Feed aggregator

[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege

BugTraq Latest Security Advisories - August 20, 2015 - 4:13pm

Posted by security-alert on Aug 20

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04735247

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04735247
Version: 1

HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-20
Last Updated:...
Categories:

[SECURITY] [DSA 3342-1] vlc security update

BugTraq Latest Security Advisories - August 20, 2015 - 4:03pm

Posted by Alessandro Ghedini on Aug 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3342-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
August 20, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2015-5949

Loren Maggiore of Trail...
Categories:

[oCERT-2015-009] VLC arbitrary pointer dereference

BugTraq Latest Security Advisories - August 20, 2015 - 3:55pm

Posted by Andrea Barisani on Aug 20

#2015-009 VLC arbitrary pointer dereference

Description:

The VLC media player is an open source media player and streaming media
server.

The stable VLC version suffers from an arbitrary pointer dereference
vulnerability.

The vulnerability affects the 3GP file format parser, insufficient
restrictions on a writable buffer can be exploited to execute arbitrary code
via the heap memory. A specific 3GP file can be crafted to trigger the...
Categories:

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 3:47pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
UBNT Bug Bounty #3 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1467

Video: http://www.vulnerability-lab.com/get_content.php?id=1468

Release Date:
=============
2015-08-11

Vulnerability Laboratory ID (VL-ID):
====================================
1467

Common Vulnerability Scoring System:
====================================
4.2...
Categories:

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 3:38pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1465

#52988

Release Date:
=============
2015-08-17

Vulnerability Laboratory ID (VL-ID):
====================================
1465

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...
Categories:

WebSolutions India Design CMS - SQL Injection Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 3:30pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
WebSolutions India Design CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1577

Release Date:
=============
2015-08-20

Vulnerability Laboratory ID (VL-ID):
====================================
1577

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...
Categories:

ChiefPDF Software v2.x - Buffer Overflow Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 3:22pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
ChiefPDF Software v2.x - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1578

Release Date:
=============
2015-08-20

Vulnerability Laboratory ID (VL-ID):
====================================
1578

Common Vulnerability Scoring System:
====================================
7.3

Product & Service Introduction:...
Categories:

PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 3:13pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1579

Video: https://youtu.be/-HTEIisSiH8

Release Date:
=============
2015-08-16

Vulnerability Laboratory ID (VL-ID):
====================================
1579

Common Vulnerability Scoring System:
====================================
7.9

Product &...
Categories:

Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)

BugTraq Latest Security Advisories - August 20, 2015 - 3:05pm

Posted by Vulnerability Lab on Aug 20

Document Title:
===============
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1576

Video: http://youtu.be/Vkswz7vt23M

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6332

CVE-ID:
=======
CVE-2014-6332

Release Date:
=============
2015-08-15

Vulnerability Laboratory ID (VL-ID):...
Categories:

[SECURITY] [DSA 3341-1] conntrack security update

BugTraq Latest Security Advisories - August 20, 2015 - 2:55pm

Posted by Salvatore Bonaccorso on Aug 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3341-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 20, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : conntrack
CVE ID : CVE-2015-6496
Debian Bug :...
Categories:

ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

BugTraq Latest Security Advisories - August 20, 2015 - 2:46pm

Posted by Security Alert on Aug 20

ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability

EMC Identifier: ESA-2015-132

CVE Identifier: CVE-2015-4537

Severity Rating: CVSS v2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Affected products:
• EMC Documentum D2 4.2 and earlier

Summary:

EMC Documentum D2 contains fail open vulnerability that could be exploited by malicious users to compromise D2.

Details:
Lockbox is a component of Documentum D2 which securely stores...
Categories: