BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 43 min 38 sec ago

[SECURITY] [DSA 3060-1] linux security update

3 hours 46 min ago

Posted by Salvatore Bonaccorso on Oct 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3060-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
October 31, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2014-3610 CVE-2014-3611...
Categories:

[SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU

3 hours 56 min ago

Posted by Security Explorations on Oct 31

Hello All,

We've been recently informed by a 3rd party that Oracle planned to release
fixes for the vulnerabilities covered by our SE-2014-01 [1] project in Nov
2014.

We initially thought that someone mistakenly took Oct for Nov (Oracle CPU
was released on Oct 14, 2014), but the credibility of the source of this
information made us dig a little bit further into this.

As a result we found out the following.

OJVM PSU patches covering...
Categories:

SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

4 hours 9 min ago

Posted by SEC Consult Vulnerability Lab on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20141031-0 >
=======================================================================
title: XML External Entity Injection (XXE) and Reflected XSS
product: Scalix Web Access
vulnerable version: 11.4.6.12377 and 12.2.0.14697
fixed version: -
impact: Critical
homepage: http://www.scalix.com/
found: 2014-08-27...
Categories:

[SYSS-2014-008] McAfee File and Removable Media Protection (FRP/EEFF/EERM) - Use of a One-Way Hash with a Predictable Salt (CVE-2014-8565)

4 hours 17 min ago

Posted by matthias . deeg on Oct 31

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Advisory ID: SYSS-2014-008
Product(s): McAfee Endpoint Encryption for Files and Folders (EEFF)
McAfee File and Removable Media Protection (FRP)
Vendor: McAfee, Inc.
Affected Version(s): EEFF 3.2.x, 4.0.x, 4.1.x, 4.2.x; FRP 4.3.0.x
Tested Version(s): 4.2.0.164
Vulnerability Type: Insufficient Entropy (CWE-331)
Use of a One-Way Hash...
Categories:

[security bulletin] HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack

4 hours 26 min ago

Posted by security-alert on Oct 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04492722

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04492722
Version: 1

HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack

NOTICE: The information in this Security Bulletin should be acted upon...
Categories:

[security bulletin] HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)

4 hours 37 min ago

Posted by security-alert on Oct 31

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04483249

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04483249
Version: 1

HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized
Access, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

Call for Papers - WorldCIST'15 - Azores, Deadline: November 23

October 30, 2014 - 8:54am

Posted by ML on Oct 30

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[slackware-security] wget (SSA:2014-302-01)

October 30, 2014 - 8:46am

Posted by Slackware Security Team on Oct 30

[slackware-security] wget (SSA:2014-302-01)

New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/wget-1.14-i486-3_slack14.1.txz: Rebuilt.
This update fixes a symlink vulnerability that could allow an attacker
to write outside of the expected directory.
For more information,...
Categories:

[security bulletin] HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

October 30, 2014 - 8:36am

Posted by security-alert on Oct 30

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 2

HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...
Categories:

[SECURITY] [DSA 3059-1] dokuwiki security update

October 30, 2014 - 8:26am

Posted by Moritz Muehlenhoff on Oct 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3059-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 29, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dokuwiki
CVE ID : CVE-2014-8761 CVE-2014-8762...
Categories:

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare

October 29, 2014 - 12:54pm

Posted by research on Oct 29

Nuevolabs Nuevoplayer for clipshare SQL Injection
=======================================================================

:: ADVISORY SUMMARY ::
Title: Nuevolabs Nuevoplayer for clipshare Sql Injection
Vendor: NUEVOLABS (www.nuevolabs.com)
Product: NUEVOPLAYER for clipshare
Credits: Cory Marsh - protectlogic.com
Discovery: 2014-10-10
Release: 2014-10-28

Nueovplayer is a popular flash video player with integration into multiple...
Categories:

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme

October 29, 2014 - 12:44pm

Posted by SEC Consult Vulnerability Lab on Oct 29

SEC Consult Vulnerability Lab Security Advisory < 20141029-1 >
=======================================================================
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version: 4.0.12
impact: high
homepage: http://www.refinedwiki.com/
found: 2014-08-07
by: Manuel...
Categories:

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel

October 29, 2014 - 12:36pm

Posted by SEC Consult Vulnerability Lab on Oct 29

SEC Consult Vulnerability Lab Security Advisory < 20141029-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version: -
impact: critical
homepage: http://www.vizensoft.com
found: 2014-07-10
by: A. Antukh, A. Baranov...
Categories:

Multiple vulnerabilities in EspoCRM

October 29, 2014 - 12:26pm

Posted by High-Tech Bridge Security Research on Oct 29

Advisory ID: HTB23238
Product: EspoCRM
Vendor: http://www.espocrm.com
Vulnerable Version(s): 2.5.2 and probably prior
Tested Version: 2.5.2
Advisory Publication: October 8, 2014 [without technical details]
Vendor Notification: October 8, 2014
Vendor Patch: October 10, 2014
Public Disclosure: October 29, 2014
Vulnerability Type: PHP File Inclusion [CWE-98], Improper Access Control [CWE-284], Cross-Site Scripting [CWE-79]
CVE References:...
Categories:

[ MDVSA-2014:212 ] wget

October 29, 2014 - 12:16pm

Posted by security on Oct 29

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wget
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:211 ] wpa_supplicant

October 29, 2014 - 12:07pm

Posted by security on Oct 29

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:211
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wpa_supplicant
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

October 29, 2014 - 11:58am

Posted by security-alert on Oct 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 1

HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...
Categories:

[SECURITY] [DSA 3050-2] xulrunner update

October 29, 2014 - 11:48am

Posted by Moritz Muehlenhoff on Oct 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...
Categories:

phpfusion (Search Page) Denial of Service Vulnerability

October 28, 2014 - 11:04am

Posted by iedb . team on Oct 28

phpfusion All version suffers from a denial of service vulnerability.

#!/usr/bin/perl
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
#...
Categories:

[ MDVSA-2014:210 ] mariadb

October 28, 2014 - 10:54am

Posted by security on Oct 28

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mariadb
Date : October 28, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories: