BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 2 min 4 sec ago

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9367

December 19, 2014 - 10:11am

Posted by Onur Yilmaz on Dec 19

Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with Scope and Other URL Parameters of WebSearch
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE ID: CVE-2014-9367
Netsparker Advisory Reference : NS-14-042

Advisory URL
------------...
Categories:

TWiki Security Advisory - XSS Vulnerability - CVE-2014-9325

December 19, 2014 - 10:02am

Posted by Onur Yilmaz on Dec 19

Information
--------------------
Advisory by Netsparker.
Name: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING in TWiki
Affected Software : TWiki
Affected Versions: 6.0.1 and possibly below
Vendor Homepage : http://www.twiki.org/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE ID: CVE-2014-9325
Netsparker Advisory Reference : NS-14-041

Advisory URL
------------...
Categories:

Facebook BB #18 - IDOR Issue & Privacy Vulnerability

December 19, 2014 - 9:53am

Posted by Vulnerability Lab on Dec 19

Document Title:
===============
Facebook BB #18 - IDOR Issue & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1371

Facebook Security ID: 219208937

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
====================================
1371

Common Vulnerability Scoring System:
====================================
4.7

Product & Service...
Categories:

Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

December 19, 2014 - 9:43am

Posted by Vulnerability Lab on Dec 19

Document Title:
===============
Mobilis MobiConnect 3G ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1385

Release Date:
=============
2014-12-19

Vulnerability Laboratory ID (VL-ID):
====================================
1385

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:...
Categories:

iBackup v10.0.0.45 - Privilege Escalation Vulnerability

December 19, 2014 - 9:33am

Posted by Vulnerability Lab on Dec 19

Document Title:
===============
iBackup v10.0.0.45 - Privilege Escalation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1382

Release Date:
=============
2014-12-18

Vulnerability Laboratory ID (VL-ID):
====================================
1382

Common Vulnerability Scoring System:
====================================
6.2

Product & Service Introduction:...
Categories:

SEC Consult SA-20141219-0 :: XSS & Memory Disclosure vulnerabilities in NetIQ eDirectory NDS iMonitor

December 19, 2014 - 9:23am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141219-0 >
=======================================================================
title: XSS & Memory Disclosure
product: NetIQ eDirectory NDS iMonitor
vulnerable version: 8.8 SP8, 8.8 SP7
fixed version: 8.8 SP8 HF 4,
fix available for versions 8.8 SP7 (8.8.7.4 HF 4,
8.8.7.6 HF 3)
CVE number:...
Categories:

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

December 19, 2014 - 7:19am

Posted by Apple Product Security on Dec 19

APPLE-SA-2014-12-18-1 Xcode 6.2 beta 3

Xcode 6.2 beta 3 is now available and addresses the following:

Git
Available for: OS X Mavericks v10.9.4 or later
Impact: Synching with a malicious git repository may allow
unexpected files to be added to the .git folder
Description: The checks involved in disallowed paths did not account
for case insensitivity or unicode characters. This issue was
addressed by adding additional checks.
CVE-ID...
Categories:

[oCERT-2014-012] JasPer input sanitization errors

December 19, 2014 - 7:10am

Posted by Andrea Barisani on Dec 19

#2014-012 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by a double-free vulnerability in function
jas_iccattrval_destroy() as well as a heap-based buffer overflow in function
jp2_decode().

A specially crafted jp2 file, can be used to trigger the vulnerabilities.

Affected version:

JasPer <= 1.900.1

Fixed version:

JasPer, N/A

Credit:...
Categories:

SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted

December 19, 2014 - 7:00am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-1 >
=======================================================================
title: OS Command Execution
product: GParted - Gnome Partition Editor
vulnerable version: <=0.14.1
fixed version: >=0.15.0,
<=0.14.1 with fix for CVE-2014-7208 applied
CVE number: CVE-2014-7208
impact: medium...
Categories:

SEC Consult SA-20141218-2 :: Multiple high risk vulnerabilities in NetIQ Access Manager

December 19, 2014 - 6:51am

Posted by SEC Consult Vulnerability Lab on Dec 19

SEC Consult Vulnerability Lab Security Advisory < 20141218-2 >
=======================================================================
title: Multiple high risk vulnerabilities
product: NetIQ Access Manager
vulnerable version: 4.0 SP1
fixed version: 4.0 SP1 Hot Fix 3
CVE number: CVE-2014-5214, CVE-2014-5215, CVE-2014-5216,
CVE-2014-5217
impact: High...
Categories:

iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

December 18, 2014 - 8:39am

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336

CVE-ID:
=======
CVE-2014-9336

Release Date:
=============
2014-12-15

Vulnerability Laboratory ID (VL-ID):
====================================
1375

Common Vulnerability Scoring System:...
Categories:

E-Journal CMS (ID) - Multiple Web Vulnerabilities

December 18, 2014 - 8:29am

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
E-Journal CMS (ID) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1380

Release Date:
=============
2014-12-17

Vulnerability Laboratory ID (VL-ID):
====================================
1380

Common Vulnerability Scoring System:
====================================
7

Product & Service Introduction:
===============================...
Categories:

Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

December 18, 2014 - 8:20am

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1368

Facebook Security ID: 219162244

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL-ID):
====================================
1368

Common Vulnerability Scoring System:
====================================
3.5

Product & Service...
Categories:

Apple iOS v8.x - Message Context & Privacy Vulnerability

December 18, 2014 - 8:10am

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
Apple iOS v8.x - Message Context & Privacy Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1346

Video: http://www.vulnerability-lab.com/get_content.php?id=1350

Release Date:
=============
2014-12-16

Vulnerability Laboratory ID (VL-ID):
====================================
1346

Common Vulnerability Scoring System:...
Categories:

Jease CMS v2.11 - Persistent UI Web Vulnerability

December 17, 2014 - 11:09pm

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
Jease CMS v2.11 - Persistent UI Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1373

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780

CVE-ID:
=======
CVE-2014-8780

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
====================================
1373

Common Vulnerability Scoring System:...
Categories:

Morfy CMS v1.05 - Command Execution Vulnerability

December 17, 2014 - 11:04am

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Morfy CMS v1.05 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1367

https://github.com/Awilum/monstra-cms/issues/351

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185

CVE-ID:
=======
CVE-2014-9185

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL-ID):
====================================
1367...
Categories:

Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

December 17, 2014 - 10:54am

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1372

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334

CVE-ID:
=======
CVE-2014-9334

Release Date:
=============
2014-12-09

Vulnerability Laboratory ID (VL-ID):
====================================
1372

Common Vulnerability Scoring System:...
Categories:

Cross-Site Scripting (XSS) in Revive Adserver

December 17, 2014 - 10:44am

Posted by High-Tech Bridge Security Research on Dec 17

Advisory ID: HTB23242
Product: Revive Adserver
Vendor: http://www.revive-adserver.com/
Vulnerable Version(s): 3.0.5 and probably prior
Tested Version: 3.0.5
Advisory Publication: November 12, 2014 [without technical details]
Vendor Notification: November 12, 2014
Vendor Patch: December 17, 2014
Public Disclosure: December 17, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8793
Risk Level: Low
CVSSv2 Base...
Categories:

secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

December 17, 2014 - 7:21am

Posted by Tobias Glemser on Dec 17

secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

Affected Products
W3 Total Cache 0.9.4 (older releases have not been tested)

"The only WordPress Performance Optimization (WPO) framework;
designed to improve user experience and page speed. (..)
W3 Total Cache improves the user experience of your site by
increasing server performance, reducing the download times
and providing transparent content delivery...
Categories:

FreeBSD Security Advisory FreeBSD-SA-14:30.unbound

December 17, 2014 - 6:10am

Posted by FreeBSD Security Advisories on Dec 17

=============================================================================
FreeBSD-SA-14:30.unbound Security Advisory
The FreeBSD Project

Topic: unbound remote denial of service vulnerability

Category: contrib
Module: unbound
Announced: 2014-12-17
Affects: FreeBSD 10.0-RELEASE and later
Credits: Florian Maury...
Categories: