Feed aggregator

Vuln: Oracle Java SE CVE-2014-6601 Remote Java SE Vulnerability

Security Focus Latest Security Advisories - January 23, 2015 - 12:00am
Oracle Java SE CVE-2014-6601 Remote Java SE Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2015-0407 Remote Java SE Vulnerability

Security Focus Latest Security Advisories - January 23, 2015 - 12:00am
Oracle Java SE CVE-2015-0407 Remote Java SE Vulnerability
Categories:

PhotoSync 1.1.3 Android - Command Inject Vulnerability

BugTraq Latest Security Advisories - January 22, 2015 - 12:10pm

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
PhotoSync 1.1.3 Android - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1410

Common Vulnerability Scoring System:
====================================
5.2

Product & Service Introduction:...
Categories:

Program-O v2.4.6 - Multiple Web Vulnerabilities

BugTraq Latest Security Advisories - January 22, 2015 - 12:01pm

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
Program-O v2.4.6 - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1414

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1414

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:
===============================...
Categories:

CVE-2015-1180-xss-eventsentry

BugTraq Latest Security Advisories - January 22, 2015 - 9:40am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1180-xss-eventsentry

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface
Affected Software : EventSentry
Affected Versions: 3.1.0 and possibly below
Vendor Homepage : http://eventsentry.com/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1180

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in...
Categories:

CVE-2015-1179-xss-mango-automation-scada

BugTraq Latest Security Advisories - January 22, 2015 - 9:32am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1179-xss-mango-automation-scada

Information
-----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software
Affected Software : Mango Automation
Affected Versions: 2.4.0 and possibly below
Vendor Homepage : http://infiniteautomation.com/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1179

Impact
----------
An attacker can craft a URL with malicious JavaScript...
Categories:

CVE-2015-1178-xss-x-cart-ecommerce

BugTraq Latest Security Advisories - January 22, 2015 - 9:23am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1178-xss-x-cart-ecommerce

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in X-CART e-Commerce software
Affected Software : X-Cart
Affected Versions: 5.1.8 and possibly below
Vendor Homepage : https://www.x-cart.com
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1178

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in the...
Categories:

CVE-2015-1177-xss-exponent

BugTraq Latest Security Advisories - January 22, 2015 - 9:15am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1177-xss-exponent

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Exponent CMS
Affected Software : Exponent
Affected Versions: 2.3.2 and possibly below
Vendor Homepage : http://www.exponentcms.org/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1177

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in the browser.

Technical...
Categories:

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP

BugTraq Latest Security Advisories - January 22, 2015 - 9:04am

Posted by SEC Consult Vulnerability Lab on Jan 22

SEC Consult Vulnerability Lab Security Advisory < 20150122-0 >
=======================================================================
title: Multiple critical vulnerabilities
products: Symantec Data Center Security: Server Advanced (SDCS:SA)
Symantec Critical System Protection (SCSP)
vulnerable version: see: Vulnerable / tested versions
fixed version: SCSP 5.2.9 MP6, SDCS:SA 6.0 MP1 -...
Categories:

CVE-2015-1176-xss-osticket

BugTraq Latest Security Advisories - January 22, 2015 - 8:55am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1176-xss-osticket

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in osTicket Ticket system
Affected Software : osTicket
Affected Versions: 1.9.4 and possibly below
Vendor Homepage : http://osticket.com/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1176

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in the browser....
Categories:

Bugtraq: [oCERT-2015-001] JasPer input sanitization errors

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
[oCERT-2015-001] JasPer input sanitization errors
Categories:

Bugtraq: [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass
Categories:

Bugtraq: PhotoSync v1.1.3 Android - Command Inject Vulnerability

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
PhotoSync v1.1.3 Android - Command Inject Vulnerability
Categories:

Bugtraq: iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll
Categories:

[slackware-security] samba (SSA:2015-020-01)

BugTraq Latest Security Advisories - January 22, 2015 - 4:12am

Posted by Slackware Security Team on Jan 22

[slackware-security] samba (SSA:2015-020-01)

New samba packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.16-i486-1_slack14.1.txz: Upgraded.
This update is a security release in order to address CVE-2014-8143
(Elevation of privilege to Active Directory Domain Controller).
Samba's AD DC allows...
Categories:

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

BugTraq Latest Security Advisories - January 22, 2015 - 4:03am

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1413

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
====================================
1413

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:...
Categories:

iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

BugTraq Latest Security Advisories - January 22, 2015 - 3:54am

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1415

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600

CVE-ID:
=======
CVE-2014-9600

Release Date:
=============
2015-01-19

Vulnerability Laboratory ID (VL-ID):
====================================
1415

Common Vulnerability Scoring System:...
Categories:

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

BugTraq Latest Security Advisories - January 22, 2015 - 3:45am

Posted by RedTeam Pentesting GmbH on Jan 22

Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.

Details
=======

Product: AVM FRITZ!Box 7490, 7390, 7270v3 and other models...
Categories:

Bugtraq: [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
Categories:

Bugtraq: [SECURITY] [DSA 3134-1] sympa security update

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
[SECURITY] [DSA 3134-1] sympa security update
Categories: