BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 32 min 43 sec ago

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

October 15, 2014 - 9:18am

Posted by High-Tech Bridge Security Research on Oct 15

Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: October 2, 2014
Public Disclosure: October 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low
CVSSv2 Base Score: 2.6...
Categories:

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

October 15, 2014 - 9:08am

Posted by High-Tech Bridge Security Research on Oct 15

Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: September 29, 2014
Public Disclosure: October 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low
CVSSv2 Base...
Categories:

Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

October 15, 2014 - 8:57am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1129

PayPal Security UID: TM13a2uL

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1129

Common Vulnerability Scoring System:
====================================
4.1...
Categories:

Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

October 15, 2014 - 8:48am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1303

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
====================================
1303

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...
Categories:

PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability

October 15, 2014 - 8:38am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=940
http://www.vulnerability-lab.com/get_content.php?id=1274

Release Date:
=============
2014-10-02

Vulnerability Laboratory ID (VL-ID):
====================================
940

Common Vulnerability Scoring System:
====================================
5.1...
Categories:

PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

October 15, 2014 - 8:28am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=983

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
====================================
983

Common Vulnerability Scoring System:
====================================
4.1

Product & Service Introduction:...
Categories:

[SE-2014-01] Breaking Oracle Database through Java exploits (details)

October 15, 2014 - 8:19am

Posted by Security Explorations on Oct 15

Hello All,

Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.

We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for gaining DBA role in an environment of
Oracle Database software.

All relevant materials accompanied with Proof of Concept codes can
be found at our...
Categories:

[SECURITY] [DSA 3049-1] wireshark security update

October 15, 2014 - 8:09am

Posted by Moritz Muehlenhoff on Oct 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3049-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2014-6422 CVE-2014-6423...
Categories:

two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)

October 15, 2014 - 8:00am

Posted by Michal Zalewski on Oct 15

First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused
Firefox prior to version 33 (released today) to leak bits of
uninitialized memory when rendering certain types of truncated images
onto <canvas>.

Mozilla's advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html

Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733

PoC is here:
http://lcamtuf.coredump.cx/ffgif2/

Secondly, MSRC case...
Categories:

LiveZilla 5.3.0.7 Security Issue

October 15, 2014 - 7:52am

Posted by sourav . infosec on Oct 15

I had reported few xss issues on LiveZilla 5.3.0.7 . They fixed it properly and informed me. Now latest build is
5.3.0.8 / 2014-09-25.

http://changelog.livezilla.net/

Can you help me regarding CVE. I can send you the vulnerability details.
Categories:

[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery

October 14, 2014 - 12:05pm

Posted by security-alert on Oct 14

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04476799

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04476799
Version: 1

HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage
(SMH), Remote Cross-Site Request Forgery

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

October 14, 2014 - 11:54am

Posted by Cisco Systems Product Security Incident Response Team on Oct 14

Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Advisory ID: cisco-sa-20140702-cucdm

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

Revision 3.0

Last Updated 2014 October 13 15:55 UTC (GMT)

For Public Release 2014 July 2 16:00 UTC (GMT)

Summary
+======

Cisco Unified Communications Domain Manager (Cisco Unified CDM) is affected by the following vulnerabilities:
Cisco...
Categories:

[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution

October 14, 2014 - 11:43am

Posted by security-alert on Oct 14

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04475942

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04475942
Version: 1

HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code
Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-13
Last...
Categories:

[security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution

October 14, 2014 - 11:34am

Posted by security-alert on Oct 14

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04475347

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04475347
Version: 1

HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Reminder: Passwords14 CFP + registration announcement

October 14, 2014 - 11:27am

Posted by Per Thorsheim on Oct 14

The Passwords conference was launched in 2010 as a response to the lack
of robustness and usability of current personal authentication practices
and solutions. Annual participation has doubled over the past three
years. Venue: NTNU campus, Trondheim, Norway.

1. CFP
Our CFP closes on October 27. We are looking for tutorials (standard
presentations), as well as academic short/full papers for publishing.
CFP is available here:...
Categories:

PayPal Inc BB #96 - Persistent Tags Vulnerability

October 14, 2014 - 11:12am

Posted by Vulnerability Lab on Oct 14

Document Title:
===============
PayPal Inc BB #96 - Persistent Tags Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=954

PayPal Security UID: apf87gW

Release Date:
=============
2014-10-08

Vulnerability Laboratory ID (VL-ID):
====================================
954

Common Vulnerability Scoring System:
====================================
3.1

Product & Service Introduction:...
Categories:

PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

October 14, 2014 - 11:02am

Posted by Vulnerability Lab on Oct 14

Document Title:
===============
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=895

PayPal Security UID: Vxda0S

Video: http://www.vulnerability-lab.com/get_content.php?id=1338

View: https://www.youtube.com/watch?v=RXubXP_r2M4

Release Date:
=============
2014-10-09

Vulnerability Laboratory ID (VL-ID):
====================================...
Categories:

PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability

October 14, 2014 - 10:52am

Posted by Vulnerability Lab on Oct 14

Document Title:
===============
PayPal Inc #86 iOS 4.6 - Validation & Design Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=915

PayPal Security UID: eff8aq

Release Date:
=============
2014-09-30

Vulnerability Laboratory ID (VL-ID):
====================================
915

Common Vulnerability Scoring System:
====================================
2.3

Product & Service...
Categories:

CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)

October 14, 2014 - 10:42am

Posted by Dirk-Willem van Gulik on Oct 14

Security Advisory

DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.)

CVE-2014-3671

references:
CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278
CVE-2014-7186 and, CVE-2014-7187

* Summary:

Above CVEs detail a number of flaws in bash prior related to the parsing
of environment variables (aka BashBug, Shellshock). Several networked
vectors for...
Categories:

Call for Papers - WorldCIST'15 - Azores, 1 - 3 April 2015

October 13, 2014 - 5:22am

Posted by ML on Oct 13

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories: