BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 4 min ago

Slider Revolution/Showbiz Pro shell upload exploit

8 hours 17 min ago

Posted by simo on Nov 25

#!/usr/bin/perl
#
# Title: Slider Revolution/Showbiz Pro shell upload exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered: 15 October 2014
# Coded: 15 October 2014
# Updated: 25 November 2014
# Published: 25 November 2014
# MorXploit Research
# http://www.MorXploit.com
# Vendor: ThemePunch
# Vendor url: http://themepunch.com
# Software: Revslider/Showbiz Pro
# Versions: <= 3.0.95 (Revslider) / Version: <= 1.7.1...
Categories:

[security bulletin] HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution

8 hours 28 min ago

Posted by security-alert on Nov 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04479974

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04479974
Version: 1

HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information

8 hours 37 min ago

Posted by security-alert on Nov 25

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04510286

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04510286
Version: 1

HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-11-25
Last...
Categories:

[ MDVSA-2014:227 ] ffmpeg

13 hours 28 min ago

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:227
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ffmpeg
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:226 ] imagemagick

15 hours 53 min ago

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:226
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : imagemagick
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:225 ] ruby

16 hours 3 min ago

Posted by security on Nov 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:225
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ruby
Date : November 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[oCERT 2014-008] libFLAC multiple issues

18 hours 36 min ago

Posted by Daniele Bianco on Nov 25

Description:

FLAC is an open source lossless audio codec supported by several software
and music players.

The libFLAC project, an open source library implementing reference
encoders and decoders for native FLAC and Ogg FLAC audio content,
suffers from multiple implementation issues.

In particular, a stack overflow and a heap overflow condition, which may
result in arbitrary code execution, can be triggered by passing a maliciously
crafted...
Categories:

Docker 1.3.2 - Security Advisory [24 Nov 2014]

November 24, 2014 - 10:53pm

Posted by Eric Windisch on Nov 25

Today, we are releasing Docker 1.3.2 in order to address two critical
security issues. This release also includes several bugfixes,
including changes to the insecure-registry option. Below are CVE
descriptions for the vulnerabilities addressed in this release.

Docker 1.3.2 is available immediately for all supported platforms:
https://docs.docker.com/installation/

Docker Security Advisory [24 Nov 2014]...
Categories:

CVE-2014-8419 - CodeMeter Weak Service Permissions

November 24, 2014 - 11:58am

Posted by ajs on Nov 24

CodeMeter Weak Service Permissions

Vendor Website : http://www.codemeter.com

INDEX
---------------------------------------
1. Background
2. Description
3. Affected Products
4. Vulnerability
5. Solution
6. Credit
7. Disclosure Timeline
8. CVE

1. BACKGROUND
---------------------------------------
CodeMeter from Wibu-Systems provides maximum protection against software piracy and is bundled with multiple...
Categories:

Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin

November 24, 2014 - 1:06am

Posted by Larry W. Cashdollar on Nov 24

#!/bin/bash
#Larry W. Cashdollar, @_larry0
#Will brute force and search a Wordpress target site with WP-DB-Backup v2.2.4 plugin installed for any backups done on
#20141031 assumes the wordpress database is wordpress and the table prefix is wp_
#http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-db-backup-v2.2.4/
#http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/
#run...
Categories:

[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

November 21, 2014 - 3:03pm

Posted by security-alert on Nov 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04396638

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04396638
Version: 2

HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of
Service (DoS), Execution of Arbitrary Code, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon...
Categories:

[ MDVSA-2014:224 ] krb5

November 21, 2014 - 1:34pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:224
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:223 ] wireshark

November 21, 2014 - 1:25pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:222 ] libvirt

November 21, 2014 - 1:17pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:222
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libvirt
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:221 ] php-smarty

November 21, 2014 - 1:08pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:221
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-smarty
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:220 ] qemu

November 21, 2014 - 12:58pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:220
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : qemu
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:219 ] srtp

November 21, 2014 - 12:42pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:219
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : srtp
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities

November 21, 2014 - 11:54am

Posted by security-alert on Nov 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622
Version: 2

HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-06-20...
Categories:

[ MDVSA-2014:218 ] asterisk

November 21, 2014 - 8:11am

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:218
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

WordPress 3 persistent script injection

November 21, 2014 - 1:30am

Posted by Jouko Pynnonen on Nov 21

OVERVIEW
========

A security flaw in WordPress 3 allows injection of JavaScript into
certain text fields. In particular, the problem affects comment boxes
on WordPress posts and pages. These don't require authentication by
default.

The JavaScript injected into a comment is executed when the target
user views it, either on a blog post, a page, or in the Comments
section of the administrative Dashboard.

In the most obvious scenario the...
Categories: