BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 min 52 sec ago

EnanoCMS 1.1.8pl1 XSS Vulnerability

February 26, 2015 - 9:05am

Posted by dennis . veninga on Feb 26

# Exploit Title: EnanoCMS 1.1.8pl1 XSS Vulnerability
# Google Dork: "Website engine powered by Enano"
# Date: 24-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://enanocms.org
# Version: 1.1.8pl1
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

XSS Vulnerability in comments:
http://{target}/enanocms/index.php/Main_Page?do=comments
Categories:

TangoBB 1.5.0-A3 XSS Vulnerability

February 26, 2015 - 8:57am

Posted by dennis . veninga on Feb 26

# Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability
# Google Dork: "Powered by TangoBB"
# Date: 24-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: https://github.com/Codetana/TangoBB
# Version: 1.5.0-A3
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64
# CVE : NONE

Published: 24-2-2015
Vendor updated: 24-2-2015

TangoBB ->
Version: 1.5.0-A3
Date: 24-2-2015
Found By:...
Categories:

[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information

February 26, 2015 - 8:49am

Posted by security-alert on Feb 26

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04571379

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04571379
Version: 1

HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux
and Windows, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA

February 26, 2015 - 8:41am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security Advisory ONAPSIS-2015-004: SAP Business Objects
Unauthorized Audit Information Delete via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to delete auditing information of the remote system.

This way, the attacker could perform malicious activities without being
detected.

Risk Level: High

2. Advisory Information
=======================

-...
Categories:

[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

February 26, 2015 - 8:33am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects
Unauthorized Audit Information Access via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to read auditing information thus accessing sensitive business data.
Access to this functionality should be restricted.

Risk Level: Medium

2. Advisory Information
=======================

- Public Release...
Categories:

[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA

February 26, 2015 - 8:23am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects
Unauthorized File Repository Server Write via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to overwrite sensitive business data stored on the remote system.

Risk Level: High

2. Advisory Information
=======================

- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA

February 26, 2015 - 8:16am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects
Unauthorized File Repository Server Read via CORBA

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to retrieve sensitive business data stored on the remote system.

Risk Level: High

2. Advisory Information
=======================

- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

February 26, 2015 - 8:07am

Posted by Onapsis Research Labs on Feb 26

Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site
Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to attack other users of the system.

Risk Level: Medium

2. Advisory Information
=========================
- Public Release Date: 2015-02-25

- Subscriber Notification Date:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:05.bind

February 26, 2015 - 7:57am

Posted by FreeBSD Security Advisories on Feb 26

=============================================================================
FreeBSD-SA-15:05.bind Security Advisory
The FreeBSD Project

Topic: BIND remote denial of service vulnerability

Category: contrib
Module: bind
Announced: 2015-02-25
Credits: ISC
Affects: FreeBSD 8.x and FreeBSD 9.x.
Corrected:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:04.igmp

February 26, 2015 - 7:48am

Posted by FreeBSD Security Advisories on Feb 26

=============================================================================
FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project

Topic: Integer overflow in IGMP protocol

Category: core
Module: igmp
Announced: 2015-02-25
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and...
Categories:

N.E.T. E-Commerce Group Cross Site Scripting Vulnerability

February 26, 2015 - 7:33am

Posted by iedb . team on Feb 26

Cross Site Scripting Vulnerability In N.E.T. E-Commerce Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@...
Categories:

[SECURITY] [DSA 3170-1] linux security update

February 26, 2015 - 7:25am

Posted by Moritz Muehlenhoff on Feb 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3160-1 security () debian org
http://www.debian.org/security/ Ben Hutchings
February 23, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2013-7421 CVE-2014-7822...
Categories:

[SECURITY] [DSA 3171-1] samba security update

February 23, 2015 - 8:12am

Posted by Salvatore Bonaccorso on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3171-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2015-0240

Richard van Eeden of...
Categories:

[SECURITY] [DSA 3169-1] eglibc security update

February 23, 2015 - 8:05am

Posted by Aurelien Jarno on Feb 23

----------------------------------------------------------------------
Debian Security Advisory DSA-3169-1 security () debian org
http://www.debian.org/security/ Aurelien Jarno
February 23, 2015 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : eglibc
CVE ID : CVE-2012-3406 CVE-2013-7424 CVE-2014-4043...
Categories:

[SECURITY] [DSA 3168-1] ruby-redcloth security update

February 23, 2015 - 7:56am

Posted by Sebastien Delafond on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3168-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
February 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-redcloth
CVE ID : CVE-2012-6684
Debian Bug...
Categories:

CVE-2014-8487: Kony EMM insecurity Direct Object Reference

February 23, 2015 - 7:49am

Posted by michael . hendrickx on Feb 23

------------------------------------------------------------------------
Product: Enterprise Mobile Management
Vendor: Kony
Vulnerable Version(s): Kony EMM 1.2 and probably older versions
Tested Version: Drupal Kony EMM 1.2
Advisory Publication: 24 December 2014
Vendor Notification: 8 December 2014
Vulnerability Type: Insecure Direct Object References
CVE Reference: CVE-2014-8487
Risk Level: Low Solution
Status: Solution not yet released...
Categories:

[SECURITY] [DSA 3167-1] sudo security update

February 23, 2015 - 7:43am

Posted by Salvatore Bonaccorso on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3167-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
February 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sudo
CVE ID : CVE-2014-9680
Debian Bug : 772707...
Categories:

[SECURITY] [DSA 3166-1] e2fsprogs security update

February 23, 2015 - 7:36am

Posted by Michael Gilbert on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3166-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
February 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : e2fsprogs
CVE ID : CVE-2015-0247 CVE-2015-1572...
Categories:

[SECURITY] [DSA 3165-1] xdg-utils security update

February 23, 2015 - 7:28am

Posted by Michael Gilbert on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3165-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
February 21, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xdg-utils
CVE ID : CVE-2015-1877
Debian Bug :...
Categories:

[SECURITY] [DSA 3164-1] typo3-src security update

February 23, 2015 - 7:20am

Posted by Moritz Muehlenhoff on Feb 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3164-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
February 21, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : typo3-src
CVE ID : not yet available

Pierrick...
Categories: