Feed aggregator

[SECURITY] [DSA 3223-1] ntp security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:54am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3223-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntp
CVE ID : CVE-2015-1798 CVE-2015-1799
Debian Bug...
Categories:

[SECURITY] [DSA 3222-1] chrony security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:47am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3222-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chrony
CVE ID : CVE-2015-1821 CVE-2015-1822...
Categories:

[SECURITY] [DSA 3221-1] das-watchdog security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:39am

Posted by Salvatore Bonaccorso on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3221-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 12, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : das-watchdog
CVE ID : CVE-2015-2831
Debian Bug...
Categories:

Safari iOS/OS X/Windows cookie access vulnerability

BugTraq Latest Security Advisories - April 13, 2015 - 8:31am

Posted by Jouko Pynnonen on Apr 13

OVERVIEW
==========

The 4/8/2015 security updates from Apple included a patch for a Safari
cross-domain vulnerability. An attacker could create web content
which, when viewed by a target user, bypasses some of the normal
cross-domain restrictions to access or modify HTTP cookies belonging
to any website.

Most websites which allow user logins store their authentication
information (usually session keys) in cookies. Access to these cookies
would...
Categories:

[SECURITY] [DSA 3220-1] libtasn1-3 security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:23am

Posted by Salvatore Bonaccorso on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3220-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 11, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-3
CVE ID : CVE-2015-2806

Hanno Boeck...
Categories:

Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability]

BugTraq Latest Security Advisories - April 13, 2015 - 8:14am

Posted by huehuehuehue10 on Apr 13

Title: Hijack any website from weebly.com by just adding an administrator to their website. [Insecure Direct Object
Reference Vulnerability]

=====

Weebly is a web-hosting service that allows the user to “drag-and-drop” while using their website builder. As of August
2012, Weebly hosts over 20 million sites with a monthly rate of over 1 million unique visitors.
‘http://en.wikipedia.org/wiki/Weebly’.

Website: https://www.weebly.com

Any...
Categories:

[SECURITY] [DSA 3219-1] libdbd-firebird-perl security update

BugTraq Latest Security Advisories - April 13, 2015 - 8:05am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3219-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 11, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libdbd-firebird-perl
CVE ID : CVE-2015-2788
Debian...
Categories:

OrangeHRM Blind SQL Injection & XSS Vulnerabilities

BugTraq Latest Security Advisories - April 13, 2015 - 7:58am

Posted by Rehan Ahmed on Apr 13

I. Overview
========================================================
OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS
vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database
management system in HRM, perform operations on behalf of affected victim, redirect them to malicious sites, steal
their credentials, and...
Categories:

[ MDVSA-2015:203 ] batik

BugTraq Latest Security Advisories - April 13, 2015 - 7:49am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:203
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : batik
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories:

[security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information

BugTraq Latest Security Advisories - April 13, 2015 - 7:40am

Posted by security-alert on Apr 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04634535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04634535
Version: 1

HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote
Execution of Code, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[SECURITY] [DSA 3218-1] wesnoth-1.10 security update

BugTraq Latest Security Advisories - April 13, 2015 - 7:33am

Posted by Moritz Muehlenhoff on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3218-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 10, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wesnoth-1.10
CVE ID : CVE-2015-0844

Ignacio R....
Categories:

Hidden backdoor API to root privileges in Apple OS X

BugTraq Latest Security Advisories - April 13, 2015 - 7:26am

Posted by Jeffrey Walton on Apr 13

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

The Admin framework in Apple OS X contains a hidden backdoor API to
root privileges. It’s been there for several years (at least since
2011), I found it in October 2014 and it can be exploited to escalate
privileges to root from any user account in the system.

The intention was probably to serve the “System Preferences” app and
systemsetup...
Categories:

SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)

BugTraq Latest Security Advisories - April 13, 2015 - 7:19am

Posted by SEC Consult Vulnerability Lab on Apr 13

SEC Consult Vulnerability Lab Security Advisory < 20150410-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: Multiple TP-LINK products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: see Solution
CVE number: CVE-2015-3035
impact: Critical...
Categories:

[ MDVSA-2015:201 ] arj

BugTraq Latest Security Advisories - April 13, 2015 - 7:11am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:201
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : arj
Date : April 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple...
Categories:

[ MDVSA-2015:202 ] ntp

BugTraq Latest Security Advisories - April 13, 2015 - 7:03am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:202
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ntp
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories:

[ MDVSA-2015:200 ] mediawiki

BugTraq Latest Security Advisories - April 13, 2015 - 6:56am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:200
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mediawiki
Date : April 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2015:199 ] less

BugTraq Latest Security Advisories - April 13, 2015 - 6:48am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:199
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : less
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories: