Feed aggregator

CVE-2015-1177-xss-exponent

BugTraq Latest Security Advisories - January 22, 2015 - 9:15am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1177-xss-exponent

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in Exponent CMS
Affected Software : Exponent
Affected Versions: 2.3.2 and possibly below
Vendor Homepage : http://www.exponentcms.org/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1177

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in the browser.

Technical...
Categories:

SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP

BugTraq Latest Security Advisories - January 22, 2015 - 9:04am

Posted by SEC Consult Vulnerability Lab on Jan 22

SEC Consult Vulnerability Lab Security Advisory < 20150122-0 >
=======================================================================
title: Multiple critical vulnerabilities
products: Symantec Data Center Security: Server Advanced (SDCS:SA)
Symantec Critical System Protection (SCSP)
vulnerable version: see: Vulnerable / tested versions
fixed version: SCSP 5.2.9 MP6, SDCS:SA 6.0 MP1 -...
Categories:

CVE-2015-1176-xss-osticket

BugTraq Latest Security Advisories - January 22, 2015 - 8:55am

Posted by Sudhanshu Chauhan on Jan 22

CVE-2015-1176-xss-osticket

Information
----------------
Advisory by Octogence.
Name: Reflected XSS Vulnerability in osTicket Ticket system
Affected Software : osTicket
Affected Versions: 1.9.4 and possibly below
Vendor Homepage : http://osticket.com/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1176

Impact
----------
An attacker can craft a URL with malicious JavaScript code which
executes in the browser....
Categories:

Bugtraq: [oCERT-2015-001] JasPer input sanitization errors

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
[oCERT-2015-001] JasPer input sanitization errors
Categories:

Bugtraq: [RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass
Categories:

Bugtraq: PhotoSync v1.1.3 Android - Command Inject Vulnerability

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
PhotoSync v1.1.3 Android - Command Inject Vulnerability
Categories:

Bugtraq: iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

Security Focus Latest Security Advisories - January 22, 2015 - 8:30am
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll
Categories:

[slackware-security] samba (SSA:2015-020-01)

BugTraq Latest Security Advisories - January 22, 2015 - 4:12am

Posted by Slackware Security Team on Jan 22

[slackware-security] samba (SSA:2015-020-01)

New samba packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba-4.1.16-i486-1_slack14.1.txz: Upgraded.
This update is a security release in order to address CVE-2014-8143
(Elevation of privilege to Active Directory Domain Controller).
Samba's AD DC allows...
Categories:

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

BugTraq Latest Security Advisories - January 22, 2015 - 4:03am

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1413

Release Date:
=============
2015-01-20

Vulnerability Laboratory ID (VL-ID):
====================================
1413

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:...
Categories:

iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

BugTraq Latest Security Advisories - January 22, 2015 - 3:54am

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
iExplorer 3.6.3 - DLL Hijacking Exploit itunesmobiledevice.dll

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1415

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9600

CVE-ID:
=======
CVE-2014-9600

Release Date:
=============
2015-01-19

Vulnerability Laboratory ID (VL-ID):
====================================
1415

Common Vulnerability Scoring System:...
Categories:

[RT-SA-2014-010] AVM FRITZ!Box Firmware Signature Bypass

BugTraq Latest Security Advisories - January 22, 2015 - 3:45am

Posted by RedTeam Pentesting GmbH on Jan 22

Advisory: AVM FRITZ!Box: Firmware Signature Bypass

The signature check of FRITZ!Box firmware images is flawed. Malicious
code can be injected into firmware images without breaking the RSA
signature. The code will be executed either if a manipulated firmware
image is uploaded by the victim or if the victim confirms an update on
the webinterface during a MITM attack.

Details
=======

Product: AVM FRITZ!Box 7490, 7390, 7270v3 and other models...
Categories:

Bugtraq: [security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
Categories:

Bugtraq: [SECURITY] [DSA 3134-1] sympa security update

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
[SECURITY] [DSA 3134-1] sympa security update
Categories:

Bugtraq: [SECURITY] [DSA 3133-1] privoxy security update

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
[SECURITY] [DSA 3133-1] privoxy security update
Categories:

Bugtraq: ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities

Security Focus Latest Security Advisories - January 22, 2015 - 3:45am
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
Categories:

PhotoSync v1.1.3 Android - Command Inject Vulnerability

BugTraq Latest Security Advisories - January 22, 2015 - 3:38am

Posted by Vulnerability Lab on Jan 22

Document Title:
===============
PhotoSync v1.1.3 Android - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1410

Release Date:
=============
2015-01-21

Vulnerability Laboratory ID (VL-ID):
====================================
1410

Common Vulnerability Scoring System:
====================================
5.2

Product & Service Introduction:...
Categories:

[oCERT-2015-001] JasPer input sanitization errors

BugTraq Latest Security Advisories - January 22, 2015 - 3:30am

Posted by Andrea Barisani on Jan 22

#2015-001 JasPer input sanitization errors

Description:

The JasPer project is an open source implementation for the JPEG-2000 codec.

The library is affected by an off-by-one error in a buffer boundary check in
jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as
multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack
overflow.

A specially crafted JPEG-2000 file can be used to trigger the...
Categories:

next-20150122: linux-next

Linux Kernel Updates - January 22, 2015 - 3:12am
Version:next-20150122 (linux-next) Released:2015-01-22

Vuln: Jenkins Session Cookie Multiple Security Bypass Vulnerabilities

Security Focus Latest Security Advisories - January 22, 2015 - 12:00am
Jenkins Session Cookie Multiple Security Bypass Vulnerabilities
Categories:

Vuln: Samsung SmartViewer 'CNC_Ctrl' ActiveX Stack Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - January 22, 2015 - 12:00am
Samsung SmartViewer 'CNC_Ctrl' ActiveX Stack Buffer Overflow Vulnerability
Categories: