Feed aggregator

Vuln: Google Chrome Prior to 34.0.1847.116 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - April 21, 2014 - 11:00pm
Google Chrome Prior to 34.0.1847.116 Multiple Security Vulnerabilities
Categories:

Vuln: Oracle Java SE CVE-2014-0368 Remote Security Vulnerability

Security Focus Latest Security Advisories - April 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-0368 Remote Security Vulnerability
Categories:

Vuln: LibYAML 'scanner.c' Remote Heap Based Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - April 21, 2014 - 11:00pm
LibYAML 'scanner.c' Remote Heap Based Buffer Overflow Vulnerability
Categories:

[SECURITY] [DSA 2901-3] wordpress regression update

BugTraq Latest Security Advisories - April 21, 2014 - 8:11am

Posted by Salvatore Bonaccorso on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-3 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...
Categories:

[SECURITY] [DSA 2895-2] prosody regression update

BugTraq Latest Security Advisories - April 21, 2014 - 8:00am

Posted by Luciano Bello on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2895-2 security () debian org
http://www.debian.org/security/ Luciano Bello
April 21, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody
CVE ID : CVE-2014-2744 CVE-2014-2745
Debian...
Categories:

Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl

BugTraq Latest Security Advisories - April 21, 2014 - 7:51am

Posted by craig . arendt on Apr 21

Product description:
============
MODX (originally MODx) is a free, open source content management system and web application framework for publishing
content on the world wide web and intranets.
============

MODX Revolution Blind SQL Injection (CVE-2014-2736)
============
The application is vulnerable to blind SQL injection which is exploitable through the session ID supplied by the user.
This issue is exploitable without authentication....
Categories:

Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2

BugTraq Latest Security Advisories - April 21, 2014 - 7:42am

Posted by craig . arendt on Apr 21

Product description:
============
KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and
records.
============

KnowledgeTree Blind SQL Injection (CVE-2014-2737)
============

The application is vulnerable to blind SQL injection which is exploitable through
/webservice/clienttools/services/mdownload.php. This issue is exploitable without authentication.

Details:...
Categories:

[security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - April 21, 2014 - 7:31am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236062

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236062
Version: 2

HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running
OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

Bugtraq: [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

Security Focus Latest Security Advisories - April 21, 2014 - 7:30am
[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution
Categories:

Bugtraq: [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information

Security Focus Latest Security Advisories - April 21, 2014 - 7:30am
[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information
Categories:

Bugtraq: [security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Di

Security Focus Latest Security Advisories - April 21, 2014 - 7:30am
[security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure
Categories:

Bugtraq: Remote Command Injection in Ruby Gem sfpagent 0.4.14

Security Focus Latest Security Advisories - April 21, 2014 - 7:30am
Remote Command Injection in Ruby Gem sfpagent 0.4.14
Categories:

[SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

BugTraq Latest Security Advisories - April 21, 2014 - 7:21am

Posted by Brett Porter on Apr 21

CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.6
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into
the Archiva home page.

Mitigation:
All users are recommended to...
Categories:

[SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution

BugTraq Latest Security Advisories - April 21, 2014 - 7:12am

Posted by Brett Porter on Apr 21

CVE-2013-2251: Apache Archiva Remote Command Execution

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Archiva 1.3 to Continuum 1.3.6
- The unsupported versions Archiva 1.2 to 1.2.2 are also affected.

Description:
Apache Archiva is affected by a vulnerability in the version of the Struts library being used, which allows a malicious
user to run code on the server remotely. More details about the vulnerability...
Categories:

[SECURITY] [DSA 2901-2] wordpress regression update

BugTraq Latest Security Advisories - April 21, 2014 - 7:05am

Posted by Thijs Kinkhorst on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2901-2 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
April 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2014-0165 CVE-2014-0166...
Categories:

[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - April 21, 2014 - 6:53am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04255796

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04255796
Version: 1

HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK)
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure

BugTraq Latest Security Advisories - April 21, 2014 - 6:44am

Posted by security-alert on Apr 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04236102

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04236102
Version: 4

HPSBMU02995 rev.4 - HP Software HP Service Manager, Asset Manager, UCMDB
Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation,
Diagnostics, LoadRunner, and Performance Center, running...
Categories:

Remote Command Injection in Ruby Gem sfpagent 0.4.14

BugTraq Latest Security Advisories - April 21, 2014 - 6:35am

Posted by Larry W. Cashdollar on Apr 21

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14

Date: 4/15/2014

Author: Larry W. Cashdollar, @_larry0

CVE: 2014-2888

Download: http://rubygems.org/gems/sfpagent

Vulnerability
The list variable generated from the user supplied JSON[body] input is passed directly to the system() shell on line
649. If a user supplies a module name with shell metacharacters like ; they might be able to execute shell commands on
the remote system as...
Categories:

[SECURITY] [DSA 2910-1] qemu-kvm security update

BugTraq Latest Security Advisories - April 21, 2014 - 6:25am

Posted by Salvatore Bonaccorso on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2910-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu-kvm
CVE ID : CVE-2014-0150

Michael S. Tsirkin...
Categories:

[SECURITY] [DSA 2909-1] qemu security update

BugTraq Latest Security Advisories - April 21, 2014 - 6:16am

Posted by Salvatore Bonaccorso on Apr 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2909-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
April 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2014-0150
Debian Bug : 744221...
Categories: