BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 31 min 1 sec ago

[REVIVE-SA-2014-002] Revive Adserver 3.0.6 and 3.1.0 fix multiple vulnerabilities

December 17, 2014 - 6:00am

Posted by Matteo Beccati on Dec 17

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2014-002
------------------------------------------------------------------------
http://www.revive-adserver.com/security/revive-sa-2014-002
------------------------------------------------------------------------
CVE-IDs: CVE-2014-8793, CVE-2014-8875
Date: 2014-12-17
Risk Level:...
Categories:

[security bulletin] HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution

December 17, 2014 - 12:53am

Posted by security-alert on Dec 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04512907

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04512907
Version: 1

HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-12-16...
Categories:

[security bulletin] HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities

December 17, 2014 - 12:44am

Posted by security-alert on Dec 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530690

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530690
Version: 1

HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)

December 17, 2014 - 12:34am

Posted by security-alert on Dec 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04530570

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04530570
Version: 1

HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-12-16
Last Updated:...
Categories:

[security bulletin] HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information

December 17, 2014 - 12:27am

Posted by security-alert on Dec 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04518605

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04518605
Version: 1

HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-12-16
Last...
Categories:

RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability

December 17, 2014 - 12:18am

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1320

Video: http://www.vulnerability-lab.com/get_content.php?id=1332

Release Date:
=============
2014-12-02

Vulnerability Laboratory ID (VL-ID):
====================================
1320

Common Vulnerability Scoring System:
====================================...
Categories:

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

December 17, 2014 - 12:09am

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1362

Release Date:
=============
2014-12-04

Vulnerability Laboratory ID (VL-ID):
====================================
1362

Common Vulnerability Scoring System:
====================================
2.4

Product & Service Introduction:...
Categories:

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

December 17, 2014 - 12:00am

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1365

Release Date:
=============
2014-12-03

Vulnerability Laboratory ID (VL-ID):
====================================
1365

Common Vulnerability Scoring System:
====================================
3.9

Product & Service Introduction:...
Categories:

Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability

December 16, 2014 - 11:51pm

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1357

Release Date:
=============
2014-12-02

Vulnerability Laboratory ID (VL-ID):
====================================
1357

Common Vulnerability Scoring System:
====================================
2.4

Product & Service Introduction:...
Categories:

iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

December 16, 2014 - 11:42pm

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
====================================
1376

Common Vulnerability Scoring System:
====================================
4.6

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3105-1] heirloom-mailx security update

December 16, 2014 - 1:49pm

Posted by Florian Weimer on Dec 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3105-1 security () debian org
http://www.debian.org/security/ Florian Weimer
December 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : heirloom-mailx
CVE ID : CVE-2004-2771 CVE-2014-7844...
Categories:

[SECURITY] [DSA 3104-1] bsd-mailx security update

December 16, 2014 - 1:41pm

Posted by Florian Weimer on Dec 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3104-1 security () debian org
http://www.debian.org/security/ Florian Weimer
December 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bsd-mailx
CVE ID : CVE-2014-7844

It was discovered...
Categories:

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

December 16, 2014 - 12:57pm

Posted by Mazin Ahmed on Dec 16

####
# Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
# Author: Mazin Ahmed
##
# Date of Discovering: October 6th, 2014
# Date of Reporting to the Vendor: October 7th, 2014
# Date of Releasing a Patch: December 9th, 2014
##
# Vulnerability Type: Cross-Site Request Forgery (CSRF) - CWE-352
##
# Vendor Homepage: https://www.w3-edge.com/
##
# Affected Version: 0.9.4, previous versions might be vulnerable as...
Categories:

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

December 16, 2014 - 11:31am

Posted by Onapsis Research Labs on Dec 16

Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search
Token Privilege Escalation via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote and potentially
unauthenticated attacker would be able to access or modify any
information stored on the SAP BusineesObjects server.
The attacker could also connect to the business systems depending on the
configuration of the BO infrastructure.

Risk...
Categories:

"Ettercap 8.0 - 8.1" multiple vulnerabilities

December 16, 2014 - 6:42am

Posted by Nick Sampanis on Dec 16

"Ettercap 8.0 - 8.1" multiple vulnerabilities

Description
------------------------------------------------------------
Twelve vulnerabilities exist on ettercap-ng which allow remote denial of
service and possible remote code execution. Specifically, the following
vulnerabilities were identified:
 
- A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql()
which may lead to remote code execution or denial of service.
-...
Categories:

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update)

December 16, 2014 - 4:42am

Posted by Security Explorations on Dec 16

Hello All,

We would like to provide a status update to the initial
announcement [1] made a week ago regarding our SE-2014-02
security research project targeting Google App Engine
for Java.

Information regarding vulnerabilities and associated PoC
codes (Issues 1-22 / unconfirmed Issues 23-35) was sent
to Google on Dec 07, 2014.

Google has been able to reproduce the issues locally, but
when tried in production some of them didn't seem to...
Categories:

CA20141215-01: Security Notice for CA LISA Release Automation

December 15, 2014 - 11:34pm

Posted by Williams, Ken on Dec 16

CA20141215-01: Security Notice for CA LISA Release Automation

Issued: December 15, 2014

CA Technologies Support is alerting customers to multiple
vulnerabilities in CA Release Automation (formerly CA LISA Release
Automation, change effective 2014-09-19).

The first vulnerability, CVE-2014-8246, is a cross-site request forgery
(CSRF) issue related to insufficient validation. A remote attacker can
potentially execute privileged actions on a...
Categories:

[ MDVSA-2014:252 ] nss

December 15, 2014 - 11:26pm

Posted by security on Dec 16

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:252
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : nss
Date : December 15, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:253 ] apache-mod_wsgi

December 15, 2014 - 1:28pm

Posted by security on Dec 15

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:253
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : apache-mod_wsgi
Date : December 15, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701

December 15, 2014 - 10:10am

Posted by steffen . roesemann1986 on Dec 15

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6
Advisory ID: SROEADV-2014-01
Author: Steffen Rösemann
Affected Software: CMS Papoo Version 6.0.0 Rev. 4701
Vendor URL: http://www.papoo.de/
Vendor Status: fixed
CVE-ID: -

==========================
Vulnerability Description:
==========================

The CMS Papoo Light Version has a persistent XSS vulnerability in its guestbook functionality and in its
user-registration...
Categories: