BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 12 min 19 sec ago

File Manager v4.2.10 iOS - Code Execution Vulnerability

October 22, 2014 - 8:39am

Posted by Vulnerability Lab on Oct 22

Document Title:
===============
File Manager v4.2.10 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1343

Release Date:
=============
2014-10-21

Vulnerability Laboratory ID (VL-ID):
====================================
1343

Common Vulnerability Scoring System:
====================================
9

Product & Service Introduction:...
Categories:

iFunBox Free v1.1 iOS - File Include Vulnerability

October 22, 2014 - 8:28am

Posted by Vulnerability Lab on Oct 22

Document Title:
===============
iFunBox Free v1.1 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1344

Release Date:
=============
2014-10-20

Vulnerability Laboratory ID (VL-ID):
====================================
1344

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:
===============================...
Categories:

FreeBSD Security Advisory FreeBSD-SA-14:23.openssl

October 22, 2014 - 4:03am

Posted by FreeBSD Security Advisories on Oct 22

=============================================================================
FreeBSD-SA-14:23.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2014-10-21
Affects: All supported versions of FreeBSD.
Corrected: 2014-10-15 19:59:43 UTC...
Categories:

FreeBSD Security Advisory FreeBSD-SA-14:21.routed

October 22, 2014 - 3:53am

Posted by FreeBSD Security Advisories on Oct 22

=============================================================================
FreeBSD-SA-14:21.routed Security Advisory
The FreeBSD Project

Topic: routed(8) remote denial of service vulnerability

Category: core
Module: routed
Announced: 2014-10-21
Credits: Hiroki Sato
Affects: All supported versions of FreeBSD....
Categories:

FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold

October 22, 2014 - 3:44am

Posted by FreeBSD Security Advisories on Oct 22

=============================================================================
FreeBSD-SA-14:20.rtsold Security Advisory
The FreeBSD Project

Topic: rtsold(8) remote buffer overflow vulnerability

Category: core
Module: rtsold
Announced: 2014-10-21
Credits: Florian Obser, Hiroki Sato
Affects: FreeBSD 9.1 and...
Categories:

FreeBSD Security Advisory FreeBSD-SA-14:22.namei

October 22, 2014 - 3:34am

Posted by FreeBSD Security Advisories on Oct 22

=============================================================================
FreeBSD-SA-14:22.namei Security Advisory
The FreeBSD Project

Topic: memory leak in sandboxed namei lookup

Category: core
Module: kernel
Announced: 2014-10-21
Credits: Mateusz Guzik
Affects: FreeBSD 9.1 and later.
Corrected:...
Categories:

CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015

October 21, 2014 - 2:19pm

Posted by icete . secretariat on Oct 21

Conference name:
The 12th International Joint Conference on e-business and Telecommunications – ICETE 2015

Venue:
Colmar, Alsace, France

Event date:
20 – 22 July, 2015

Regular Papers

Paper Submission: March 3, 2015
Authors Notification: April 28, 2015
Camera Ready and Registration: May 12, 2015

Position Papers

Paper Submission: April 15, 2015
Authors Notification: May 19, 2015
Camera Ready and Registration: June 1, 2015

Workshops...
Categories:

FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

October 21, 2014 - 11:28am

Posted by Vulnerability Lab on Oct 21

Document Title:
===============
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1342

Release Date:
=============
2014-10-15

Vulnerability Laboratory ID (VL-ID):
====================================
1342

Common Vulnerability Scoring System:
====================================
5.1

Product & Service Introduction:...
Categories:

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

October 21, 2014 - 11:14am

Posted by Vulnerability Lab on Oct 21

Document Title:
===============
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1341

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1341

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...
Categories:

Vulnerabilities in WordPress Database Manager v2.7.1

October 21, 2014 - 11:01am

Posted by Larry W. Cashdollar on Oct 21

Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID:...
Categories:

[ MDVSA-2014:201 ] kernel

October 21, 2014 - 10:48am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:201
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple...
Categories:

[ MDVSA-2014:200 ] bugzilla

October 21, 2014 - 10:34am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:200
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bugzilla
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:199 ] perl

October 21, 2014 - 10:22am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:199
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : perl
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:198 ] mediawiki

October 21, 2014 - 10:09am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:198
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mediawiki
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:197 ] python

October 21, 2014 - 9:58am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:197
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : python
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

Incredible PBX remote command execution exploit

October 21, 2014 - 9:47am

Posted by simo on Oct 21

#!/usr/bin/perl
#
# Title: Incredible PBX remote command execution exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 1 September 2014
# Coded: 21 October 2014
# Published: 21 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: PBX in a Flash
# Vendor url: http://pbxinaflash.net/
# Software: Incredible PBX 11
# Version: 2.0.6.5.0
# Product url: http://incrediblepbx.com/
# Download:...
Categories:

[ MDVSA-2014:196 ] rsyslog

October 21, 2014 - 9:35am

Posted by security on Oct 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:196
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : rsyslog
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[slackware-security] openssh (SSA:2014-293-01)

October 21, 2014 - 9:21am

Posted by Slackware Security Team on Oct 21

[slackware-security] openssh (SSA:2014-293-01)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssh-6.7p1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue that allows remote servers to trigger
the skipping of SSHFP DNS RR checking by presenting an...
Categories:

[security bulletin] HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities

October 21, 2014 - 9:04am

Posted by security-alert on Oct 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04483248

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04483248
Version: 1

HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache
Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted...
Categories:

LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183

October 20, 2014 - 3:49pm

Posted by Onur Yilmaz on Oct 20

Information
-----------
Advisory by Netsparker.
Name: Multiple XSS Vulnerabilities in LiteCart
Affected Software : LiteCart
Affected Versions: 1.1.2.1 and possibly below
Vendor Homepage : http://www.litecart.net
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID: CVE-2014-7183
Netsparker Advisory Reference : NS-14-032

Advisory URL
------------
https://www.netsparker.com/xss-vulnerabilities-in-litecart/

Description...
Categories: