BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 5 min ago

[SECURITY] [DSA 3266-1] fuse security update

May 21, 2015 - 1:26pm

Posted by Salvatore Bonaccorso on May 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-3266-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 21, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : fuse
CVE ID : CVE-2015-3202

Tavis Ormandy...
Categories:

Webgrind XSS vulnerability

May 21, 2015 - 1:16pm

Posted by hyp3rlinx on May 21

Credits: John Page ( hyp3rlinx )
Domains: hyp3rlinx.altervista.org

Source:
http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt

Vendor:
https://github.com/jokkedk/webgrind

Product:
Webgrind is a Xdebug Profiling Web Frontend in PHP.

Advisory Information:
=====================================================
Webgrind is vulnerable to cross site scripting attacks.

Exploit code:
==============...
Categories:

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

May 21, 2015 - 6:46am

Posted by Julian Reschke on May 21

Dear readers,

we just fixed a recently reported vulnerability in Apache Jackrabbit's
WebDAV module; see

- the attached CVE report

- patches for all currently maintained Jackrabbit branches

We just released Jackrabbit 2.10.1 (see below) and we'll get to the
other branches shortly. Check the CVE for details about what to do for
earlier branches if you can't wait for a release.

Thanks to <0ang3el () gmail com> for...
Categories:

CVE for Apple's ECDHE-ECDSA SecureTransport bug?

May 21, 2015 - 6:32am

Posted by Jeffrey Walton on May 21

Does anyone know if Apple's ECDHE-ECDSA SecureTransport bug was
assigned a CVE? It affected OS X and iOS.

Effectively, the bug was an implementation error that cause
interoperability failures. To mostly counter it, the cipher suites had
to be disabled, which resulted in a loss of security. If the person
experiencing it did not know the cause, then they were left with a
Denial of Service (DoS).

To be clear, this was a different bug than...
Categories:

[SECURITY] [DSA 3261-2] libmodule-signature-perl regression update

May 21, 2015 - 6:22am

Posted by Salvatore Bonaccorso on May 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-3261-2 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 20, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libmodule-signature-perl
Debian Bug : 785701

The...
Categories:

[security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities

May 20, 2015 - 11:21am

Posted by security-alert on May 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04679309

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04679309
Version: 1

HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service
(DoS), or Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities

May 20, 2015 - 11:12am

Posted by security-alert on May 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04679334

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04679334
Version: 1

HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of
Service (DoS) and Other Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Eisbär SCADA (All Versions - iOS, Androi d & W8) - Persistent UI Vulnerability

May 20, 2015 - 9:26am

Posted by Vulnerability Lab on May 20

Document Title:
===============
Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1456

Release Date:
=============
2015-05-19

Vulnerability Laboratory ID (VL-ID):
====================================
1456

Common Vulnerability Scoring System:
====================================
5.2

Product & Service Introduction:...
Categories:

Stored XSS in WP Photo Album Plus WordPress Plugin

May 20, 2015 - 9:19am

Posted by High-Tech Bridge Security Research on May 20

Advisory ID: HTB23257
Product: WP Photo Album Plus WordPress Plugin
Vendor: J.N. Breetvelt
Vulnerable Version(s): 6.1.2 and probably prior
Tested Version: 6.1.2
Advisory Publication: April 29, 2015 [without technical details]
Vendor Notification: April 29, 2015
Vendor Patch: April 29, 2015
Public Disclosure: May 20, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-3647
Risk Level: Medium
CVSSv2 Base Score: 5...
Categories:

WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability

May 20, 2015 - 9:10am

Posted by Vulnerability Lab on May 20

Document Title:
===============
WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1498

Release Date:
=============
2015-05-18

Vulnerability Laboratory ID (VL-ID):
====================================
1498

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3265-1] zendframework security update

May 20, 2015 - 9:00am

Posted by David Prévot on May 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3265-1 security () debian org
http://www.debian.org/security/ David Prévot
May 20, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : zendframework
CVE ID : CVE-2014-2681...
Categories:

Staff FTP v3.04 Software - DLL Hijacking Vulnerability

May 20, 2015 - 8:53am

Posted by Vulnerability Lab on May 20

Document Title:
===============
Staff FTP v3.04 Software - DLL Hijacking Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1499

Release Date:
=============
2015-05-19

Vulnerability Laboratory ID (VL-ID):
====================================
1499

Common Vulnerability Scoring System:
====================================
6

Product & Service Introduction:...
Categories:

HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability

May 20, 2015 - 8:46am

Posted by Vulnerability Lab on May 20

Document Title:
===============
HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1496

Release Date:
=============
2015-05-19

Vulnerability Laboratory ID (VL-ID):
====================================
1496

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...
Categories:

ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability

May 20, 2015 - 8:37am

Posted by akashchavan0708 on May 20

=========================================================================================
CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001
=========================================================================================

. contents:: Table Of Content

Overview
========

* Title : ManageEngine EventLog Analyzer Version 10.0 Cross Site Request Forgery
* Author: Akash S. Chavan
* Product Homepage:...
Categories:

Staff FTP v3.04 Software - DLL Hijacking Vulnerability

May 20, 2015 - 8:31am

Posted by metacom27 on May 20

A local dll injection vulnerability has been discovered in the official Staff-FTP v3.04 software.
The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher
access privileges.

The windows software is vulnerable to dll hijacking attacks. The vulnerability is located in the netapi32.dll and
dwmapi.dll file extensions.
The software does not specify the fully qualified path to a...
Categories:

[SECURITY] [DSA 3263-1] proftpd-dfsg security update

May 20, 2015 - 8:22am

Posted by Sebastien Delafond on May 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3263-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
May 19, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : proftpd-dfsg
CVE ID : CVE-2015-3306
Debian Bug...
Categories:

[SECURITY] [DSA 3264-1] icedove security update

May 20, 2015 - 8:14am

Posted by Moritz Muehlenhoff on May 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3264-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 19, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2015-0797 CVE-2015-2708...
Categories:

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

May 20, 2015 - 8:05am

Posted by security-alert on May 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04594015

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04594015
Version: 1

HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-05-19
Last Updated: 2015-05-19

Potential...
Categories:

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

May 19, 2015 - 1:38pm

Posted by Apple Product Security on May 19

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

Watch OS 1.0.1 is now available and addresses the following:

Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/204873

FontParser
Available for: Apple Watch Sport, Apple Watch,...
Categories:

[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access

May 19, 2015 - 9:43am

Posted by security-alert on May 19

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04649315
Version: 1

HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-05-19
Last Updated: 2015-05-19

Potential Security Impact: Local unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A...
Categories: