BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 37 min 25 sec ago

[security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information

April 17, 2014 - 9:30am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03969437

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03969437
Version: 2

HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code
Execution, Disclosure of information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBMU02987 rev.1 - HP Universal Configuration Management Database Integration Service, Remote Code Execution

April 17, 2014 - 9:16am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04219959

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04219959
Version: 1

HPSBMU02987 rev.1 - HP Universal Configuration Management Database
Integration Service, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBMU02988 rev.1 - HP Universal Configuration Management Database, Disclosure of Information

April 17, 2014 - 9:04am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04220407

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04220407
Version: 1

HPSBMU02988 rev.1 - HP Universal Configuration Management Database,
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of Information

April 17, 2014 - 8:49am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04201408

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04201408
Version: 1

HPSBMU02982 rev.1 - HP Database and Middleware Automation, Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-17
Last...
Categories:

[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information

April 17, 2014 - 8:30am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04248997

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04248997
Version: 1

HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL
Vulnerability, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code

April 17, 2014 - 8:14am

Posted by security-alert on Apr 17

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04026039

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04026039
Version: 1

HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux,
Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be...
Categories:

Buggy insecure "security" software executes rogue binary during installation and uninstallation

April 17, 2014 - 8:01am

Posted by Stefan Kanthak on Apr 17

Hi @ll,

the $*&#§ware by the name of "McAfee Security Scanner Plus" that Adobe dares
to push to unsuspecting users of Microsoft Windows trying to get flash player
from their main distribution page <hxxp://get.adobe.com/flashplayer/> was
developed, packaged and tested by people who obviously never heard of "long"
filenames which may contain spaces.

or <http://msdn.microsoft.com/library/cc144101.aspx>:

|...
Categories:

CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server

April 17, 2014 - 7:46am

Posted by Portcullis Advisories on Apr 17

Vulnerability title: Denial of Service in PCNetSoftware RAC Server
CVE: CVE-2014-2597
Vendor: PCNetSoftware
Product: RAC Server
Affected version: 4.0.4, 4.0.5
Fixed version: N/A
Reported by: Kyriakos Economou

Details:
Latest and possibly earlier versions of RAC Server software are
vulnerable to local DoS attacks that can cause either to disable the
keyboard input or to kill the system through a BSoD, by sending specific
IOCTL codes to...
Categories:

[SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable

April 16, 2014 - 1:22pm

Posted by Moritz Muehlenhoff on Apr 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-2907-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

This is an advance notice that regular security support for Debian
GNU/Linux...
Categories:

[ MDVSA-2014:078 ] asterisk

April 16, 2014 - 11:41am

Posted by security on Apr 16

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:078
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : asterisk
Date : January 16, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[CORE-2014-0003] - SAP Router Password Timing Attack

April 16, 2014 - 11:24am

Posted by CORE Advisories Team on Apr 16

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SAP Router Password Timing Attack

1. *Advisory Information*

Title: SAP Router Password Timing Attack
Advisory ID: CORE-2014-0003
Advisory URL:
http://www.coresecurity.com/advisories/sap-router-password-timing-attack
Date published: 2014-04-15
Date of last update: 2014-03-06
Vendors contacted: SAP
Release mode: Coordinated release

2. *Vulnerability Information*

Class:...
Categories:

[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7

April 16, 2014 - 10:49am

Posted by webmaster on Apr 16

Stored Cross Site Scripting in Ektron CMS 8.7

CVE reference: CVE-2014-2729
Affected platforms: Ektron Web Content Management System
Version: 8.7.0
Date: 2013-December-19
Security risk: Medium (CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N)
Researcher: Joseph Zeng Xianbo
Vendor Status: Issue reported to be patched in Ektron CMS 8.7.0.055
SP2 Patch Update: 8.7.0.055.2.015).

=====================================================================
Description:...
Categories:

[Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7

April 16, 2014 - 10:36am

Posted by webmaster on Apr 16

Stored Cross Site Scripting in Ektron CMS 8.7

CVE reference: CVE-2014-2729
Affected platforms: Ektron Web Content Management System
Version: 8.7.0
Date: 2013-December-19
Security risk: Medium (CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N)
Researcher: Joseph Zeng Xianbo
Vendor Status: Issue reported to be patched in Ektron CMS 8.7.0.055
SP2 Patch Update: 8.7.0.055.2.015).

=====================================================================
Description:...
Categories:

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities

April 16, 2014 - 10:07am

Posted by Security Alert on Apr 16

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities

EMC Identifier: ESA-2014-028

CVE Identifier: CVE-2014-0644, CVE-2014-0645

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected products:
• EMC Cloud Tiering Appliance (CTA) 10
• EMC Cloud Tiering Appliance (CTA) 10 SP1
• EMC Cloud Tiering Appliance (CTA) 9.x
• EMC File...
Categories:

[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information

April 16, 2014 - 9:25am

Posted by security-alert on Apr 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04239374

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04239374
Version: 1

HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises
Software), Running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon...
Categories:

SQL Injection in mAdserve

April 16, 2014 - 9:09am

Posted by High-Tech Bridge Security Research on Apr 16

Advisory ID: HTB23209
Product: mAdserve
Vendor: MobFox
Vulnerable Version(s): 2.0 and probably prior
Tested Version: 2.0
Advisory Publication: March 26, 2014 [without technical details]
Vendor Notification: March 26, 2014
Public Disclosure: April 16, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-2654
Risk Level: Medium
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Solution Available...
Categories:

CVE-2014-2735 - WinSCP: missing X.509 validation

April 16, 2014 - 8:56am

Posted by Micha Borrmann on Apr 16

Advisory ID: SYSS-2014-003
Product: WinSCP
Affected Version(s): 5.5.2.4130
Tested Version(s): 5.5.2.4130 (Windows 7 32 bit and Windows 8.1 64 bit)
Vulnerability Type: Missing X.509 validation
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-04-07
Solution Date: 2014-04-09
Public Disclosure: 2014-04-16
CVE Reference: CVE-2014-2735
Author of Advisory: Micha Borrmann (SySS GmbH)

-...
Categories:

[SECURITY] [DSA 2905-1] chromium-browser security update

April 16, 2014 - 8:39am

Posted by Michael Gilbert on Apr 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-2905-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
April 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-1716...
Categories:

[security bulletin] HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System Integrity Risk

April 16, 2014 - 8:23am

Posted by security-alert on Apr 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04227671

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04227671
Version: 1

HPSBUX03001 SSRT101382 rev.1 - HP-UX Whitelisting (WLI), Local System
Integrity Risk

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-04-14
Last...
Categories:

[SECURITY] [DSA 2904-1] virtualbox security update

April 15, 2014 - 1:42pm

Posted by Moritz Muehlenhoff on Apr 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-2904-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : virtualbox
CVE ID : CVE-2014-0981 CVE-2014-0983...
Categories: