Feed aggregator

iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

BugTraq Latest Security Advisories - December 16, 2014 - 11:42pm

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
====================================
1376

Common Vulnerability Scoring System:
====================================
4.6

Product & Service Introduction:...
Categories:

Bugtraq: [SECURITY] [DSA 3105-1] heirloom-mailx security update

Security Focus Latest Security Advisories - December 16, 2014 - 11:15pm
[SECURITY] [DSA 3105-1] heirloom-mailx security update
Categories:

Bugtraq: [SECURITY] [DSA 3104-1] bsd-mailx security update

Security Focus Latest Security Advisories - December 16, 2014 - 11:15pm
[SECURITY] [DSA 3104-1] bsd-mailx security update
Categories:

Bugtraq: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

Security Focus Latest Security Advisories - December 16, 2014 - 11:15pm
W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
Categories:

Bugtraq: [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

Security Focus Latest Security Advisories - December 16, 2014 - 11:15pm
[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA
Categories:

[SECURITY] [DSA 3105-1] heirloom-mailx security update

BugTraq Latest Security Advisories - December 16, 2014 - 1:49pm

Posted by Florian Weimer on Dec 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3105-1 security () debian org
http://www.debian.org/security/ Florian Weimer
December 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : heirloom-mailx
CVE ID : CVE-2004-2771 CVE-2014-7844...
Categories:

[SECURITY] [DSA 3104-1] bsd-mailx security update

BugTraq Latest Security Advisories - December 16, 2014 - 1:41pm

Posted by Florian Weimer on Dec 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3104-1 security () debian org
http://www.debian.org/security/ Florian Weimer
December 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bsd-mailx
CVE ID : CVE-2014-7844

It was discovered...
Categories:

Bugtraq: "Ettercap 8.0 - 8.1" multiple vulnerabilities

Security Focus Latest Security Advisories - December 16, 2014 - 1:30pm
"Ettercap 8.0 - 8.1" multiple vulnerabilities
Categories:

Bugtraq: [SE-2014-02] Google App Engine Java security sandbox bypasses (status update)

Security Focus Latest Security Advisories - December 16, 2014 - 1:30pm
[SE-2014-02] Google App Engine Java security sandbox bypasses (status update)
Categories:

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

BugTraq Latest Security Advisories - December 16, 2014 - 12:57pm

Posted by Mazin Ahmed on Dec 16

####
# Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
# Author: Mazin Ahmed
##
# Date of Discovering: October 6th, 2014
# Date of Reporting to the Vendor: October 7th, 2014
# Date of Releasing a Patch: December 9th, 2014
##
# Vulnerability Type: Cross-Site Request Forgery (CSRF) - CWE-352
##
# Vendor Homepage: https://www.w3-edge.com/
##
# Affected Version: 0.9.4, previous versions might be vulnerable as...
Categories:

3.18.1: stable

Linux Kernel Updates - December 16, 2014 - 12:39pm
Version:3.18.1 (stable) Released:2014-12-16 Source:linux-3.18.1.tar.xz PGP Signature:linux-3.18.1.tar.sign Patch:patch-3.18.1.xz ChangeLog:ChangeLog-3.18.1

3.17.7: stable

Linux Kernel Updates - December 16, 2014 - 12:37pm
Version:3.17.7 (stable) Released:2014-12-16 Source:linux-3.17.7.tar.xz PGP Signature:linux-3.17.7.tar.sign Patch:patch-3.17.7.xz (Incremental) ChangeLog:ChangeLog-3.17.7

3.14.27: longterm

Linux Kernel Updates - December 16, 2014 - 12:34pm
Version:3.14.27 (longterm) Released:2014-12-16 Source:linux-3.14.27.tar.xz PGP Signature:linux-3.14.27.tar.sign Patch:patch-3.14.27.xz (Incremental) ChangeLog:ChangeLog-3.14.27

Bugtraq: CA20141215-01: Security Notice for CA LISA Release Automation

Security Focus Latest Security Advisories - December 16, 2014 - 12:15pm
CA20141215-01: Security Notice for CA LISA Release Automation
Categories:

3.10.63: longterm

Linux Kernel Updates - December 16, 2014 - 12:10pm
Version:3.10.63 (longterm) Released:2014-12-16 Source:linux-3.10.63.tar.xz PGP Signature:linux-3.10.63.tar.sign Patch:patch-3.10.63.xz (Incremental) ChangeLog:ChangeLog-3.10.63

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

BugTraq Latest Security Advisories - December 16, 2014 - 11:31am

Posted by Onapsis Research Labs on Dec 16

Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search
Token Privilege Escalation via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote and potentially
unauthenticated attacker would be able to access or modify any
information stored on the SAP BusineesObjects server.
The attacker could also connect to the business systems depending on the
configuration of the BO infrastructure.

Risk...
Categories:

Bugtraq: [ MDVSA-2014:253 ] apache-mod_wsgi

Security Focus Latest Security Advisories - December 16, 2014 - 11:15am
[ MDVSA-2014:253 ] apache-mod_wsgi
Categories:

"Ettercap 8.0 - 8.1" multiple vulnerabilities

BugTraq Latest Security Advisories - December 16, 2014 - 6:42am

Posted by Nick Sampanis on Dec 16

"Ettercap 8.0 - 8.1" multiple vulnerabilities

Description
------------------------------------------------------------
Twelve vulnerabilities exist on ettercap-ng which allow remote denial of
service and possible remote code execution. Specifically, the following
vulnerabilities were identified:
 
- A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql()
which may lead to remote code execution or denial of service.
-...
Categories:

Bugtraq: Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701

Security Focus Latest Security Advisories - December 16, 2014 - 6:30am
Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701
Categories:

[SE-2014-02] Google App Engine Java security sandbox bypasses (status update)

BugTraq Latest Security Advisories - December 16, 2014 - 4:42am

Posted by Security Explorations on Dec 16

Hello All,

We would like to provide a status update to the initial
announcement [1] made a week ago regarding our SE-2014-02
security research project targeting Google App Engine
for Java.

Information regarding vulnerabilities and associated PoC
codes (Issues 1-22 / unconfirmed Issues 23-35) was sent
to Google on Dec 07, 2014.

Google has been able to reproduce the issues locally, but
when tried in production some of them didn't seem to...
Categories: