Feed aggregator

Bugtraq: Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability
Categories:

Bugtraq: Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects
Categories:

FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

BugTraq Latest Security Advisories - July 1, 2015 - 9:05am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1538

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1538

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...
Categories:

Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

BugTraq Latest Security Advisories - July 1, 2015 - 8:56am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1463

EIBBP-31602

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1463

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

BugTraq Latest Security Advisories - July 1, 2015 - 8:47am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1431

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
====================================
1431

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

BugTraq Latest Security Advisories - July 1, 2015 - 8:33am

Posted by andrew on Jul 01

Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary commands by creating malicious dm_job
objects (for detailed description see VRF#HUFU6FNP.txt and
VRF#HUFV0UZN.txt).

On October 2014 vendor announced...
Categories:

APPLE-SA-2015-06-30-6 iTunes 12.2

BugTraq Latest Security Advisories - July 1, 2015 - 8:25am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-6 iTunes 12.2

iTunes 12.2 is now available and addresses the following:

WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2014-3192 :...
Categories:

[SECURITY] [DSA 3298-1] jackrabbit security update

BugTraq Latest Security Advisories - July 1, 2015 - 8:15am

Posted by Moritz Muehlenhoff on Jul 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3298-1 security () debian org
https://www.debian.org/security/ Markus Koschany
July 01, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : jackrabbit
CVE ID : CVE-2015-1833

It was...
Categories:

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

BugTraq Latest Security Advisories - July 1, 2015 - 8:07am

Posted by Apple Product Security on Jul 01

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

QuickTime 7.7.7 is now available and addresses the following:

QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G....
Categories:

Bugtraq: APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
Categories:

Bugtraq: APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
Categories:

Bugtraq: APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
Categories:

Bugtraq: APPLE-SA-2015-06-30-1 iOS 8.4

APPLE-SA-2015-06-30-1 iOS 8.4
Categories:

next-20150701: linux-next

Linux Kernel Updates - July 1, 2015 - 12:43am
Version:next-20150701 (linux-next) Released:2015-07-01

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

BugTraq Latest Security Advisories - June 30, 2015 - 12:58pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root privileges may be able to
modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash
when resuming from sleep states. This issue was addressed through
improved locking....
Categories:

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

BugTraq Latest Security Advisories - June 30, 2015 - 12:51pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7

Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 are now available and
address the following:

WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
and OS X Yosemite v10.10.3
Impact: A maliciously crafted website can access the WebSQL
databases of other websites
Description: An issue existed in the authorization checks for
renaming WebSQL tables. This could...
Categories:

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005

BugTraq Latest Security Advisories - June 30, 2015 - 12:38pm

Posted by Apple Product Security on Jun 30

APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update
2015-005

OS X Yosemite v10.10.4 and Security Update 2015-005 are now available
and address the following:

Admin Framework
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.3
Impact: A process may gain admin privileges without proper
authentication
Description: An issue existed when checking XPC entitlements. This
issue was addressed through improved...
Categories:

Bugtraq: Google Chrome Address Spoofing (Request For Comment)

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
Google Chrome Address Spoofing (Request For Comment)
Categories:

Bugtraq: CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
Categories:

Bugtraq: [SECURITY] [DSA 3297-1] unattended-upgrades security update

Security Focus Latest Security Advisories - June 30, 2015 - 12:30pm
[SECURITY] [DSA 3297-1] unattended-upgrades security update
Categories: