BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 2 min ago

SQL Injection in mAdserve

April 16, 2014 - 9:09am

Posted by High-Tech Bridge Security Research on Apr 16

Advisory ID: HTB23209
Product: mAdserve
Vendor: MobFox
Vulnerable Version(s): 2.0 and probably prior
Tested Version: 2.0
Advisory Publication: March 26, 2014 [without technical details]
Vendor Notification: March 26, 2014
Public Disclosure: April 16, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-2654
Risk Level: Medium
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Solution Available...
Categories:

CVE-2014-2735 - WinSCP: missing X.509 validation

April 16, 2014 - 8:56am

Posted by Micha Borrmann on Apr 16

Advisory ID: SYSS-2014-003
Product: WinSCP
Affected Version(s): 5.5.2.4130
Tested Version(s): 5.5.2.4130 (Windows 7 32 bit and Windows 8.1 64 bit)
Vulnerability Type: Missing X.509 validation
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-04-07
Solution Date: 2014-04-09
Public Disclosure: 2014-04-16
CVE Reference: CVE-2014-2735
Author of Advisory: Micha Borrmann (SySS GmbH)

-...
Categories:

[SECURITY] [DSA 2905-1] chromium-browser security update

April 16, 2014 - 8:39am

Posted by Michael Gilbert on Apr 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-2905-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
April 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-1716...
Categories:

[security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk

April 16, 2014 - 8:23am

Posted by security-alert on Apr 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04227671

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04227671
Version: 1

HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System
Integrity Risk

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-14
Last...
Categories:

[SECURITY] [DSA 2904-1] virtualbox security update

April 15, 2014 - 1:42pm

Posted by Moritz Muehlenhoff on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2904-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : virtualbox
CVE ID : CVE-2014-0981 CVE-2014-0983...
Categories:

[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information

April 15, 2014 - 1:27pm

Posted by security-alert on Apr 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04240206

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04240206
Version: 1

HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-15...
Categories:

[SECURITY] CVE-2014-0111 Apache Syncope

April 15, 2014 - 1:11pm

Posted by Francesco Chicchiriccò on Apr 15

CVE-2014-0111: Remote code execution by an authenticated administrator

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Syncope 1.0.0 to 1.0.8
Syncope 1.1.0 to 1.1.6

Description:
In the various places in which Apache Commons JEXL expressions are
allowed (derived schema definition, user / role templates, account links
of resource mappings) a malicious administrator can inject Java code
that can be executed...
Categories:

RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160

April 15, 2014 - 12:56pm

Posted by Ruckus Product Security Team on Apr 15

RUCKUS ADVISORY ID 041414

Customer release date: April 14, 2014
Public release date: April 14, 2014

TITLE

OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160

SUMMARY

OpenSSL library is used in Ruckus products to implement various
security related features. A vulnerability has been discovered in
OpenSSL library which may allow an unauthenticated, remote attacker to
retrieve memory in chunks of 64 kilobytes from...
Categories:

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

April 15, 2014 - 12:37pm

Posted by VUPEN Security Research on Apr 15

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free
Code Execution (Pwn2Own)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

Adobe Flash Player is a cross-platform browser-based application runtime
that delivers viewing of expressive applications, content, and videos
across screens and browsers. It is installed on 98% of computers.

II. DESCRIPTION
---------------------...
Categories:

[SECURITY] [DSA 2903-1] strongswan security update

April 15, 2014 - 12:24pm

Posted by Moritz Muehlenhoff on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2903-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
April 14, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : strongswan
CVE ID : CVE-2014-2338

An...
Categories:

PDF Album v1.7 iOS - File Include Web Vulnerability

April 15, 2014 - 12:09pm

Posted by Vulnerability Lab on Apr 15

Document Title:
===============
PDF Album v1.7 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1255

Release Date:
=============
2014-04-11

Vulnerability Laboratory ID (VL-ID):
====================================
1255

Common Vulnerability Scoring System:
====================================
7.3

Product & Service Introduction:...
Categories:

CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux

April 15, 2014 - 11:55am

Posted by Portcullis Advisories on Apr 15

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation
Via Insecure RPATH in HP Array Configuration Utility, HP Array
Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear
Gauge Utility Running on Linux
CVE: CVE-2013-6216
Vendor: HP
Product: HP Array Configuration Utility, HP Array Diagnostics Utility,
HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on
Linux
Affected version: 9.40
Fixed...
Categories:

[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information

April 15, 2014 - 11:37am

Posted by security-alert on Apr 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04239375

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04239375
Version: 1

HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information

April 15, 2014 - 11:21am

Posted by security-alert on Apr 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04239372

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04239372
Version: 1

HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on
Linux and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

April 15, 2014 - 11:04am

Posted by security-alert on Apr 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236062

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236062
Version: 1

HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running
OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure

April 15, 2014 - 10:51am

Posted by security-alert on Apr 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102
Version: 2

HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB
Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation,
Diagnostics, LoadRunner, and Performance Center, running...
Categories:

Adobe Reader for Android exposes insecure Javascript interfaces

April 15, 2014 - 10:35am

Posted by Securify B.V. on Apr 15

------------------------------------------------------------------------
Adobe Reader for Android exposes insecure Javascript interfaces
------------------------------------------------------------------------
Yorick Koster, April 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Adobe Reader for Android [2] exposes several insecure...
Categories:

[SECURITY] [DSA 2902-1] curl security update

April 15, 2014 - 10:20am

Posted by Salvatore Bonaccorso on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2902-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2014-0138 CVE-2014-0139
Debian...
Categories:

[SECURITY] [DSA 2901-1] wordpress security update

April 15, 2014 - 9:59am

Posted by Salvatore Bonaccorso on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...
Categories:

[ MDVSA-2014:077 ] jbigkit

April 15, 2014 - 9:18am

Posted by security on Apr 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:077
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : jbigkit
Date : April 11, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...
Categories: