Feed aggregator

Vuln: Oracle Java SE CVE-2014-2401 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 16, 2014 - 11:00pm
Oracle Java SE CVE-2014-2401 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0448 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 16, 2014 - 11:00pm
Oracle Java SE CVE-2014-0448 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-0455 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - July 16, 2014 - 11:00pm
Oracle Java SE CVE-2014-0455 Remote Code Execution Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4216 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 16, 2014 - 11:00pm
Oracle Java SE CVE-2014-4216 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4266 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 16, 2014 - 11:00pm
Oracle Java SE CVE-2014-4266 Remote Security Vulnerability
Categories:

SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone

BugTraq Latest Security Advisories - July 16, 2014 - 10:59am

Posted by SEC Consult Vulnerability Lab on Jul 16

SEC Consult Vulnerability Lab Security Advisory < 20140716-3 >
=======================================================================
title: Multiple critical vulnerabilities
product: Bitdefender GravityZone
vulnerable version: <5.1.11.432
fixed version: >=5.1.11.432
impact: critical
homepage: http://www.bitdefender.com
found: 2014-05-22
by:...
Categories:

SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway

BugTraq Latest Security Advisories - July 16, 2014 - 10:49am

Posted by SEC Consult Vulnerability Lab on Jul 16

SEC Consult Vulnerability Lab Security Advisory < 20140716-2 >
=======================================================================
title: Multiple vulnerabilities
product: Citrix NetScaler Application Delivery Controller
Citrix NetScaler Gateway
vulnerable version: <9.3-62.4
<10.1-126.12
fixed version: >=9.3-62.4...
Categories:

SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server "Desktop Client"

BugTraq Latest Security Advisories - July 16, 2014 - 10:38am

Posted by SEC Consult Vulnerability Lab on Jul 16

SEC Consult Vulnerability Lab Security Advisory < 20140716-1 >
=======================================================================
title: Remote Code Execution via CSRF
product: OpenVPN Access Server "Desktop Client"
vulnerable version: all
fixed version: not available
impact: critical
homepage: http://www.openvpn.net
found: 2014-05-12
by:...
Categories:

Reflected Cross-Site Scripting (XSS) in e107

BugTraq Latest Security Advisories - July 16, 2014 - 10:27am

Posted by High-Tech Bridge Security Research on Jul 16

Advisory ID: HTB23220
Product: e107
Vendor: e107
Vulnerable Version(s): 2.0 alpha2 and probably prior
Tested Version: 2.0 alpha2
Advisory Publication: June 18, 2014 [without technical details]
Vendor Notification: June 18, 2014
Vendor Patch: June 27, 2014
Public Disclosure: July 16, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-4734
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution...
Categories:

VUPEN Security Research - Microsoft Windows "DirectShow" Privilege Escalation Vulnerability (Pwn2Own 2014)

BugTraq Latest Security Advisories - July 16, 2014 - 10:17am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Windows "DirectShow" Local Privilege
Escalation Vulnerability (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Windows is a series of software operating systems and
graphical user interfaces produced by Microsoft. Windows had
approximately 90% of the market share of the client operating
systems." (Wikipedia)...
Categories:

VUPEN Security Research - Microsoft Internet Explorer "ShowSaveFileDialog()" Sandbox Bypass (Pwn2Own 2014)

BugTraq Latest Security Advisories - July 16, 2014 - 10:09am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer
"ShowSaveFileDialog()" Protected Mode Sandbox Bypass (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web...
Categories:

VUPEN Security Research - Microsoft Internet Explorer "Request" Object Confusion Sandbox Bypass (Pwn2Own 2014)

BugTraq Latest Security Advisories - July 16, 2014 - 10:00am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer "Request" Object
Confusion Sandbox Bypass (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers."...
Categories:

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

BugTraq Latest Security Advisories - July 16, 2014 - 9:49am

Posted by VUPEN Security Research on Jul 16

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory
Corruption (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen

I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)

II. DESCRIPTION...
Categories:

SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition

BugTraq Latest Security Advisories - July 16, 2014 - 9:40am

Posted by SEC Consult Vulnerability Lab on Jul 16

SEC Consult Vulnerability Lab Security Advisory < 20140716-0 >
=======================================================================
title: Multiple SSRF vulnerabilities
product: Alfresco Community Edition
vulnerable version: <=4.2.f
fixed version: 5.0.a
impact: High
homepage: http://www.alfresco.com
found: 2014-05-15
by: V. Paulikas...
Categories:

KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 16, 2014 - 9:30am

Posted by KoreLogic Disclosures on Jul 16

Title: Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-001
Publication Date: 07.15.2014
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt

1. Vulnerability Details

Affected Vendor: Oracle
Affected Product: VirtualBox Guest Additions
Affected Versions: 4.3.8 - 4.3.10
Platform: Microsoft XP SP3
CWE Classification: CWE-123: Write-what-where Condition
Impact: Arbitrary...
Categories:

[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code

BugTraq Latest Security Advisories - July 16, 2014 - 9:18am

Posted by security-alert on Jul 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04373818

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04373818
Version: 1

HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of
Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-07-15
Last...
Categories:

Node Browserify RCE vuln (<= 4.2.0)

BugTraq Latest Security Advisories - July 15, 2014 - 12:51pm

Posted by Cal Leeming \[Simplicity Media Ltd\] on Jul 15

Hello,

Discovered an RCE vuln in Browserify <=4.2.0.

Maintainer patched upstream just 4 hours after responsible disclosure
yesterday, now fixed as of 4.2.1.

Summary and POC found here:
http://iops.io/blog/browserify-rce-vulnerability/

Cal
Categories:

[security bulletin] HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information

BugTraq Latest Security Advisories - July 15, 2014 - 12:42pm

Posted by security-alert on Jul 15

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04368264

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04368264
Version: 1

HPSBGN03068 rev.1 - HP OneView running OpenSSL, Remote Denial of Service
(DoS), Unauthorized Access, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories: