Feed aggregator

CVE-2015-3252: Apache CloudStack VNC authentication issue

BugTraq Latest Security Advisories - February 5, 2016 - 3:01am

Posted by John Kinsella on Feb 05

CVE-2015-3252: Apache CloudStack VNC authentication issue

CVSS v2:
4.3 (AV:N/AC:H/Au:M/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1

Description:
Apache CloudStack sets a VNC password unique to each KVM virtual
machine under management. Upon migrating a VM from one host to
another, the VNC password is no longer set in KVM on the new host.

To leverage this issue, an...
Categories:

CVE-2015-3251: Apache CloudStack VM Credential Exposure

BugTraq Latest Security Advisories - February 5, 2016 - 2:46am

Posted by John Kinsella on Feb 04

CVE-2015-3251: Apache CloudStack VM Credential Exposure

CVSS v2:
6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1

Description:
Apache CloudStack provides an API for managing network, compute,
storage, and user aspects of a CloudStack cloud. Under certain
circumstances, the results of certain API calls may expose the root
password for a virtual machine...
Categories:

[SECURITY] [DSA 3466-1] krb5 security update

BugTraq Latest Security Advisories - February 5, 2016 - 2:30am

Posted by Salvatore Bonaccorso on Feb 04

-------------------------------------------------------------------------
Debian Security Advisory DSA-3466-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : krb5
CVE ID : CVE-2015-8629 CVE-2015-8630...
Categories:

Bugtraq: WordPress User Meta Manager Plugin [Privilege Escalation]

Security Focus Latest Security Advisories - February 5, 2016 - 2:00am
WordPress User Meta Manager Plugin [Privilege Escalation]
Categories:

Bugtraq: Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

Security Focus Latest Security Advisories - February 5, 2016 - 2:00am
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass
Categories:

Bugtraq: AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

Security Focus Latest Security Advisories - February 5, 2016 - 2:00am
AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.
Categories:

next-20160205: linux-next

Linux Kernel Updates - February 4, 2016 - 10:42pm
Version:next-20160205 (linux-next) Released:2016-02-05

WordPress User Meta Manager Plugin [Blind SQLI]

BugTraq Latest Security Advisories - February 4, 2016 - 11:59am

Posted by pan . vagenas on Feb 04

* Exploit Title: WordPress User Meta Manager Plugin [Blind SQLI]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4.1
* Category: webapps

Description...
Categories:

WordPress User Meta Manager Plugin [Privilege Escalation]

BugTraq Latest Security Advisories - February 4, 2016 - 11:43am

Posted by pan . vagenas on Feb 04

* Exploit Title: WordPress User Meta Manager Plugin [Privilege Escalation]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4.1
* Category: webapps

Description...
Categories:

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

BugTraq Latest Security Advisories - February 4, 2016 - 6:32am

Posted by Vulnerability Lab on Feb 04

Document Title:
===============
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1710

Apple Follow-up ID: 631627909

Video: http://www.vulnerability-lab.com/get_content.php?id=1711

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2016/02/04/apple-ios-v9x-application-update-loop-pass-code-bypass...
Categories:

[slackware-security] mozilla-firefox (SSA:2016-034-01)

BugTraq Latest Security Advisories - February 4, 2016 - 3:11am

Posted by Slackware Security Team on Feb 04

[slackware-security] mozilla-firefox (SSA:2016-034-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.6.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories: