Feed aggregator

Re: SaaS Marketing platform Hubspot export vulnerability

BugTraq Latest Security Advisories - August 28, 2014 - 11:44am

Posted by security on Aug 28

We at HubSpot take the concerns of the security community seriously, and continuously work to improve our posture in
this ever-changing field. We do have predefined roles in the application which allow our customers to segment users
permissions based on their role. These horizontal permissions are quite common among SaaS vendors.

The export functionality mentioned does have existing auditing capability in the back end. For exports, we have...
Categories:

[SECURITY] [DSA 3014-1] squid3 security update

BugTraq Latest Security Advisories - August 28, 2014 - 11:15am

Posted by Salvatore Bonaccorso on Aug 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-3014-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
August 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : squid3
CVE ID : CVE-2014-3609
Debian Bug :...
Categories:

Bugtraq: [SECURITY] [DSA 3013-1] s3ql security update

Security Focus Latest Security Advisories - August 28, 2014 - 11:00am
[SECURITY] [DSA 3013-1] s3ql security update
Categories:

Bugtraq: [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert

Security Focus Latest Security Advisories - August 28, 2014 - 11:00am
[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert
Categories:

SEC Consult SA-20140828-0 :: F5 BIG-IP Reflected Cross-Site Scripting

BugTraq Latest Security Advisories - August 28, 2014 - 8:38am

Posted by SEC Consult Vulnerability Lab on Aug 28

SEC Consult Vulnerability Lab Security Advisory < 20140828-0 >
=======================================================================
title: Reflected Cross-Site Scripting
product: F5 BIG-IP
vulnerable version: <= 11.5.1
fixed version: > 11.6.0
impact: Medium
CVE number: CVE-2014-4023
homepage: https://f5.com/
found: 2014-07-07
by: Stefan...
Categories:

Bugtraq: Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30)

Security Focus Latest Security Advisories - August 28, 2014 - 8:30am
Last CFP: ICETC2014 - IEEE - Poland (Deadline: Aug. 30)
Categories:

Bugtraq: [SECURITY] [DSA 3012-1] eglibc security update

Security Focus Latest Security Advisories - August 28, 2014 - 6:00am
[SECURITY] [DSA 3012-1] eglibc security update
Categories:

Bugtraq: SaaS Marketing platform Hubspot export vulnerability

Security Focus Latest Security Advisories - August 28, 2014 - 6:00am
SaaS Marketing platform Hubspot export vulnerability
Categories:

Bugtraq: Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks

Security Focus Latest Security Advisories - August 28, 2014 - 6:00am
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
Categories:

Aerohive Hive Manager and Hive OS Multiple Vulnerabilities

BugTraq Latest Security Advisories - August 28, 2014 - 5:55am

Posted by Disclosure on Aug 28

( , ) (,
. '.' ) ('. ',
). , ('. ( ) (
(_,) .'), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / \
/ \/ | \\ \__( <_> ) Y Y \
/______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_=''"''=....
Categories:

[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert

BugTraq Latest Security Advisories - August 28, 2014 - 5:45am

Posted by Pedro Ribeiro on Aug 28

Hi,

You can read the usernames and MD5 hashed passwords of all the users
in the Device Expert application by sending an unauthenticated
request.
I am releasing this as a 0 day as ManageEngine have responded that
they do not consider this a priority and won't fix it in the near
future unless a customer requests it. See details below.

==========================================================================

"DeviceExpert is a...
Categories:

[SECURITY] [DSA 3013-1] s3ql security update

BugTraq Latest Security Advisories - August 28, 2014 - 5:35am

Posted by Florian Weimer on Aug 28

-------------------------------------------------------------------------
Debian Security Advisory DSA-3013-1 security () debian org
http://www.debian.org/security/ Florian Weiemr
August 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : s3ql
CVE ID : CVE-2014-0485

Nikolaus Rath...
Categories:

next-20140828: linux-next

Linux Kernel Updates - August 28, 2014 - 12:27am
Version:next-20140828 (linux-next) Released:2014-08-28

Vuln: Linux Kernel 'ping_init_sock()' Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
Linux Kernel 'ping_init_sock()' Local Privilege Escalation Vulnerability
Categories:

Vuln: Linux Kernel CVE-2014-2678 NULL Pointer Dereference Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
Linux Kernel CVE-2014-2678 NULL Pointer Dereference Local Denial of Service Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1511 Security Bypass Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1511 Security Bypass Vulnerability
Categories:

Vuln: IBM Eclipse Help System CVE-2014-0917 Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
IBM Eclipse Help System CVE-2014-0917 Cross Site Scripting Vulnerability
Categories:

Vuln: IBM Eclipse Help System CVE-2014-0918 Directory Traversal Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
IBM Eclipse Help System CVE-2014-0918 Directory Traversal Vulnerability
Categories:

Vuln: IBM Eclipse Help System Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
IBM Eclipse Help System Multiple Security Vulnerabilities
Categories:

Vuln: IBM Eclipse Help System CVE-2013-0467 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - August 27, 2014 - 11:00pm
IBM Eclipse Help System CVE-2013-0467 Information Disclosure Vulnerability
Categories: