Feed aggregator

Vuln: OpenSSL DTLS CVE-2014-3505 Remote Denial of Service Vulnerability

OpenSSL DTLS CVE-2014-3505 Remote Denial of Service Vulnerability
Categories:

Vuln: OpenSSL CVE-2014-3508 Information Disclosure Vulnerability

OpenSSL CVE-2014-3508 Information Disclosure Vulnerability
Categories:

Vuln: OpenSSL DTLS CVE-2014-3506 Remote Denial of Service Vulnerability

OpenSSL DTLS CVE-2014-3506 Remote Denial of Service Vulnerability
Categories:

Vuln: GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability

GNU Bash CVE-2014-7169 Incomplete Fix Remote Code Execution Vulnerability
Categories:

Vuln: IBM Java CVE-2013-4002 Denial of Service Vulnerability

IBM Java CVE-2013-4002 Denial of Service Vulnerability
Categories:

Vuln: GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability

GNU Bash CVE-2014-6271 Remote Code Execution Vulnerability
Categories:

Vuln: Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability

Mozilla Network Security Services CVE-2014-1568 Security Bypass Vulnerability
Categories:

Vuln: Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability

Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4263 Remote Security Vulnerability

Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
Categories:

Bugtraq: [SECURITY] [DSA 3039-1] chromium-browser security update

Security Focus Latest Security Advisories - September 29, 2014 - 8:00am
[SECURITY] [DSA 3039-1] chromium-browser security update
Categories:

Bugtraq: [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

Security Focus Latest Security Advisories - September 29, 2014 - 8:00am
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
Categories:

Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]

BugTraq Latest Security Advisories - September 29, 2014 - 7:55am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass (insecure message signing) : CVE-2014-5376]##

Software: Moab
Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8
CVE Reference: CVE-2014-5376
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Provided additional guidance in 7.2.9 release notes (MOAB-7480)

##[Description]...
Categories:

Moab User Impersonation [CVE-2014-5375]

BugTraq Latest Security Advisories - September 29, 2014 - 7:41am

Posted by john . fitzpatrick on Sep 29

##[Moab User Impersonation : CVE-2014-5375]##

Software: Moab
Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8.
CVE Reference: CVE-2014-5375
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Updates in Moab 7.2.9 and Moab 8 provide some mitigations

##[Description]

It is possible to submit jobs...
Categories:

Moab Authentication Bypass [CVE-2014-5300]

BugTraq Latest Security Advisories - September 29, 2014 - 7:33am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass : CVE-2014-5300]##

Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Resolved in Moab 7.2.9 and Moab 8

##[Description]

It is possible to bypass authentication within Moab in order to impersonate and run commands/operations as...
Categories:

[slackware-security] mozilla-firefox (SSA:2014-271-01)

BugTraq Latest Security Advisories - September 29, 2014 - 7:25am

Posted by Slackware Security Team on Sep 29

[slackware-security] mozilla-firefox (SSA:2014-271-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[SECURITY] [DSA 3039-1] chromium-browser security update

BugTraq Latest Security Advisories - September 29, 2014 - 7:15am

Posted by Michael Gilbert on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3039-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
September 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-3160...
Categories:

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

BugTraq Latest Security Advisories - September 29, 2014 - 7:05am

Posted by Pedro Ribeiro on Sep 29

Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload with directory traversal as well as an
arbitrary file deletion vulnerability. The file upload can be abused
to deliver a WAR payload in the Tomcat...
Categories:

[SECURITY] [DSA 3038-1] libvirt security update

BugTraq Latest Security Advisories - September 29, 2014 - 6:57am

Posted by Salvatore Bonaccorso on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3038-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2014-0179 CVE-2014-3633
Debian...
Categories:

Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon

BugTraq Latest Security Advisories - September 29, 2014 - 6:47am

Posted by Aditya Gupta on Sep 29

Hello everyone,

I'm glad to announce that, I'll be running a 2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro
and on a set of vulnerable labs built for Toorcon...
Categories:

Bugtraq: [SECURITY] [DSA 3037-1] icedove security update

Security Focus Latest Security Advisories - September 29, 2014 - 6:45am
[SECURITY] [DSA 3037-1] icedove security update
Categories: