BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 53 min 2 sec ago

[ MDVSA-2014:223 ] wireshark

November 21, 2014 - 1:25pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:223
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wireshark
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:222 ] libvirt

November 21, 2014 - 1:17pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:222
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libvirt
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:221 ] php-smarty

November 21, 2014 - 1:08pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:221
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-smarty
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:220 ] qemu

November 21, 2014 - 12:58pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:220
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : qemu
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:219 ] srtp

November 21, 2014 - 12:42pm

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:219
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : srtp
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[security bulletin] HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote Vulnerabilities

November 21, 2014 - 11:54am

Posted by security-alert on Nov 21

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622
Version: 2

HPSBHF03052 rev.2 - HP Network Products running OpenSSL, Multiple Remote
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-06-20...
Categories:

[ MDVSA-2014:218 ] asterisk

November 21, 2014 - 8:11am

Posted by security on Nov 21

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:218
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : November 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

WordPress 3 persistent script injection

November 21, 2014 - 1:30am

Posted by Jouko Pynnonen on Nov 21

OVERVIEW
========

A security flaw in WordPress 3 allows injection of JavaScript into
certain text fields. In particular, the problem affects comment boxes
on WordPress posts and pages. These don't require authentication by
default.

The JavaScript injected into a comment is executed when the target
user views it, either on a blog post, a page, or in the Comments
section of the administrative Dashboard.

In the most obvious scenario the...
Categories:

AST-2014-012: Mixed IP address families in access control lists may permit unwanted traffic.

November 21, 2014 - 1:22am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-012

Product Asterisk
Summary Mixed IP address families in access control lists
may permit unwanted traffic.
Nature of Advisory Unauthorized Access
Susceptibility Remote unauthenticated sessions...
Categories:

AST-2014-013: PJSIP ACLs are not loaded on startup

November 21, 2014 - 1:13am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-013

Product Asterisk
Summary PJSIP ACLs are not loaded on startup
Nature of Advisory Unauthorized Access
Susceptibility Remote unauthenticated sessions
Severity Moderate...
Categories:

AST-2014-015: Remote Crash Vulnerability in PJSIP channel driver

November 21, 2014 - 1:04am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-015

Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate...
Categories:

AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver

November 21, 2014 - 12:55am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-016

Product Asterisk
Summary Remote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical...
Categories:

AST-2014-017: <font size="3" style="font-size: 12pt">Permission escalation through ConfBridge actions/dialplan functions</font>

November 21, 2014 - 12:48am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-017

Product Asterisk
Summary Permission escalation through ConfBridge
actions/dialplan functions
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions...
Categories:

AST-2014-018: AMI permission escalation through DB dialplan function

November 21, 2014 - 12:39am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-018

Product Asterisk
Summary AMI permission escalation through DB dialplan
function
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions...
Categories:

AST-2014-014: High call load may result in hung channels in ConfBridge.

November 21, 2014 - 12:31am

Posted by Asterisk Security Team on Nov 21

Asterisk Project Security Advisory - AST-2014-014

Product Asterisk
Summary High call load may result in hung channels in
ConfBridge.
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions...
Categories:

Multiple SQL Injection in SP Client Document Manager plugin

November 21, 2014 - 12:22am

Posted by thai . q . dang on Nov 21

Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin
Plugin: SP Client Document Manager
Vendor: http://smartypantsplugins.com
Product: https://wordpress.org/plugins/sp-client-document-manager/
Affected version: version 2.4.1 and previous version
Fixed version: N/A
Google dork: inurl:wp-content/plugins/sp-client-document-manager
Reported by: Dang Quoc Thai - thai.q.dang (at) itas (dot) vn
Credits to ITAS Team -...
Categories:

[SECURITY] [DSA 3075-1] drupal7 security update

November 20, 2014 - 11:49am

Posted by Salvatore Bonaccorso on Nov 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3075-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
November 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2014-9015 CVE-2014-9016

Two...
Categories:

CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin

November 20, 2014 - 6:31am

Posted by phi . n . le on Nov 20

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin
CVE: CVE-2014-8877
Plugin: CM Download Manager plugin
Vendor: CreativeMinds - https://www.cminds.com/
Product: https://wordpress.org/plugins/cm-download-manager/
Affected version: 2.0.0 and previous version
Fixed version: 2.0.4
Google dork: inurl:cmdownloads
Reported by: Phi Le Ngoc - phi.n.le () itas vn
Credits to ITAS Team - www.itas.vn

::DESCRITION::

The code...
Categories:

[ MDVSA-2014:217 ] clamav

November 20, 2014 - 6:23am

Posted by security on Nov 20

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:217
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : clamav
Date : November 20, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

ClamAV...
Categories:

[ MDVSA-2014:216 ] php-ZendFramework

November 20, 2014 - 5:04am

Posted by security on Nov 20

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:216
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : php-ZendFramework
Date : November 20, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem...
Categories: