BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 35 min 55 sec ago

Reflected Cross-Site Scripting (XSS) in e107

July 16, 2014 - 10:27am

Posted by High-Tech Bridge Security Research on Jul 16

Advisory ID: HTB23220
Product: e107
Vendor: e107
Vulnerable Version(s): 2.0 alpha2 and probably prior
Tested Version: 2.0 alpha2
Advisory Publication: June 18, 2014 [without technical details]
Vendor Notification: June 18, 2014
Vendor Patch: June 27, 2014
Public Disclosure: July 16, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4734
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution...
Categories:

VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)

July 16, 2014 - 10:17am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege
Escalation Vulnerability (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Windows is a series of software operating systems and
graphical user interfaces produced by Microsoft. Windows had
approximately 90% of the market share of the client operating
systems." (Wikipedia)...
Categories:

VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)

July 16, 2014 - 10:09am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer
"ShowSaveFileDialog()" Protected Mode Sandbox Bypass (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web...
Categories:

VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)

July 16, 2014 - 10:00am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer "Request" Object
Confusion Sandbox Bypass (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers."...
Categories:

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

July 16, 2014 - 9:49am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory
Corruption (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)

II. DESCRIPTION...
Categories:

SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition

July 16, 2014 - 9:40am

Posted by SEC Consult Vulnerability Lab on Jul 16

SEC Consult Vulnerability Lab Security Advisory < 20140716-0 >
=======================================================================
title: Multiple SSRF vulnerabilities
product: Alfresco Community Edition
vulnerable version: <=4.2.f
fixed version: 5.0.a
impact: High
homepage: http://www.alfresco.com
found: 2014-05-15
by: V. Paulikas...
Categories:

KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

July 16, 2014 - 9:30am

Posted by KoreLogic Disclosures on Jul 16

Title: Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-001
Publication Date: 07.15.2014
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt

1. Vulnerability Details

Affected Vendor: Oracle
Affected Product: VirtualBox Guest Additions
Affected Versions: 4.3.8 - 4.3.10
Platform: Microsoft XP SP3
CWE Classification: CWE-123: Write-what-where Condition
Impact: Arbitrary...
Categories:

[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code

July 16, 2014 - 9:18am

Posted by security-alert on Jul 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04373818

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04373818
Version: 1

HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of
Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-07-15
Last...
Categories:

Node Browserify RCE vuln (<= 4.2.0)

July 15, 2014 - 12:51pm

Posted by Cal Leeming \[Simplicity Media Ltd\] on Jul 15

Hello,

Discovered an RCE vuln in Browserify <=4.2.0.

Maintainer patched upstream just 4 hours after responsible disclosure
yesterday, now fixed as of 4.2.1.

Summary and POC found here:
http://iops.io/blog/browserify-rce-vulnerability/

Cal
Categories:

[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information

July 15, 2014 - 12:42pm

Posted by security-alert on Jul 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04368264

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04368264
Version: 1

HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service
(DoS), Unauthorized Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

Ruxcon 2014 Final Call For Presentations

July 15, 2014 - 9:52am

Posted by cfp on Jul 15

Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...
Categories:

[security bulletin] HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch Intelligent Management System (BIMS), Remote Disclosure of Information

July 15, 2014 - 8:59am

Posted by security-alert on Jul 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04369484

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04369484
Version: 1

HPSBHF02913 rev.1 - HP Intelligent Management Center (iMC) and HP Branch
Intelligent Management System (BIMS), Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted...
Categories:

[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege

July 15, 2014 - 8:49am

Posted by security-alert on Jul 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04281279

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04281279
Version: 1

HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote
Disclosure of Information, Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories: