BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 26 min 32 sec ago

[security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites

February 26, 2015 - 9:47am

Posted by security-alert on Feb 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04556853

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04556853
Version: 1

HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS) and Other Vulnerabilites

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[SECURITY] [DSA 3174-1] iceweasel security update

February 26, 2015 - 9:39am

Posted by Moritz Muehlenhoff on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3174-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 25, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2015-0822 CVE-2015-0827...
Categories:

[SECURITY] [DSA 3173-1] libgtk2-perl security update

February 26, 2015 - 9:32am

Posted by Salvatore Bonaccorso on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3173-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgtk2-perl

It was discovered that libgtk2-perl, a Perl...
Categories:

[SECURITY] [DSA 3172-1] cups security update

February 26, 2015 - 9:22am

Posted by Sebastien Delafond on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3172-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
February 25, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cups
CVE ID : CVE-2014-9679
Debian Bug : 778387...
Categories:

GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

February 26, 2015 - 9:13am

Posted by rgutierrez on Feb 26

GDS LABS ALERT: CVE-2015-2080
JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server

SYNOPSIS
========
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an
unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by
other users.

The vulnerability was made public by the Jetty development team on the...
Categories:

EnanoCMS 1.1.8pl1 XSS Vulnerability

February 26, 2015 - 9:05am

Posted by dennis . veninga on Feb 26

# Exploit Title: EnanoCMS 1.1.8pl1 XSS Vulnerability
# Google Dork: "Website engine powered by Enano"
# Date: 24-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://enanocms.org
# Version: 1.1.8pl1
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

XSS Vulnerability in comments:
http://{target}/enanocms/index.php/Main_Page?do=comments
Categories:

TangoBB 1.5.0-A3 XSS Vulnerability

February 26, 2015 - 8:57am

Posted by dennis . veninga on Feb 26

# Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability
# Google Dork: "Powered by TangoBB"
# Date: 24-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: https://github.com/Codetana/TangoBB
# Version: 1.5.0-A3
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
# CVE : NONE

Published: 24-2-2015
Vendor updated: 24-2-2015

TangoBB ->
Version: 1.5.0-A3
Date: 24-2-2015
Found By:...
Categories:

[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information

February 26, 2015 - 8:49am

Posted by security-alert on Feb 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04571379

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04571379
Version: 1

HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux
and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA

February 26, 2015 - 8:41am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security Advisory ONAPSIS-2015-004: SAP Business Objects
Unauthorized Audit Information Delete via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to delete auditing information of the remote system.

This way, the attacker could perform malicious activities without being
detected.

Risk Level: High

2. Advisory Information
=======================

-...
Categories:

[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

February 26, 2015 - 8:33am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects
Unauthorized Audit Information Access via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to read auditing information thus accessing sensitive business data.
Access to this functionality should be restricted.

Risk Level: Medium

2. Advisory Information
=======================

- Public Release...
Categories:

[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA

February 26, 2015 - 8:23am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects
Unauthorized File Repository Server Write via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to overwrite sensitive business data stored on the remote system.

Risk Level: High

2. Advisory Information
=======================

- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA

February 26, 2015 - 8:16am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects
Unauthorized File Repository Server Read via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to retrieve sensitive business data stored on the remote system.

Risk Level: High

2. Advisory Information
=======================

- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

February 26, 2015 - 8:07am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site
Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to attack other users of the system.

Risk Level: Medium

2. Advisory Information
=========================
- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:05.bind

February 26, 2015 - 7:57am

Posted by FreeBSD Security Advisories on Feb 26

=============================================================================
FreeBSD-SA-15:05.bind Security Advisory
The FreeBSD Project

Topic: BIND remote denial of service vulnerability

Category: contrib
Module: bind
Announced: 2015-02-25
Credits: ISC
Affects: FreeBSD 8.x and FreeBSD 9.x.
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:04.igmp

February 26, 2015 - 7:48am

Posted by FreeBSD Security Advisories on Feb 26

=============================================================================
FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project

Topic: Integer overflow in IGMP protocol

Category: core
Module: igmp
Announced: 2015-02-25
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and...
Categories:

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

February 26, 2015 - 7:33am

Posted by iedb . team on Feb 26

Cross Site Scripting Vulnerability In N.E.T. E-Commerce Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@...
Categories:

[SECURITY] [DSA 3170-1] linux security update

February 26, 2015 - 7:25am

Posted by Moritz Muehlenhoff on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3160-1 security () debian org
http://www.debian.org/security/ Ben Hutchings
February 23, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2013-7421 CVE-2014-7822...
Categories: