Feed aggregator

Bugtraq: [SECURITY] [DSA 3296-1] libcrypto++ security update

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
[SECURITY] [DSA 3296-1] libcrypto++ security update
Categories:

APPLE-SA-2015-06-30-1 iOS 8.4

BugTraq Latest Security Advisories - June 30, 2015 - 12:27pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-1 iOS 8.4

iOS 8.4 is now available and addresses the following:

Application Store
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious universal provisioning profile app may prevent
apps from launching
Description: An issue existed in the install logic for universal
provisioning profile apps, which allowed a collision to occur with
existing bundle IDs. This issue...
Categories:

Bugtraq: novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
Categories:

Google Chrome Address Spoofing (Request For Comment)

BugTraq Latest Security Advisories - June 30, 2015 - 7:21am

Posted by David Leo on Jun 30

Impact:
The "click to verify" thing is completely broken...
Anyone can be "BBB Accredited Business" etc.
You can make whitehouse.gov display "We love Islamic State" :-)

Note:
No user interaction on the fake page.

Code:
***** index.html
<script>
function next()
{
w.location.replace('http://www.oracle.com/index.html?'+n);n++;
setTimeout("next();",15);...
Categories:

CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP

BugTraq Latest Security Advisories - June 30, 2015 - 6:15am

Posted by Fernando Muñoz on Jun 30

TimeDoctor claims to be a software that helps to improve the
productivity of teams, reduce time spent on distractions [1]

Vulnerability:
TimeDoctor autoupdate feature downloads and executes files over plain
HTTP and doesn't perform any check with the files. An attacker with
MITM capabilities (i.e., when user connects to a public wifi) could
override the Timedoctor subdomain and then execute custom binaries on
the machine where the...
Categories:

Bugtraq: CollabNet Subversion Edge indes local file inclusion

CollabNet Subversion Edge indes local file inclusion
Categories:

next-20150630: linux-next

Linux Kernel Updates - June 30, 2015 - 12:47am
Version:next-20150630 (linux-next) Released:2015-06-30

4.1.1: stable

Linux Kernel Updates - June 29, 2015 - 2:55pm
Version:4.1.1 (stable) Released:2015-06-29 Source:linux-4.1.1.tar.xz PGP Signature:linux-4.1.1.tar.sign Patch:patch-4.1.1.xz ChangeLog:ChangeLog-4.1.1

4.0.7: stable

Linux Kernel Updates - June 29, 2015 - 2:29pm
Version:4.0.7 (stable) Released:2015-06-29 Source:linux-4.0.7.tar.xz PGP Signature:linux-4.0.7.tar.sign Patch:patch-4.0.7.xz (Incremental) ChangeLog:ChangeLog-4.0.7

3.14.46: longterm

Linux Kernel Updates - June 29, 2015 - 2:25pm
Version:3.14.46 (longterm) Released:2015-06-29 Source:linux-3.14.46.tar.xz PGP Signature:linux-3.14.46.tar.sign Patch:patch-3.14.46.xz (Incremental) ChangeLog:ChangeLog-3.14.46

3.10.82: longterm

Linux Kernel Updates - June 29, 2015 - 2:08pm
Version:3.10.82 (longterm) Released:2015-06-29 Source:linux-3.10.82.tar.xz PGP Signature:linux-3.10.82.tar.sign Patch:patch-3.10.82.xz (Incremental) ChangeLog:ChangeLog-3.10.82

Bugtraq: CollabNet Subversion Edge missing single login restriction

Security Focus Latest Security Advisories - June 29, 2015 - 12:45pm
CollabNet Subversion Edge missing single login restriction
Categories:

[SECURITY] [DSA 3297-1] unattended-upgrades security update

BugTraq Latest Security Advisories - June 29, 2015 - 12:34pm

Posted by Alessandro Ghedini on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3297-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : unattended-upgrades
CVE ID : CVE-2015-1330

It was...
Categories:

[SECURITY] [DSA 3296-1] libcrypto++ security update

BugTraq Latest Security Advisories - June 29, 2015 - 10:14am

Posted by Alessandro Ghedini on Jun 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3296-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libcrypto++
CVE ID : CVE-2015-2141

Evgeny Sidorov...
Categories:

novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities

BugTraq Latest Security Advisories - June 29, 2015 - 10:04am

Posted by apparitionsec on Jun 29

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt

Vendor:
=======================
community.novius-os.org

Product:
===============================================================
novius-os.5.0.1-elche is a PHP Based Content Management System
community.novius-os.org/developpers/download.html

Advisory Information:...
Categories:

CollabNet Subversion Edge indes local file inclusion

BugTraq Latest Security Advisories - June 29, 2015 - 9:54am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "listViewItem" parameter of the "index" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw...
Categories:

CollabNet Subversion Edge missing single login restriction

BugTraq Latest Security Advisories - June 29, 2015 - 9:46am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge management missing single login
# restriction
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: No single login restriction
#
# Risk: Low
# Status: public/unfixed
# Fixed version: -

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08...
Categories:

CollabNet Subversion Edge weak password storage mechanism

BugTraq Latest Security Advisories - June 29, 2015 - 9:39am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge stores passwords as unsalted MD5 hashes
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure password storage

# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08 Vendor...
Categories:

CollabNet Subversion Edge missing XSRF protection

BugTraq Latest Security Advisories - June 29, 2015 - 9:31am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: XSRF
#
# Risk: Low
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08 Vendor...
Categories:

CollabNet Subversion Edge weak password policy

BugTraq Latest Security Advisories - June 29, 2015 - 9:24am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge Management Frontend does not
# implement a strong password policy
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Lack of defensive measures
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21...
Categories: