BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 8 min ago

Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability]

April 13, 2015 - 8:14am

Posted by huehuehuehue10 on Apr 13

Title: Hijack any website from weebly.com by just adding an administrator to their website. [Insecure Direct Object
Reference Vulnerability]

=====

Weebly is a web-hosting service that allows the user to “drag-and-drop” while using their website builder. As of August
2012, Weebly hosts over 20 million sites with a monthly rate of over 1 million unique visitors.
‘http://en.wikipedia.org/wiki/Weebly’.

Website: https://www.weebly.com

Any...
Categories:

[SECURITY] [DSA 3219-1] libdbd-firebird-perl security update

April 13, 2015 - 8:05am

Posted by Alessandro Ghedini on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3219-1 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
April 11, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libdbd-firebird-perl
CVE ID : CVE-2015-2788
Debian...
Categories:

OrangeHRM Blind SQL Injection & XSS Vulnerabilities

April 13, 2015 - 7:58am

Posted by Rehan Ahmed on Apr 13

I. Overview
========================================================
OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS
vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database
management system in HRM, perform operations on behalf of affected victim, redirect them to malicious sites, steal
their credentials, and...
Categories:

[ MDVSA-2015:203 ] batik

April 13, 2015 - 7:49am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:203
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : batik
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories:

[security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information

April 13, 2015 - 7:40am

Posted by security-alert on Apr 13

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04634535

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04634535
Version: 1

HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote
Execution of Code, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[SECURITY] [DSA 3218-1] wesnoth-1.10 security update

April 13, 2015 - 7:33am

Posted by Moritz Muehlenhoff on Apr 13

-------------------------------------------------------------------------
Debian Security Advisory DSA-3218-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
April 10, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wesnoth-1.10
CVE ID : CVE-2015-0844

Ignacio R....
Categories:

Hidden backdoor API to root privileges in Apple OS X

April 13, 2015 - 7:26am

Posted by Jeffrey Walton on Apr 13

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

The Admin framework in Apple OS X contains a hidden backdoor API to
root privileges. It’s been there for several years (at least since
2011), I found it in October 2014 and it can be exploited to escalate
privileges to root from any user account in the system.

The intention was probably to serve the “System Preferences” app and
systemsetup...
Categories:

SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)

April 13, 2015 - 7:19am

Posted by SEC Consult Vulnerability Lab on Apr 13

SEC Consult Vulnerability Lab Security Advisory < 20150410-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: Multiple TP-LINK products (see Vulnerable / tested versions)
vulnerable version: Multiple (see Vulnerable / tested versions)
fixed version: see Solution
CVE number: CVE-2015-3035
impact: Critical...
Categories:

[ MDVSA-2015:201 ] arj

April 13, 2015 - 7:11am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:201
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : arj
Date : April 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Multiple...
Categories:

[ MDVSA-2015:202 ] ntp

April 13, 2015 - 7:03am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:202
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : ntp
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories:

[ MDVSA-2015:200 ] mediawiki

April 13, 2015 - 6:56am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:200
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mediawiki
Date : April 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...
Categories:

[ MDVSA-2015:199 ] less

April 13, 2015 - 6:48am

Posted by security on Apr 13

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2015:199
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : less
Date : April 10, 2015
Affected: Business Server 1.0, Business Server 2.0
_______________________________________________________________________

Problem...
Categories: