Feed aggregator

[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)

BugTraq Latest Security Advisories - July 28, 2014 - 5:26am

Posted by security-alert on Jul 28

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03993467

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03993467
Version: 1

HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-07-25...
Categories:

Web Encryption Extension security update

BugTraq Latest Security Advisories - July 28, 2014 - 5:19am

Posted by Ralf Senderek on Jul 28

Revision: 1.0
Last Updated: 25 July 2014
First Published: 25 July 2014

Summary:
A security issue was found in the Web Encryption Extension.

Authenticated users are able to modify the content of https request
fields to insert code into the pipeline mechanism of PHP.

Severity: High

Affected Software Versions:

All versions of the Web Encryption Extension prior to version 3.0

Impact:...
Categories:

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - July 28, 2014 - 5:07am

Posted by Stefan Kanthak on Jul 28

Gynvael Coldwind wrote:

Correct.
If only Microsoft would educate its users to exercise STRICT user
separation and use different accounts for administration and daily work.

This is where and why UAC chimes in (which answers your question below):
Joe Average uses the administrative account created during Windows setup,
but UAC strips the administrator rights.
Microsoft "sells" UAC as "Joe Average works with standard user...
Categories:

Bugtraq: Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities

Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities
Categories:

Bugtraq: Easy file sharing web server - persist XSS in forum msgs

Easy file sharing web server - persist XSS in forum msgs
Categories:

Bugtraq: [SECURITY] [DSA 2989-1] apache2 security update

[SECURITY] [DSA 2989-1] apache2 security update
Categories:

Bugtraq: Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
Categories:

Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account

BugTraq Latest Security Advisories - July 28, 2014 - 4:57am

Posted by Gynvael Coldwind on Jul 28

So reading the links you provided I semi-agree with you. I think the
problem boils down to this part of your initial e-mail:

My point was (and it still stands) that if you have admin access, this
isn't a privilege escalation, as there is no "escalation" part here.

The links you provided use different wording, e.g.
(http://blogs.technet.com/b/srd/archive/2013/07/09/assessing-risk-for-the-july-2013-security-updates.aspx):
"To...
Categories:

Vuln: Oracle Java SE CVE-2014-4247 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Oracle Java SE CVE-2014-4247 Remote Security Vulnerability
Categories:

Vuln: Lime Survey Multiple Input Validation Vulnerabilities

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Lime Survey Multiple Input Validation Vulnerabilities
Categories:

Vuln: vBulletin CVE-2014-5102 SQL Injection Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
vBulletin CVE-2014-5102 SQL Injection Vulnerability
Categories:

Vuln: ManageEngine EventLog Analyzer '/event/j_security_check' Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
ManageEngine EventLog Analyzer '/event/j_security_check' Cross Site Scripting Vulnerability
Categories:

Vuln: WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities
Categories:

Vuln: Cisco WebEx Meetings Server 'user.php' Information Disclosure Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Cisco WebEx Meetings Server 'user.php' Information Disclosure Vulnerability
Categories:

Vuln: Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Cisco WebEx Meetings Server CVE-2014-3305 Cross Site Request Forgery Vulnerability
Categories:

Vuln: Cobbler 'Kickstart' Value Local File Include Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Cobbler 'Kickstart' Value Local File Include Vulnerability
Categories:

Vuln: Zarafa WebAccess and WebApp Local Information Disclosure Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
Zarafa WebAccess and WebApp Local Information Disclosure Vulnerability
Categories:

Vuln: PulseAudio 'pa_rtp_recv()' Function Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
PulseAudio 'pa_rtp_recv()' Function Remote Denial of Service Vulnerability
Categories:

Vuln: OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
Categories:

Vuln: OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability

Security Focus Latest Security Advisories - July 27, 2014 - 11:00pm
OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
Categories: