BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 58 min 28 sec ago

[SECURITY] [DSA 3133-1] privoxy security update

January 20, 2015 - 3:18pm

Posted by Moritz Muehlenhoff on Jan 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3133-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 20, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : privoxy
CVE ID : CVE-2015-1031

Multiple...
Categories:

ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

January 20, 2015 - 3:11pm

Posted by Security Alert on Jan 20

ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

EMC Identifier: ESA-2015-004

CVE Identifier: CVE-2015-0513, CVE-2015-0514, CVE-2015-0515, CVE-2015-0516, CVE-2014-4288, CVE-2014-6456,
CVE-2014-6457, CVE-2014-6458, CVE-2014-6466, CVE-2014-6468, CVE-2014-6476, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493,
CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6515,...
Categories:

CVE-2015-1175-xss-prestashop

January 20, 2015 - 3:02pm

Posted by Sudhanshu Chauhan on Jan 20

CVE-2015-1175-xss-prestashop

Information
——————–
Advisory by Octogence.
Name: Reflected XSS Vulnerability in prestashop ecommerce software
Affected Software : Prestashop
Affected Versions: 1.6.0.9 and possibly below
Vendor Homepage : https://www.prestashop.com/

Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1175

Impact
——
An attacker can craft a URL with malicious JavaScript code which
executes in...
Categories:

[SECURITY] [DSA 3132-1] icedove security update

January 19, 2015 - 12:04pm

Posted by Moritz Muehlenhoff on Jan 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3132-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 19, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-8634 CVE-2014-8638...
Categories:

MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

January 19, 2015 - 11:54am

Posted by Advisories on Jan 19

Mogwai Security Advisory MSA-2015-01
----------------------------------------------------------------------
Title: WP Pixarbay Images Multiple Vulnerabilities
Product: Pixarbay Images (Wordpress Plugin)
Affected versions: 2.3
Impact: high
Remote: yes
Product link: https://wordpress.org/plugins/pixabay-images/
Reported: 14/01/2015
by: Hans-Martin...
Categories:

[SECURITY] [DSA 3131-1] xdg-utils security update

January 19, 2015 - 5:02am

Posted by Michael Gilbert on Jan 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3131-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
January 18, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xdg-utils
CVE ID : CVE-2014-9622
Debian Bug :...
Categories:

CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability

January 19, 2015 - 4:54am

Posted by Riley Baird on Jan 19

CVE-2015-1032

A cross-site scripting vulnerability in the "Kiwix" zim file reader was
discovered by Emmanuel Engelhart on 31 October 2014, and was reported on
Sourceforge here: http://sourceforge.net/p/kiwix/bugs/763/

This vulnerability does not affect most users of the program, only those
using the "kiwix-serve" binary to allow zim files to be read over a network.

Input to the search bar was not sanitised, thus allowing...
Categories:

[slackware-security] seamonkey (SSA:2015-016-04)

January 19, 2015 - 4:46am

Posted by Slackware Security Team on Jan 19

[slackware-security] seamonkey (SSA:2015-016-04)

New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.32-i486-1_slack14.1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:...
Categories:

[slackware-security] mozilla-firefox (SSA:2015-016-02)

January 19, 2015 - 4:39am

Posted by Slackware Security Team on Jan 19

[slackware-security] mozilla-firefox (SSA:2015-016-02)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-31.4.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[slackware-security] freetype (SSA:2015-016-01)

January 19, 2015 - 4:31am

Posted by Slackware Security Team on Jan 19

[slackware-security] freetype (SSA:2015-016-01)

New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/freetype-2.5.5-i486-1_slack14.1.txz: Upgraded.
This release fixes a security bug that could cause freetype to crash
or run programs upon opening a specially crafted file....
Categories:

[slackware-security] mozilla-thunderbird (SSA:2015-016-03)

January 19, 2015 - 4:23am

Posted by Slackware Security Team on Jan 19

[slackware-security] mozilla-thunderbird (SSA:2015-016-03)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.4.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[ MDVSA-2015:027 ] kernel

January 16, 2015 - 1:03pm

Posted by security on Jan 16

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:027
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : kernel
Date : January 16, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple...
Categories:

Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability

January 16, 2015 - 8:31am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1381

Facebook Security ID: 221374210

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2015/01/14/facebook-bug-bounty-restriction-filter-bypass-vulnerability-id-221374210

Release Date:
=============
2015-01-14

Vulnerability Laboratory ID...
Categories:

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

January 16, 2015 - 8:23am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1403

Release Date:
=============
2015-01-15

Vulnerability Laboratory ID (VL-ID):
====================================
1403

Common Vulnerability Scoring System:
====================================
6.9

Product & Service Introduction:...
Categories:

Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

January 16, 2015 - 8:14am

Posted by admin () evolution-sec com on Jan 16

Document Title:
===============
Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1356

Release Date:
=============
2015-01-14

Vulnerability Laboratory ID (VL-ID):
====================================
1356

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...
Categories:

WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability

January 16, 2015 - 8:04am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1406

Release Date:
=============
2015-01-14

Vulnerability Laboratory ID (VL-ID):
====================================
1406

Common Vulnerability Scoring System:
====================================
7.1

Product & Service Introduction:...
Categories:

VeryPhoto v3.0 iOS - Command Injection Vulnerability

January 16, 2015 - 7:55am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
VeryPhoto v3.0 iOS - Command Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1401

Release Date:
=============
2015-01-13

Vulnerability Laboratory ID (VL-ID):
====================================
1401

Common Vulnerability Scoring System:
====================================
5.6

Product & Service Introduction:...
Categories:

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

January 16, 2015 - 7:45am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1408

Release Date:
=============
2015-01-15

Vulnerability Laboratory ID (VL-ID):
====================================
1408

Common Vulnerability Scoring System:
====================================
7.3

Product & Service Introduction:
===============================...
Categories:

[SECURITY] [DSA 3129-1] rpm security update

January 16, 2015 - 7:29am

Posted by Moritz Muehlenhoff on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3129-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rpm
CVE ID : CVE-2013-6435 CVE-2014-8118

Two...
Categories: