Feed aggregator

Bugtraq: Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

Security Focus Latest Security Advisories - April 23, 2015 - 9:30am
Socrata Bug Bounty #1 - Persistent Encoding Vulnerability
Categories:

4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes

BugTraq Latest Security Advisories - April 23, 2015 - 9:08am

Posted by Nicholas Lemonias. on Apr 23

Author: Nicholas Lemonias

Advisory Date: 23/4/2015

4k Satellite Security Research - DVB-S2X Standard Evaluation Notes

# . . . . . . .
# . . . . . ______
# . . . ////////
# . . ________ . . ///////// . .
# . |.____. /\ .///////// .
#...
Categories:

Avsarsoft Matbaa Script - Multiple Vulnerabilities

BugTraq Latest Security Advisories - April 23, 2015 - 9:00am

Posted by ZoRLu Bugrahan on Apr 23

Hi guys,

Avsarsoft Matbaa Script - Multiple Vulnerabilities

Thanks,

ZoRLu#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities
#Author : ZoRLu / zorlu () milw00rm com
#Website : milw00rm.com / milw00rm.net / milw00rm.org
#Twitter : https://twitter.com/milw00rm or @milw00rm
#Test : Windows7 Ultimate
#Discovery : 15/04/15
#Publish : 23/04/15
#Thks : exploit-db.com,...
Categories:

Pligg CMS 2.0.2 - Stored XSS

BugTraq Latest Security Advisories - April 23, 2015 - 8:52am

Posted by joelvarghese7 on Apr 23

Hi Team,

#Affected Vendor: http://pligg.com/
#Date: 23/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Pligg CMS
#Version: 2.0.2
#Tested Link: http://localhost/pligg/admin/admin_page.php

Description: Pligg CMS is a content management platform that powers tens of thousands of websites. It specializes in
creating social publishing networks, where users submit and promote...
Categories:

Bugtraq: Dnsmasq 2.72 Unchecked returned value

Security Focus Latest Security Advisories - April 23, 2015 - 8:15am
Dnsmasq 2.72 Unchecked returned value
Categories:

Bugtraq: [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow

Security Focus Latest Security Advisories - April 23, 2015 - 8:15am
[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow
Categories:

[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow

BugTraq Latest Security Advisories - April 23, 2015 - 6:51am

Posted by xing_fang on Apr 23

1. Advisory Information
Advisory URL: http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
Date published: 2015-04-23
Date of last update: 2015-04-23
2. Vulnerability Information
Class: heap overflow
Impact: memory information leak and remote code execution
Remote Exploitable: Yes
Local Exploitable: No
CVE Name: CVE-2015-1863
Vulnerability Information and Patch: http://w1.fi/security/2015-1/
3. Vulnerability Description
In...
Categories:

Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

BugTraq Latest Security Advisories - April 23, 2015 - 6:43am

Posted by Vulnerability Lab on Apr 23

Document Title:
===============
Socrata Bug Bounty #1 - Persistent Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1438

Release Date:
=============
2015-04-22

Vulnerability Laboratory ID (VL-ID):
====================================
1438

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

Dnsmasq 2.72 Unchecked returned value

BugTraq Latest Security Advisories - April 23, 2015 - 6:34am

Posted by Nick Sampanis on Apr 23

"Dnsmasq 2.72 Unchecked returned value"

Description
------------------------------------------------------------
Dnsmasq does not properly check the return value of the setup_reply()
function called during a tcp connection (by the tcp_request() function).
This return value is then used as a size argument in a function which writes
data on the client's connection. This may lead, upon successful
exploitation, to reading the heap...
Categories:

[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow

BugTraq Latest Security Advisories - April 23, 2015 - 6:27am

Posted by 朱东海 on Apr 23

1. Advisory Information
Advisory URL: http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.p1ECc3&id=19
Date published: 2015-04-23
Date of last update: 2015-04-23

2. Vulnerability Information
Class: heap overflow
Impact: memory information leak and remote code execution
Remote Exploitable: Yes
Local Exploitable: No
CVE Name: CVE-2015-1863
Vulnerability Information and Patch: http://w1.fi/security/2015-1/

3. Vulnerability Description...
Categories:

Bugtraq: [security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution

Security Focus Latest Security Advisories - April 23, 2015 - 3:15am
[security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution
Categories:

Bugtraq: Multiple Cross-Site Scripting (XSS) in FreePBX

Security Focus Latest Security Advisories - April 23, 2015 - 3:15am
Multiple Cross-Site Scripting (XSS) in FreePBX
Categories:

Bugtraq: Netgear WNR2000v4 Multiple Vulnerabilities

Security Focus Latest Security Advisories - April 23, 2015 - 3:15am
Netgear WNR2000v4 Multiple Vulnerabilities
Categories:

Bugtraq: [SECURITY] [DSA 3232-1] curl security update

Security Focus Latest Security Advisories - April 23, 2015 - 3:15am
[SECURITY] [DSA 3232-1] curl security update
Categories:

next-20150423: linux-next

Linux Kernel Updates - April 22, 2015 - 11:51pm
Version:next-20150423 (linux-next) Released:2015-04-23

[slackware-security] openssl (SSA:2015-111-09)

BugTraq Latest Security Advisories - April 22, 2015 - 2:28pm

Posted by Slackware Security Team on Apr 22

[slackware-security] openssl (SSA:2015-111-09)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1m-i486-1_slack14.1.txz: Upgraded.
Fixes several bugs and security issues:
o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
o ASN.1 structure reuse...
Categories:

[slackware-security] bind (SSA:2015-111-01)

BugTraq Latest Security Advisories - April 22, 2015 - 2:19pm

Posted by Slackware Security Team on Apr 22

[slackware-security] bind (SSA:2015-111-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/bind-9.9.6_P2-i486-1_slack14.1.txz: Upgraded.
Fix some denial-of-service and other security issues.
For more information, see:
https://kb.isc.org/article/AA-01166/...
Categories:

[slackware-security] httpd (SSA:2015-111-03)

BugTraq Latest Security Advisories - April 22, 2015 - 2:11pm

Posted by Slackware Security Team on Apr 22

[slackware-security] httpd (SSA:2015-111-03)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd-2.4.12-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issues:
* CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer
over-read,...
Categories:

[slackware-security] ntp (SSA:2015-111-08)

BugTraq Latest Security Advisories - April 22, 2015 - 2:02pm

Posted by Slackware Security Team on Apr 22

[slackware-security] ntp (SSA:2015-111-08)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p2-i486-1_slack14.1.txz: Upgraded.
In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerabilities involving private key...
Categories:

[slackware-security] gnupg (SSA:2015-111-02)

BugTraq Latest Security Advisories - April 22, 2015 - 1:54pm

Posted by Slackware Security Team on Apr 22

[slackware-security] gnupg (SSA:2015-111-02)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.19-i486-1_slack14.1.txz: Upgraded.
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
*...
Categories: