BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 48 min 38 sec ago

Moab Authentication Bypass [CVE-2014-5300]

September 29, 2014 - 7:33am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass : CVE-2014-5300]##

Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Resolved in Moab 7.2.9 and Moab 8

##[Description]

It is possible to bypass authentication within Moab in order to impersonate and run commands/operations as...
Categories:

[slackware-security] mozilla-firefox (SSA:2014-271-01)

September 29, 2014 - 7:25am

Posted by Slackware Security Team on Sep 29

[slackware-security] mozilla-firefox (SSA:2014-271-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[SECURITY] [DSA 3039-1] chromium-browser security update

September 29, 2014 - 7:15am

Posted by Michael Gilbert on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3039-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
September 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-3160...
Categories:

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

September 29, 2014 - 7:05am

Posted by Pedro Ribeiro on Sep 29

Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload with directory traversal as well as an
arbitrary file deletion vulnerability. The file upload can be abused
to deliver a WAR payload in the Tomcat...
Categories:

[SECURITY] [DSA 3038-1] libvirt security update

September 29, 2014 - 6:57am

Posted by Salvatore Bonaccorso on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3038-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2014-0179 CVE-2014-3633
Debian...
Categories:

Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon

September 29, 2014 - 6:47am

Posted by Aditya Gupta on Sep 29

Hello everyone,

I'm glad to announce that, I'll be running a 2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro
and on a set of vulnerable labs built for Toorcon...
Categories:

WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies

September 29, 2014 - 6:38am

Posted by ML on Sep 29

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[SECURITY] [DSA 3037-1] icedove security update

September 29, 2014 - 5:38am

Posted by Yves-Alexis Perez on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3037-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
September 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1568

Antoine...
Categories:

SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

September 26, 2014 - 8:53am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
SmarterTools Smarter Track 6-10 - Information Disclosure

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1298

Tracking ID: 088-1B879F0C-0A22

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1298

Common Vulnerability Scoring System:
====================================
6.1

Product & Service...
Categories:

Oracle Corporation MyOracle - Persistent Vulnerability

September 26, 2014 - 8:43am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001

Release Date:
=============
2014-09-17

Vulnerability Laboratory ID (VL-ID):
====================================
1261

Common Vulnerability Scoring System:...
Categories:

Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

September 26, 2014 - 8:32am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=660

Release Date:
=============
2014-09-18

Vulnerability Laboratory ID (VL-ID):
====================================
660

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...
Categories:

Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

September 26, 2014 - 8:20am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=716

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
716

Common Vulnerability Scoring System:
====================================
4.1

Product & Service Introduction:...
Categories:

GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

September 26, 2014 - 8:08am

Posted by Vulnerability Lab on Sep 26

Document Title:
===============
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1325

Release Date:
=============
2014-09-22

Vulnerability Laboratory ID (VL-ID):
====================================
1325

Common Vulnerability Scoring System:
====================================
6.3

Product & Service Introduction:...
Categories:

[ MDVSA-2014:190 ] bash

September 26, 2014 - 5:41am

Posted by security on Sep 26

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:190
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : bash
Date : September 26, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

It was...
Categories:

[slackware-security] bash (SSA:2014-268-01)

September 26, 2014 - 5:33am

Posted by Slackware Security Team on Sep 26

[slackware-security] bash (SSA:2014-268-01)

New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bash-4.2.048-i486-2_slack14.1.txz: Rebuilt.
Patched an additional trailing string processing vulnerability discovered
by Tavis Ormandy.
For more information, see:...
Categories:

[SECURITY] [DSA 3036-1] mediawiki security update

September 26, 2014 - 5:20am

Posted by Thijs Kinkhorst on Sep 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3036-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
September 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mediawiki
Debian Bug : 762754

It was discovered that...
Categories:

[SECURITY] [DSA 3035-1] bash security update

September 26, 2014 - 5:12am

Posted by Salvatore Bonaccorso on Sep 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3035-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 25, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bash
CVE ID : CVE-2014-7169
Debian Bug : 762760...
Categories:

Cisco Security Advisory: GNU Bash Environmental Variable Command Injection Vulnerability

September 26, 2014 - 5:04am

Posted by Cisco Systems Product Security Incident Response Team on Sep 26

GNU Bash Environmental Variable Command Injection Vulnerability

Advisory ID: cisco-sa-20140926-bash

Revision 1.0

For Public Release 2014 September 26 01:00 UTC (GMT)

Summary
+======

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the
way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject
commands into a Bash...
Categories:

[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

September 26, 2014 - 4:55am

Posted by Slackware Security Team on Sep 26

[slackware-security] bash (rebuild for Slackware 13.0 only) (SSA:2014-268-02)

New bash packages are available for Slackware 13.0 to fix a security issue.

Here are the details from the Slackware 13.0 ChangeLog:
+--------------------------+
patches/packages/bash-3.1.018-i486-3_slack13.0.txz: Rebuilt.
The patch for CVE-2014-7169 needed to be rebased against bash-3.1 in order
to apply correctly. Thanks to B. Watson for the bug report.
For...
Categories:

[oCERT-2014-007] libvncserver multiple issues

September 25, 2014 - 8:53am

Posted by Andrea Barisani on Sep 25

#2014-007 libvncserver multiple issues

Description:

Virtual Network Computing (VNC) is a graphical sharing system based on the
Remote Frame Buffer (RFB) protocol.

The LibVNCServer project, an open source library for implementing VNC
compliant communication, suffers from a number of bugs that can be potentially
exploited with security impact.

Various implementation issues resulting in remote code execution and/or DoS
conditions on both the VNC...
Categories: