BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 11 min ago

Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

October 28, 2014 - 9:46am

Posted by Vulnerability Lab on Oct 28

Document Title:
===============
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1324

Video: http://www.vulnerability-lab.com/get_content.php?id=1333

Article:
http://vulnerability-db.com/magazine/articles/2014/10/22/apple-ios-v802-silent-contact-0day-vulnerability-denial-service

Release Date:
=============
2014-10-23

Vulnerability...
Categories:

iFileExplorer v6.51 iOS - File Include Web Vulnerability

October 28, 2014 - 9:36am

Posted by Vulnerability Lab on Oct 28

Document Title:
===============
iFileExplorer v6.51 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1345

Release Date:
=============
2014-10-22

Vulnerability Laboratory ID (VL-ID):
====================================
1345

Common Vulnerability Scoring System:
====================================
5.4

Product & Service Introduction:...
Categories:

WebDisk+ v2.1 iOS - Code Execution Vulnerability

October 28, 2014 - 9:26am

Posted by Vulnerability Lab on Oct 28

Document Title:
===============
WebDisk+ v2.1 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1349

Release Date:
=============
2014-10-23

Vulnerability Laboratory ID (VL-ID):
====================================
1349

Common Vulnerability Scoring System:
====================================
9.1

Product & Service Introduction:
===============================...
Categories:

[SECURITY] [DSA 3058-1] torque security update

October 28, 2014 - 9:17am

Posted by Salvatore Bonaccorso on Oct 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-3058-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
October 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : torque
CVE ID : CVE-2014-3684
Debian Bug :...
Categories:

[security bulletin] HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution

October 28, 2014 - 9:07am

Posted by security-alert on Oct 28

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04488200

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04488200
Version: 1

HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual
Library System (VLS) running Bash Shell, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories:

[security bulletin] HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information

October 28, 2014 - 8:57am

Posted by security-alert on Oct 28

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04486577

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04486577
Version: 1

HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[SECURITY] [DSA 3057-1] libxml2 security update

October 27, 2014 - 9:58am

Posted by Thijs Kinkhorst on Oct 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3057-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
October 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2014-3660
Debian Bug :...
Categories:

vulnerabilities in libbfd (CVE-2014-beats-me)

October 27, 2014 - 9:47am

Posted by Michal Zalewski on Oct 27

Yo,

Many shell users, and certainly a lot of the people working in
computer forensics or other fields of information security, have a
habit of running /usr/bin/strings on binary files originating from the
Internet. Their understanding is that the tool simply scans the file
for runs of printable characters and dumps them to stdout - something
that is very unlikely to put you at any risk.

It is much less known that the Linux version of strings is...
Categories:

[SECURITY] [DSA 3056-1] libtasn1-3 security update

October 27, 2014 - 9:39am

Posted by Sebastien Delafond on Oct 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3056-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
October 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-3
CVE ID : CVE-2014-3467 CVE-2014-3468...
Categories:

Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015

October 27, 2014 - 9:30am

Posted by ML on Oct 27

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[CVE-2014-8347] Filemaker Login Bypass and Privilege Escalation

October 27, 2014 - 9:22am

Posted by g-damore on Oct 27

Filemaker Login Bypass and Privilege Escalation
=======================================================================

[ADVISORY INFORMATION]

Title: Filemaker Login Bypass and Privilege Escalation
Discovery date: 19/10/2014
Release date: 19/10/2014
Vendor Homepage: www.filemaker.com
Version: Filemaker Pro 13.0v3 - FileMaker Pro Advanced 12.0v4
Credits: Giuseppe...
Categories:

NEW VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability

October 27, 2014 - 9:13am

Posted by VMware Security Response Center on Oct 27

------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2014-0011
Synopsis: VMware vSphere Data Protection product update addresses a
critical information disclosure vulnerability.
Issue date: 2014-10-22
Updated on: 2014-10-22 (Initial Advisory)
CVE number: CVE-2014-4624

------------------------------------------------------------------------

1....
Categories:

iTunes 12.0.1 for Windows: still COMPLETELY outdated and VULNERABLE 3rd party libraries

October 27, 2014 - 9:04am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released iTunes 12.0.1 for Windows still (cf.
<http://seclists.org/fulldisclosure/2014/Jul/30>) comes
with COMPLETELY outdated and VULNERAEBLE 3rd party libraries
(as part of AppleMobileDeviceSupport.msi):

* libeay32.dll and ssleay32.dll 0.9.8d

are more than SEVEN years old and have at least 27 unfixed CVEs!

* libcurl.dll 7.16.2

is more than SEVEN years old and has at least 18 unfixed CVEs!
the current version...
Categories:

Still beginner's errors (and outdated 3rd party components) in QuickTime 7.7.6 and iTunes 12.0.1

October 27, 2014 - 8:55am

Posted by Stefan Kanthak on Oct 27

Hi @ll,

the just released QuickTime 7.7.6 and iTunes 12.0.1 for Windows still
have quite some of the beginners errors I documented in
<http://seclists.org/fulldisclosure/2014/Aug/33> and
<http://seclists.org/fulldisclosure/2014/Aug/44>

QuickTime 7.7.6:

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell\open\command]
@="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"

iTunes 12.0.1:...
Categories:

[ MDVSA-2014:209 ] java-1.7.0-openjdk

October 24, 2014 - 11:22am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:209
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : java-1.7.0-openjdk
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem...
Categories:

[ MDVSA-2014:208 ] phpmyadmin

October 24, 2014 - 11:13am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:208
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:207 ] ejabberd

October 24, 2014 - 11:03am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:207
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ejabberd
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:206 ] ctags

October 24, 2014 - 10:52am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:206
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ctags
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:205 ] lua

October 24, 2014 - 10:42am

Posted by security on Oct 24

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:205
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : lua
Date : October 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated lua...
Categories:

[slackware-security] glibc (SSA:2014-296-01)

October 24, 2014 - 10:35am

Posted by Slackware Security Team on Oct 24

[slackware-security] glibc (SSA:2014-296-01)

New glibc packages are available for Slackware 14.1 and -current to fix
security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/glibc-2.17-i486-8_slack14.1.txz: Rebuilt.
This update fixes several security issues, and adds an extra security
hardening patch from Florian Weimer. Thanks to mancha for help with
tracking and...
Categories: