Feed aggregator

Vuln: Zend Framework 'Zend_Db_Select::order()' Function SQL Injection Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Zend Framework 'Zend_Db_Select::order()' Function SQL Injection Vulnerability
Categories:

Vuln: IBM 1754 GCM16 and GCM32 Global Console Managers Multiple Cross Site Scripting Vulnerabilities

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
IBM 1754 GCM16 and GCM32 Global Console Managers Multiple Cross Site Scripting Vulnerabilities
Categories:

Vuln: IBM 1754 GCM16 and GCM32 Global Console Managers Unspecified Arbitrary File Read Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
IBM 1754 GCM16 and GCM32 Global Console Managers Unspecified Arbitrary File Read Vulnerability
Categories:

Vuln: Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
Categories:

Vuln: PolarSSL CVE-2014-4911 Remote Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
PolarSSL CVE-2014-4911 Remote Denial of Service Vulnerability
Categories:

Vuln: Skybox Security Multiple Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Skybox Security Multiple Denial of Service Vulnerabilities
Categories:

Vuln: Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
Categories:

Vuln: Linux Kernel 'filter.c' CVE-2014-3144 Multiple Local Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Linux Kernel 'filter.c' CVE-2014-3144 Multiple Local Denial of Service Vulnerabilities
Categories:

Vuln: Oracle Java SE CVE-2014-4218 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-4218 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4219 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-4219 Remote Security Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4209 Remote Security Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
Oracle Java SE CVE-2014-4209 Remote Security Vulnerability
Categories:

Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability

Security Focus Latest Security Advisories - July 21, 2014 - 11:00pm
OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
Categories:

Bugtraq: CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Security Focus Latest Security Advisories - July 21, 2014 - 10:30am
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Categories:

[SECURITY] [DSA 2983-1] drupal7 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:29am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2983-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 20, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : not yet available

Multiple...
Categories:

[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update

BugTraq Latest Security Advisories - July 21, 2014 - 10:21am

Posted by Moritz Muehlenhoff on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2982-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby-activerecord-3.2
CVE ID : CVE-2014-3482...
Categories:

KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 10:09am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-003
Publication Date: 2014.07.18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: MQ Access Control
Affected Versions: 5.1.0.1110
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123: Write-what-where Condition...
Categories:

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

BugTraq Latest Security Advisories - July 21, 2014 - 9:59am

Posted by KoreLogic Disclosures on Jul 21

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
Advisory ID: KL-001-2014-002
Publication Date: 2014-07-18
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt

1. Vulnerability Details

Affected Vendor: Microsoft
Affected Product: Bluetooth Personal Area Networking
Affected Versions: 5.1.2600.5512
Platform: Microsoft Windows XP SP3
CWE Classification: CWE-123:...
Categories:

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

BugTraq Latest Security Advisories - July 21, 2014 - 9:51am

Posted by Jordan Sissel on Jul 21

Vendor: Elasticsearch
Product: Logstash
CVE: CVE-2014-4326
Affected versions: Logstash 1.0.14 through 1.4.1

Recommendations: All affected users should upgrade to Logstash 1.4.2.
We also provide patch instructions for Logstash 1.3.x at the bottom of
this note.

The vulnerability impacts deployments that use either the zabbix or
the nagios_nsca outputs. In these cases, an attacker with an ability
to send crafted events to any source of data for...
Categories:

[SECURITY] [DSA 2981-1] polarssl security update

BugTraq Latest Security Advisories - July 21, 2014 - 9:41am

Posted by Salvatore Bonaccorso on Jul 21

-------------------------------------------------------------------------
Debian Security Advisory DSA-2981-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2014-4911
Debian Bug :...
Categories:

CVE-2014-4980 Parameter Tampering in Nessus Web UI - Remote Information Disclosure

BugTraq Latest Security Advisories - July 21, 2014 - 9:32am

Posted by i amroot on Jul 21

Product: Nessus
Vendor: Tenable Network Security‎
Version: Nessus 5.2.3-5.2.7 - Web UI 2.3.4 (potentially lower)
Vendor Notified Date: June 24, 2014
Vendor Resolved Date: June 25, 2014
Release Date: July 18, 2014
Risk: Medium
Authentication: Not Required
Remote: Yes

Description:
A parameter tampering vulnerability exists in Nessus 5.2.7 and potentially below that allows remote attackers to
retrieve potentially sensitive information from the...
Categories: