BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 4 min ago

Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

September 25, 2014 - 6:29am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Multiple Vulnerabilities in Cisco IOS Software Multicast Domain Name System

Advisory ID: cisco-sa-20140924-mdns

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains the following
vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of
service (DoS)...
Categories:

Cisco Security Advisory: Cisco IOS Software Network Address Translation Denial of Service Vulnerability

September 25, 2014 - 6:19am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Network Address Translation Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-nat

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to
improper...
Categories:

Cisco Security Advisory: Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

September 25, 2014 - 6:09am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20140924-dhcpv6

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software
could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper parsing...
Categories:

Cisco Security Advisory: Cisco IOS Software Metadata Vulnerabilities

September 25, 2014 - 5:59am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software Metadata Vulnerabilities

Advisory ID: cisco-sa-20140924-metadata

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker
to reload a vulnerable device.

The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata...
Categories:

Cisco Security Advisory: Cisco IOS Software RSVP Vulnerability

September 25, 2014 - 5:50am

Posted by Cisco Systems Product Security Incident Response Team on Sep 25

Cisco IOS Software RSVP Vulnerability

Advisory ID: cisco-sa-20140924-rsvp

Revision 1.0

For Public Release 2014 September 24 16:00 UTC (GMT)

Summary
+======

A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS
XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be
exploited repeatedly to cause an extended denial of...
Categories:

[ MDVSA-2014:184 ] net-snmp

September 25, 2014 - 5:42am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:184
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : net-snmp
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:183 ] phpmyadmin

September 25, 2014 - 5:34am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:183
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:182 ] zarafa

September 25, 2014 - 5:24am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:182
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : zarafa
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:181 ] dump

September 25, 2014 - 5:15am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:181
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : dump
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2014:185 ] libgadu

September 25, 2014 - 5:05am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:185
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : libgadu
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[ MDVSA-2014:183 ] phpmyadmin

September 25, 2014 - 4:57am

Posted by security on Sep 25

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:183
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : phpmyadmin
Date : September 24, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...
Categories:

[SECURITY] [DSA 3032-1] bash security update

September 25, 2014 - 4:48am

Posted by Florian Weimer on Sep 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3032-1 security () debian org
http://www.debian.org/security/ Florian Weimer
September 24, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : bash
CVE ID : CVE-2014-6271

Stephane Chazelas...
Categories:

Two SQL Injections in All In One WP Security WordPress plugin

September 25, 2014 - 4:38am

Posted by High-Tech Bridge Security Research on Sep 25

Advisory ID: HTB23231
Product: All In One WP Security WordPress plugin
Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy
Vulnerable Version(s): 3.8.2 and probably prior
Tested Version: 3.8.2
Advisory Publication: September 3, 2014 [without technical details]
Vendor Notification: September 3, 2014
Vendor Patch: September 12, 2014
Public Disclosure: September 24, 2014
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2014-6242
Risk...
Categories:

[SECURITY] [DSA 3031-1] apt security update

September 24, 2014 - 5:27am

Posted by Salvatore Bonaccorso on Sep 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3031-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 23, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apt
CVE ID : CVE-2014-6273

The Google Security...
Categories:

CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser

September 24, 2014 - 5:18am

Posted by Steffen Bauch on Sep 24

CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH application parser

1. Background

Suricata is a high performance Network IDS, IPS and Network Security
Monitoring engine developed by the Open Information Security Foundation
(OISF).

2. Summary Information

It was found out that the application parser for SSH integrated in
Suricata contains a flaw that might lead to an out-of-bounds access. For
this reason a Denial of Service towards...
Categories:

[KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability

September 24, 2014 - 5:09am

Posted by Egidio Romano on Sep 24

--------------------------------------------------------------------------------
X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
--------------------------------------------------------------------------------

[-] Software Link:

http://www.x2engine.com/

[-] Affected Versions:

Version 4.1.7 and probably prior versions.

[-] Vulnerability Description:

The vulnerability exists because of the...
Categories:

[KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability

September 24, 2014 - 4:59am

Posted by Egidio Romano on Sep 24

-------------------------------------------------------------------------
X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
-------------------------------------------------------------------------

[-] Software Link:

http://www.x2engine.com/

[-] Affected Versions:

All versions from 2.8 to 4.1.7.

[-] Vulnerability Description:

The vulnerable code is located in the "actionSendErrorReport" method defined in...
Categories: