286

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04510286
Version: 1

HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-11-25
Last...
Categories:

[ MDVSA-2014:227 ] ffmpeg

November 25, 2014 - 9:35am

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:227
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ffmpeg
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:226 ] imagemagick

November 25, 2014 - 7:10am

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:226
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : imagemagick
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:225 ] ruby

November 25, 2014 - 7:00am

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:225
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ruby
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[oCERT 2014-008] libFLAC multiple issues

November 25, 2014 - 4:27am

Posted by Daniele Bianco on Nov 25

Description:

FLAC is an open source lossless audio codec supported by several software
and music players.

The libFLAC project, an open source library implementing reference
encoders and decoders for native FLAC and Ogg FLAC audio content,
suffers from multiple implementation issues.

In particular, a stack overflow and a heap overflow condition, which may
result in arbitrary code execution, can be triggered by passing a maliciously
crafted...
Categories:

Docker 1.3.2 - Security Advisory [24 Nov 2014]

November 24, 2014 - 10:53pm

Posted by Eric Windisch on Nov 25

Today, we are releasing Docker 1.3.2 in order to address two critical
security issues. This release also includes several bugfixes,
including changes to the insecure-registry option. Below are CVE
descriptions for the vulnerabilities addressed in this release.

Docker 1.3.2 is available immediately for all supported platforms:
https://docs.docker.com/installation/

Docker Security Advisory [24 Nov 2014]...
Categories:

CVE-2014-8419 - CodeMeter Weak Service Permissions

November 24, 2014 - 11:58am

Posted by ajs on Nov 24

CodeMeter Weak Service Permissions

Vendor Website : http://www.codemeter.com

INDEX
---------------------------------------
1. Background
2. Description
3. Affected Products
4. Vulnerability
5. Solution
6. Credit
7. Disclosure Timeline
8. CVE

1. BACKGROUND
---------------------------------------
CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple...
Categories:

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

November 24, 2014 - 1:06am

Posted by Larry W. Cashdollar on Nov 24

#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run...
Categories:

[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

November 21, 2014 - 3:03pm

Posted by security-alert on Nov 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04396638

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04396638
Version: 2

HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of
Service (DoS), Execution of Arbitrary Code, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon...
Categories:

[ MDVSA-2014:224 ] krb5

November 21, 2014 - 1:34pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:224
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:223 ] wireshark

November 21, 2014 - 1:25pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:222 ] libvirt

November 21, 2014 - 1:17pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:222
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libvirt
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:221 ] php-smarty

November 21, 2014 - 1:08pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:221
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-smarty
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories: