Feed aggregator

Vuln: WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities

Security Focus Latest Security Advisories - March 26, 2015 - 11:00pm
WebGate eDVR Manager ActiveX Controls CVE-2015-2098 Multiple Buffer Overflow Vulnerabilities
Categories:

Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

Security Focus Latest Security Advisories - March 26, 2015 - 3:30pm
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers
Categories:

[security bulletin] HPSBMU03294 rev.1 - HP Process Automation running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - March 26, 2015 - 3:26pm

Posted by security-alert on Mar 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04597376

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04597376
Version: 1

HPSBMU03294 rev.1 - HP Process Automation running OpenSSL, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-03-26...
Categories:

Insecure file upload in Berta CMS

BugTraq Latest Security Advisories - March 26, 2015 - 2:28pm

Posted by Simon Waters on Mar 26

Berta CMS is a web based content management system using PHP and local file storage.

http://www.berta.me/

Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we
checked the file upload functionality of this software.

We found that the file upload didn't require authentication.

Images with a ".php" extension could be uploaded, and all that was required is that they pass...
Categories:

Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

Security Focus Latest Security Advisories - March 26, 2015 - 1:00pm
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
Categories:

3.14.37: longterm

Linux Kernel Updates - March 26, 2015 - 9:07am
Version:3.14.37 (longterm) Released:2015-03-26 Source:linux-3.14.37.tar.xz PGP Signature:linux-3.14.37.tar.sign Patch:patch-3.14.37.xz (Incremental) ChangeLog:ChangeLog-3.14.37

3.10.73: longterm

Linux Kernel Updates - March 26, 2015 - 9:01am
Version:3.10.73 (longterm) Released:2015-03-26 Source:linux-3.10.73.tar.xz PGP Signature:linux-3.10.73.tar.sign Patch:patch-3.10.73.xz (Incremental) ChangeLog:ChangeLog-3.10.73

3.19.3: stable

Linux Kernel Updates - March 26, 2015 - 8:00am
Version:3.19.3 (stable) Released:2015-03-26 Source:linux-3.19.3.tar.xz PGP Signature:linux-3.19.3.tar.sign Patch:patch-3.19.3.xz (Incremental) ChangeLog:ChangeLog-3.19.3

next-20150326: linux-next

Linux Kernel Updates - March 26, 2015 - 4:26am
Version:next-20150326 (linux-next) Released:2015-03-26

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

BugTraq Latest Security Advisories - March 25, 2015 - 1:37pm

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure

Advisory ID: cisco-sa-20150325-ani

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple
vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or...
Categories:

Bugtraq: Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - March 25, 2015 - 1:30pm
Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
Categories:

ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - March 25, 2015 - 1:21pm

Posted by Security Alert on Mar 25

ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2015-049

CVE Identifier: CVE-2015-0528

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

• EMC Isilon OneFS 7.2.0.0
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.1
• EMC Isilon OneFS 7.1.0.0 - 7.1.0.5
• EMC Isilon OneFS 7.0.2.0 - 7.0.2.12
• EMC Isilon OneFS 7.0.1.x
• EMC Isilon OneFS...
Categories:

canada goose uk db39m1

BugTraq Latest Security Advisories - March 25, 2015 - 12:29pm

Posted by ling201423 on Mar 25

<a href=http://fitflopsingapore.fffgc.org/>fitflop store</a> Studio Codency has developed all of his current website
projects, handled the marketing, SEO, and many other aspects of any project <a
href=http://fitflopsingapore.assisipress.com/>fitflop singapore sale</a>

<a href=http://fitflopmalaysia.seofilter.org/>fitflop malaysia sale 2014</a> This service will deliver a ring that
lights their heart...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers

BugTraq Latest Security Advisories - March 25, 2015 - 12:23pm

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud
Services 1000v Series Routers

Advisory ID: cisco-sa-20150325-iosxe

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers (ASR), Cisco 4400 Series Integrated
Services Routers (ISR), and Cisco Cloud Services Routers (CSR)...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

BugTraq Latest Security Advisories - March 25, 2015 - 12:04pm

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol

Advisory ID: cisco-sa-20150325-cip

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

The Cisco IOS Software implementation of the Common Industrial Protocol (CIP) feature contains the following
vulnerabilities when processing crafted CIP packets that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS)...
Categories:

Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities

BugTraq Latest Security Advisories - March 25, 2015 - 11:56am

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20150325-ikev2

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

Devices running Cisco IOS Software or IOS XE Software contain vulnerabilities within the Internet Key Exchange (IKE)
version 2 subsystem that could allow an unauthenticated, remote attacker to cause a denial of service...
Categories:

Cisco Security Advisory: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability

BugTraq Latest Security Advisories - March 25, 2015 - 11:49am

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability

Advisory ID: cisco-sa-20150325-mdns

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

A vulnerability in the multicast DNS (mDNS) gateway function of Cisco IOS Software and Cisco IOS XE Software could
allow an unauthenticated, remote attacker to reload the vulnerable device.

The vulnerability is due to improper validation of...
Categories:

Cisco Security Advisory: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

BugTraq Latest Security Advisories - March 25, 2015 - 11:39am

Posted by Cisco Systems Product Security Incident Response Team on Mar 25

Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability

Advisory ID: cisco-sa-20150325-wedge

Revision 1.0

For Public Release 2015 March 25 16:00 UTC (GMT)

Summary
=======

A vulnerability within the virtual routing and forwarding (VRF) subsystem of Cisco IOS software could allow an
unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a failure to properly...
Categories:

WSO2 Identity Server multiple vulnerabilities

BugTraq Latest Security Advisories - March 25, 2015 - 11:29am

Posted by Bartlomiej Balcerek on Mar 25

Hi,

WSO2 Identity Server (http://wso2.com/products/identity-server/) version
4.5.0/4.6.0/5.0.0 is prone to multiple vulnerabilities, including
authentication bypass.

Timeline:

09.10.2014 - Vendor notified
22.11.2014 - Vendor confirmed
04.12.2014 - Patches released
25.03.2015 - Bugtraq disclosure

Vulnerable versions:

IS 4.5.0
IS 4.6.0
IS 5.0.0

Fixed versions:

IS 4.5.0 + WSO2-CARBON-PATCH-4.2.0-0932
IS 4.6.0 + WSO2-CARBON-PATCH-4.2.0-0933
IS...
Categories:

Arbitrary file deletion and multiple XSS vulnerabilities in pfSense

BugTraq Latest Security Advisories - March 25, 2015 - 9:20am

Posted by High-Tech Bridge Security Research on Mar 25

Advisory ID: HTB23251
Product: pfSense
Vendor: Electric Sheep Fencing LLC
Vulnerable Version(s): 2.2 and probably prior
Tested Version: 2.2
Advisory Publication: March 4, 2015 [without technical details]
Vendor Notification: March 4, 2015
Vendor Patch: March 5, 2015
Public Disclosure: March 25, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
CVE References: CVE-2015-2294, CVE-2015-2295
Risk...
Categories: