Feed aggregator

[SYSS-2014-010] FancyFon FAMOC - SQL Injection

BugTraq Latest Security Advisories - January 27, 2015 - 10:35am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-010
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg (SySS GmbH)
Sebastian Nerz (SySS GmbH)...
Categories:

[SECURITY] [DSA 3140-1] xen security update

BugTraq Latest Security Advisories - January 27, 2015 - 10:28am

Posted by Moritz Muehlenhoff on Jan 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3140-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2014-8594 CVE-2014-8595...
Categories:

[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt

BugTraq Latest Security Advisories - January 27, 2015 - 10:21am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-013
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)...
Categories:

[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting

BugTraq Latest Security Advisories - January 27, 2015 - 10:12am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-011
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...
Categories:

[SYSS-2014-012] FancyFon FAMOC - Session Fixation

BugTraq Latest Security Advisories - January 27, 2015 - 10:03am

Posted by matthias . deeg on Jan 27

Advisory ID: SYSS-2014-012
Product(s): FAMOC
Vendor: FancyFon
Affected Version(s): 3.16.5
Tested Version(s): 3.16.5
Vulnerability Type: Session Fixation (CWE-384)
Risk Level: Low
Solution Status: Fixed
Vendor Notification: 2014-12-19
Solution Date: 2015-01-23
Public Disclosure: 2015-01-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...
Categories:

Bugtraq: CVE-2015-0223: anonymous access to qpidd cannot be prevented

Security Focus Latest Security Advisories - January 27, 2015 - 9:45am
CVE-2015-0223: anonymous access to qpidd cannot be prevented
Categories:

Bugtraq: CVE-2015-0224: qpidd can be crashed by unauthenticated user

Security Focus Latest Security Advisories - January 27, 2015 - 9:45am
CVE-2015-0224: qpidd can be crashed by unauthenticated user
Categories:

Bugtraq: [CORE-2015-0002] - Android WiFi-Direct Denial of Service

Security Focus Latest Security Advisories - January 27, 2015 - 9:45am
[CORE-2015-0002] - Android WiFi-Direct Denial of Service
Categories:

Bugtraq: Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability

Security Focus Latest Security Advisories - January 27, 2015 - 4:45am
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Categories:

Bugtraq: REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability

Security Focus Latest Security Advisories - January 27, 2015 - 4:45am
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability
Categories:

CVE-2015-0223: anonymous access to qpidd cannot be prevented

BugTraq Latest Security Advisories - January 27, 2015 - 4:17am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

anonymous access to qpidd cannot be prevented

CVE-2015-0223 CVS: 5.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

An attacker can gain access to qpidd as an anonymous user, even if the
ANONYMOUS mechanism is disallowed.

Solution:

A patch is available (...
Categories:

CVE-2015-0224: qpidd can be crashed by unauthenticated user

BugTraq Latest Security Advisories - January 27, 2015 - 4:10am

Posted by Gordon Sim on Jan 27

Apache Software Foundation - Security Advisory

qpidd can be crashed by unauthenticated user

CVE-2015-0224 CVS: 7.8

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid's qpidd up to and including version 0.30

Description:

In CVE-2015-0203 it was announced that certain unexpected protocol
sequences cause the broker process to crash due to insufficient
checking, but that authentication...
Categories:

[CORE-2015-0002] - Android WiFi-Direct Denial of Service

BugTraq Latest Security Advisories - January 27, 2015 - 4:02am

Posted by CORE Advisories Team on Jan 27

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Android WiFi-Direct Denial of Service

1. *Advisory Information*

Title: Android WiFi-Direct Denial of Service
Advisory ID: CORE-2015-0002
Advisory URL:
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
Date published: 2015-01-26
Date of last update: 2015-01-26
Vendors contacted: Android Security Team
Release mode: User release

2. *Vulnerability...
Categories:

WebKitGTK+ Security Advisory WSA-2015-0001

BugTraq Latest Security Advisories - January 27, 2015 - 3:52am

Posted by Carlos Alberto Lopez Perez on Jan 27

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------

Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers :...
Categories:

next-20150127: linux-next

Linux Kernel Updates - January 27, 2015 - 3:48am
Version:next-20150127 (linux-next) Released:2015-01-27

Bugtraq: REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability

Security Focus Latest Security Advisories - January 27, 2015 - 3:30am
REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability
Categories:

Bugtraq: [HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days

Security Focus Latest Security Advisories - January 27, 2015 - 3:30am
[HITB-Announce] #HITB2015AMS Call for Papers 1st Round is Closing in 10 Days
Categories:

Vuln: GNU glibc 'iconv()' Denial of Service Vulnerability

Security Focus Latest Security Advisories - January 27, 2015 - 12:00am
GNU glibc 'iconv()' Denial of Service Vulnerability
Categories:

Vuln: Mozilla Firefox/SeaMonkey Bitmap Rendering Information Disclosure Vulnerability

Security Focus Latest Security Advisories - January 27, 2015 - 12:00am
Mozilla Firefox/SeaMonkey Bitmap Rendering Information Disclosure Vulnerability
Categories:

Vuln: Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8635 Multiple Memory Corruption Vulnerabilities

Security Focus Latest Security Advisories - January 27, 2015 - 12:00am
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8635 Multiple Memory Corruption Vulnerabilities
Categories: