Feed aggregator

2.6.32.66: longterm

Linux Kernel Updates - May 24, 2015 - 3:10am
Version:2.6.32.66 (longterm) Released:2015-05-24 Source:linux-2.6.32.66.tar.xz PGP Signature:linux-2.6.32.66.tar.sign Patch:patch-2.6.32.66.xz (Incremental) ChangeLog:ChangeLog-2.6.32.66

[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability

BugTraq Latest Security Advisories - May 22, 2015 - 12:10pm

Posted by CORE Advisories Team on May 22

1. Advisory Information

Title: Sendio ESP Information Disclosure Vulnerability
Advisory ID: CORE-2015-0010
Advisory URL: http://www.coresecurity.com/advisories/sendio-esp-information-disclosure-vulnerability
Date published: 2015-05-22
Date of last update: 2015-05-22
Vendors contacted: Sendio
Release mode: Coordinated release

2. Vulnerability Information

Class: OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management...
Categories:

[SECURITY] [DSA 3270-1] postgresql-9.4 security update

BugTraq Latest Security Advisories - May 22, 2015 - 12:00pm

Posted by Christoph Berg on May 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3270-1 security () debian org
http://www.debian.org/security/ Christoph Berg
May 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : postgresql-9.4
CVE ID : CVE-2015-3165 CVE-2015-3166...
Categories:

Bugtraq: [security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code

[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
Categories:

Bugtraq: CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
Categories:

Bugtraq: Webgrind XSS vulnerability

Webgrind XSS vulnerability
Categories:

Bugtraq: [SECURITY] [DSA 3266-1] fuse security update

[SECURITY] [DSA 3266-1] fuse security update
Categories:

Bugtraq: CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)

CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
Categories:

Bugtraq: CVE for Apple's ECDHE-ECDSA SecureTransport bug?

CVE for Apple's ECDHE-ECDSA SecureTransport bug?
Categories:

[SECURITY] [DSA 3268-1] ntfs-3g security update

BugTraq Latest Security Advisories - May 22, 2015 - 6:54am

Posted by Salvatore Bonaccorso on May 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3268-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntfs-3g
CVE ID : CVE-2015-3202
Debian Bug :...
Categories:

[SECURITY] [DSA 3267-1] chromium-browser security update

BugTraq Latest Security Advisories - May 22, 2015 - 6:46am

Posted by Michael Gilbert on May 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3267-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
May 22, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2015-1251...
Categories:

[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code

BugTraq Latest Security Advisories - May 22, 2015 - 6:38am

Posted by security-alert on May 22

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04685037
Version: 1

HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service
(DoS),

Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-05-21
Last Updated: 2015-05-21

Potential Security Impact: Denial of Service (DoS), Execution of Arbitary
Code

Source: Hewlett-Packard Company, HP...
Categories:

CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]

BugTraq Latest Security Advisories - May 22, 2015 - 6:30am

Posted by pan . vagenas on May 22

# Exploit Title: WordPress WP Membership plugin [Privilege escalation]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CVE: CVE-2015-4038

1 Description

Any registered user can perform a privilege escalation through `iv_membership_update_user_settings` AJAX action.
Although this...
Categories:

CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]

BugTraq Latest Security Advisories - May 22, 2015 - 6:22am

Posted by pan . vagenas on May 22

# Exploit Title: WordPress WP Membership plugin [Stored XSS]
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://wpmembership.e-plugins.com/
# Software Link: http://codecanyon.net/item/wp-membership/10066554
# Version: 1.2.3
# Tested on: WordPress 4.2.2
# CVE: CVE-2015-4039

=============================================
* 1. Stored XSS
=============================================

1.1 Description

All input fields from...
Categories:

next-20150522: linux-next

Linux Kernel Updates - May 22, 2015 - 3:07am
Version:next-20150522 (linux-next) Released:2015-05-22

Vuln: FUSE CVE-2015-3202 Local Privilege Escalation Vulnerability

FUSE CVE-2015-3202 Local Privilege Escalation Vulnerability
Categories:

Vuln: IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability

IBM Security Directory Server CVE-2015-0138 Man in the Middle Security Bypass Vulnerability
Categories:

Vuln: Multiple OleumTech Products CVE-2014-2361 Local Security Bypass Vulnerability

Multiple OleumTech Products CVE-2014-2361 Local Security Bypass Vulnerability
Categories:

Vuln: Multiple OleumTech Products CVE-2014-2362 Predictable Random Number Generator Weakness

Multiple OleumTech Products CVE-2014-2362 Predictable Random Number Generator Weakness
Categories:

Vuln: X.Org libXfont 'bitmap/bdfread.c' Out of Bounds Local Buffer Overflow Vulnerability

X.Org libXfont 'bitmap/bdfread.c' Out of Bounds Local Buffer Overflow Vulnerability
Categories: