BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 31 min 57 sec ago

Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks

August 27, 2014 - 5:08am

Posted by Fernando Gont on Aug 27

Folks,

FYI: <https://www.rfc-editor.org/rfc/rfc7359.txt>

Best regards,
Fernando Gont

-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor () rfc-editor org
Reply-To: ietf () ietf org
To: ietf-announce () ietf org, rfc-dist () rfc-editor org
CC: drafts-update-ref () iana org,...
Categories:

Mathematica10.0.0 on Linux /tmp/MathLink vulnerability

August 27, 2014 - 4:56am

Posted by paul . szabo on Aug 27

The problem reported for Mathematica is present still at version 10.0.0
for the GUI interface (the command-line interface may be "safe").

Cheers,

Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

---

http://seclists.org/fulldisclosure/2010/May/176
http://seclists.org/fulldisclosure/2012/Apr/157...
Categories:

Encore Discovery Solution Multiple Vulnerability Disclosure

August 27, 2014 - 4:45am

Posted by Romano, Christian on Aug 27

Product: Encore Discovery Solution
Vendor: Innovative Interfaces Inc
Vulnerable Version: 4.3
Tested Version: 4.3
Vendor Notification: June 19, 2014
Public Disclosure: August 26, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-5127
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: CAaNES (Computational Analysis and Network
Enterprise Solutions)

Advisory Details:

Open Redirect...
Categories:

ESA-2014-081 RSA® Identity Management and Governance Aut hentication Bypass Vulnerability

August 26, 2014 - 12:15pm

Posted by Security Alert on Aug 26

ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability

EMC Identifier: ESA-2014-081

CVE Identifier: CVE-2014-4619

Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected products:
RSA IMG versions 6.5.x and 6.8.x

Summary:
RSA Identity Management and Governance announces security fixes to address potential authentication bypass
vulnerability when NovelIM systems are used for...
Categories:

LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 - Weak Pin Verification

August 26, 2014 - 4:53am

Posted by advisories on Aug 26

=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 ===

Grand MA 300 Fingerprint Reader - Weak Pin Verification
------------------------------------------------------------------------

Affected Versions
=================
Grand MA 300/ID with firmware 6.60

Issue Overview
==============
Vulnerability Type: Weak Pin Verification
Technical Risk: high
Likelihood of Exploitation: medium
Vendor: Granding
Vendor URL:...
Categories:

ntopng 1.2.0 XSS injection using monitored network traffic

August 26, 2014 - 4:41am

Posted by Steffen Bauch on Aug 26

ntopng 1.2.0 XSS injection using monitored network traffic

ntopng is the next generation version of the original ntop, a network
traffic probe and monitor that shows the network usage, similar to what
the popular top Unix command does.

The web-based frontend of the software is vulnerable to injection of
script code via forged HTTP Host: request header lines in monitored
network traffic.

HTTP Host request header lines are extracted using...
Categories:

[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities

August 26, 2014 - 4:31am

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04379485

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04379485
Version: 2

HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows
running OpenSSL, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc.

August 25, 2014 - 12:56pm

Posted by WorldCIST on Aug 25

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015.
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

WORKSHOP FORMAT

The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops
for WorldCIST'15...
Categories:

MEHR Automation System Arbitrary File Download Vulnerability(persian portal)

August 25, 2014 - 12:45pm

Posted by cseye_ut on Aug 25

#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
# Author : alieye
# vendor : http://shakhesrayane.ir/
# Contact : cseye_ut () yahoo com
# Risk : High
# Class: Remote
#
# Google Dork:
# intext:"Poshtibani () ShakhesRayane ir"
# intext:"Shakhes Rayane Sepahan"
#...
Categories: