Feed aggregator

Oracle Corporation MyOracle - Persistent Vulnerability

BugTraq Latest Security Advisories - September 19, 2014 - 6:12am

Posted by Vulnerability Lab on Sep 19

Document Title:
===============
Oracle Corporation MyOracle - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): admin () vulnerability-lab com-001:2014

http://vulnerability-db.com/magazine/articles/2014/09/17/oracle-corporation-fixed-vulnerability-myoracle-online-service-application

Release Date:
=============
2014-09-17...
Categories:

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

BugTraq Latest Security Advisories - September 19, 2014 - 6:01am

Posted by VSR Advisories on Sep 19

VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
Release Date: 2014-09-17
Application: Apple iOS Foundation Framework
Apple OS X Foundation Framework
Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4
Severity: High
Author:...
Categories:

Bugtraq: APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Security Focus Latest Security Advisories - September 19, 2014 - 6:00am
APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1
Categories:

Bugtraq: CVE ID Syntax Change - Deadline Approaching

Security Focus Latest Security Advisories - September 19, 2014 - 6:00am
CVE ID Syntax Change - Deadline Approaching
Categories:

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

BugTraq Latest Security Advisories - September 19, 2014 - 5:53am

Posted by VSR Advisories on Sep 19

hope that it will help promote public safety. This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose. Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

See the VSR disclosure policy for more information on our responsible...
Categories:

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

BugTraq Latest Security Advisories - September 19, 2014 - 5:41am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mountain Lion v10.8.5
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad () securation com) of CERT of...
Categories:

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

BugTraq Latest Security Advisories - September 19, 2014 - 5:32am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

OS X Server 3.2.1 is now available and addresses the following:

CoreCollaboration
Available for: OS X Mavericks v10.9.5 or later
Impact: A remote attacker may be able to execute arbitrary SQL
queries
Description: A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (sajjad () securation com) of CERT of...
Categories:

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

BugTraq Latest Security Advisories - September 19, 2014 - 5:24am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:

apache_mod_php
Available for: OS X Mavericks 10.9 to 10.9.4
Impact: Multiple vulnerabilities in PHP 5.4.24
Description: Multiple vulnerabilities existed in PHP 5.4.24, the
most serious of which may have led to arbitrary code execution. This
update addresses the issues by...
Categories:

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

BugTraq Latest Security Advisories - September 19, 2014 - 5:14am

Posted by Apple Product Security on Sep 19

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Safari 6.2 and Safari 7.1 are now available and address the
following:

Safari
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker with a privileged network position may intercept
user credentials
Description: Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill...
Categories:

CVE ID Syntax Change - Deadline Approaching

BugTraq Latest Security Advisories - September 19, 2014 - 5:05am

Posted by Christey, Steven M. on Sep 19

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014-9999 mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed). Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the...
Categories:

[SECURITY] [DSA 3028-1] icedove security update

BugTraq Latest Security Advisories - September 19, 2014 - 4:56am

Posted by Moritz Muehlenhoff on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3028-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1562 CVE-2014-1567...
Categories:

[SECURITY] [DSA 3027-1] libav security update

BugTraq Latest Security Advisories - September 19, 2014 - 4:45am

Posted by Moritz Muehlenhoff on Sep 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3027-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2013-7020

Several security...
Categories:

Bugtraq: APPLE-SA-2014-09-17-2 Apple TV 7

Security Focus Latest Security Advisories - September 19, 2014 - 4:45am
APPLE-SA-2014-09-17-2 Apple TV 7
Categories:

Bugtraq: APPLE-SA-2014-09-17-1 iOS 8

Security Focus Latest Security Advisories - September 19, 2014 - 4:45am
APPLE-SA-2014-09-17-1 iOS 8
Categories:

Bugtraq: Reflected Cross-Site Scripting (XSS) in MODX Revolution

Security Focus Latest Security Advisories - September 19, 2014 - 4:45am
Reflected Cross-Site Scripting (XSS) in MODX Revolution
Categories:

Bugtraq: Path Traversal in webEdition

Security Focus Latest Security Advisories - September 19, 2014 - 4:45am
Path Traversal in webEdition
Categories:

next-20140919: linux-next

Linux Kernel Updates - September 19, 2014 - 1:48am
Version:next-20140919 (linux-next) Released:2014-09-19

Vuln: PowerDNS Recursor CVE-2014-3614 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 18, 2014 - 11:00pm
PowerDNS Recursor CVE-2014-3614 Remote Denial of Service Vulnerability
Categories:

Vuln: Libxml2 Entity Substituton CVE-2014-0191 Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 18, 2014 - 11:00pm
Libxml2 Entity Substituton CVE-2014-0191 Denial of Service Vulnerability
Categories:

Vuln: Squid CVE-2014-3609 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 18, 2014 - 11:00pm
Squid CVE-2014-3609 Remote Denial of Service Vulnerability
Categories: