BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 54 min 56 sec ago

Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation

February 23, 2015 - 7:12am

Posted by Stefan Kanthak on Feb 23

Hi @ll,

the MSDN documents the BRAINDEAD behaviour of the functions
CreateProcess() <https://msdn.microsoft.com/en-us/library/ms682425.aspx>,
CreateProcessAsUser() <https://msdn.microsoft.com/en-us/library/ms682429.aspx>
CreateProcessWithLogonW() <https://msdn.microsoft.com/en-us/library/ms682431.aspx>
CreateProcessWithTokenW() <https://msdn.microsoft.com/en-us/library/ms682434.aspx>
for an unquoted "long"...
Categories:

Stored XSS Vulnerability in ADPlugg Wordpress Plugin

February 23, 2015 - 7:04am

Posted by kingkaustubh on Feb 23

=====================================================
Stored XSS Vulnerability in ADPlugg Wordpress Plugin
=====================================================

. contents:: Table Of Content

Overview
========

* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/adplugg/
* Severity: Medium
* Version Affected: 1.1.33 and mostly prior to it
* Version Tested...
Categories:

[security bulletin] HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties

February 23, 2015 - 6:57am

Posted by security-alert on Feb 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04554677

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04554677
Version: 1

HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code,
Denial of Service (DoS), or Other Vulnerabilties

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

February 23, 2015 - 6:48am

Posted by Cisco Systems Product Security Incident Response Team on Feb 23

Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150220-ipv6

Revision 1.0

For Public Release 2015 February 20 16:30 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network
Convergence System 6000 (NCS 6000) and...
Categories:

[security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS)

February 23, 2015 - 6:40am

Posted by security-alert on Feb 23

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04574882

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04574882
Version: 1

HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers
running NTP, Remote Execution of Code, Disclosure of Information, and Denial
of Service (DoS)

NOTICE: The information in this Security...
Categories: