BugTraq Latest Security Advisories
Fwd: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
Posted by Fernando Gont on Aug 27Folks,
-------- Forwarded Message --------
Subject: RFC 7359 on Layer 3 Virtual Private Network (VPN) Tunnel
Traffic Leakages in Dual-Stack Hosts/Networks
Date: Tue, 26 Aug 2014 18:23:00 -0700 (PDT)
From: rfc-editor () rfc-editor org
Reply-To: ietf () ietf org
To: ietf-announce () ietf org, rfc-dist () rfc-editor org
CC: drafts-update-ref () iana org,...
Posted by paul . szabo on Aug 27The problem reported for Mathematica is present still at version 10.0.0
for the GUI interface (the command-line interface may be "safe").
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Posted by Romano, Christian on Aug 27Product: Encore Discovery Solution
Vendor: Innovative Interfaces Inc
Vulnerable Version: 4.3
Tested Version: 4.3
Vendor Notification: June 19, 2014
Public Disclosure: August 26, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-5127
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: CAaNES (Computational Analysis and Network
Posted by Security Alert on Aug 26ESA-2014-081 RSA® Identity Management and Governance Authentication Bypass Vulnerability
EMC Identifier: ESA-2014-081
CVE Identifier: CVE-2014-4619
Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
RSA IMG versions 6.5.x and 6.8.x
RSA Identity Management and Governance announces security fixes to address potential authentication bypass
vulnerability when NovelIM systems are used for...
Posted by advisories on Aug 26=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 ===
Grand MA 300 Fingerprint Reader - Weak Pin Verification
Grand MA 300/ID with firmware 6.60
Vulnerability Type: Weak Pin Verification
Technical Risk: high
Likelihood of Exploitation: medium
Posted by Steffen Bauch on Aug 26ntopng 1.2.0 XSS injection using monitored network traffic
ntopng is the next generation version of the original ntop, a network
traffic probe and monitor that shows the network usage, similar to what
the popular top Unix command does.
The web-based frontend of the software is vulnerable to injection of
script code via forged HTTP Host: request header lines in monitored
HTTP Host request header lines are extracted using...
[security bulletin] HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
Posted by security-alert on Aug 26Note: the current version of the following document is available here:
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04379485
HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows
running OpenSSL, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
[WorldCIST'15]: Call for Workshops Proposals; Proceedings by Springer - Indexed by ISI, Scopus, DBLP, etc.
Posted by WorldCIST on Aug 25------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015.
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
The Information Systems and Technologies research and industrial community is invited to submit proposals of Workshops
Posted by cseye_ut on Aug 25#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : MEHR Automation System Arbitrary File Download Vulnerability(persian portal)
# Author : alieye
# vendor : http://shakhesrayane.ir/
# Contact : cseye_ut () yahoo com
# Risk : High
# Class: Remote
# Google Dork:
# intext:"Poshtibani () ShakhesRayane ir"
# intext:"Shakhes Rayane Sepahan"