Feed aggregator

Vuln: Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 11:00pm
Linux Kernel 'fs/udf/inode.c' Local Denial of Service Vulnerability
Categories:

Vuln: OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 11:00pm
OpenSSL CVE-2014-0224 Man in the Middle Security Bypass Vulnerability
Categories:

Vuln: Oracle Java SE CVE-2014-4263 Remote Security Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 11:00pm
Oracle Java SE CVE-2014-4263 Remote Security Vulnerability
Categories:

Bugtraq: [SECURITY] [DSA 3039-1] chromium-browser security update

Security Focus Latest Security Advisories - September 29, 2014 - 8:00am
[SECURITY] [DSA 3039-1] chromium-browser security update
Categories:

Bugtraq: [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

Security Focus Latest Security Advisories - September 29, 2014 - 8:00am
[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360
Categories:

Moab Authentication Bypass (insecure message signing) [CVE-2014-5376]

BugTraq Latest Security Advisories - September 29, 2014 - 7:55am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass (insecure message signing) : CVE-2014-5376]##

Software: Moab
Affected Versions: Dependent on configuration, can affect all versions of Moab including Moab 8
CVE Reference: CVE-2014-5376
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Provided additional guidance in 7.2.9 release notes (MOAB-7480)

##[Description]...
Categories:

Moab User Impersonation [CVE-2014-5375]

BugTraq Latest Security Advisories - September 29, 2014 - 7:41am

Posted by john . fitzpatrick on Sep 29

##[Moab User Impersonation : CVE-2014-5375]##

Software: Moab
Affected Versions: All current versions of Moab. However, the impact is limited in Moab 7.2.9 and Moab 8.
CVE Reference: CVE-2014-5375
Author: John Fitzpatrick, Luke Jennings MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Updates in Moab 7.2.9 and Moab 8 provide some mitigations

##[Description]

It is possible to submit jobs...
Categories:

Moab Authentication Bypass [CVE-2014-5300]

BugTraq Latest Security Advisories - September 29, 2014 - 7:33am

Posted by john . fitzpatrick on Sep 29

##[Moab Authentication Bypass : CVE-2014-5300]##

Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Resolved in Moab 7.2.9 and Moab 8

##[Description]

It is possible to bypass authentication within Moab in order to impersonate and run commands/operations as...
Categories:

[slackware-security] mozilla-firefox (SSA:2014-271-01)

BugTraq Latest Security Advisories - September 29, 2014 - 7:25am

Posted by Slackware Security Team on Sep 29

[slackware-security] mozilla-firefox (SSA:2014-271-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-24.8.1esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[SECURITY] [DSA 3039-1] chromium-browser security update

BugTraq Latest Security Advisories - September 29, 2014 - 7:15am

Posted by Michael Gilbert on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3039-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
September 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2014-3160...
Categories:

[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360

BugTraq Latest Security Advisories - September 29, 2014 - 7:05am

Posted by Pedro Ribeiro on Sep 29

Hi,

This is the fifth part of the ManageOwnage series. For previous parts, see:
http://seclists.org/fulldisclosure/2014/Aug/55
http://seclists.org/fulldisclosure/2014/Aug/75
http://seclists.org/fulldisclosure/2014/Aug/88
http://seclists.org/fulldisclosure/2014/Sep/1

This time we have a file upload with directory traversal as well as an
arbitrary file deletion vulnerability. The file upload can be abused
to deliver a WAR payload in the Tomcat...
Categories:

[SECURITY] [DSA 3038-1] libvirt security update

BugTraq Latest Security Advisories - September 29, 2014 - 6:57am

Posted by Salvatore Bonaccorso on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3038-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
September 27, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvirt
CVE ID : CVE-2014-0179 CVE-2014-3633
Debian...
Categories:

Hands-on Mobile (Android & iOS) + ARM Exploitation Training at Toorcon

BugTraq Latest Security Advisories - September 29, 2014 - 6:47am

Posted by Aditya Gupta on Sep 29

Hello everyone,

I'm glad to announce that, I'll be running a 2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro
and on a set of vulnerable labs built for Toorcon...
Categories:

Bugtraq: [SECURITY] [DSA 3037-1] icedove security update

Security Focus Latest Security Advisories - September 29, 2014 - 6:45am
[SECURITY] [DSA 3037-1] icedove security update
Categories:

Bugtraq: SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 6:45am
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability
Categories:

Bugtraq: Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

Security Focus Latest Security Advisories - September 29, 2014 - 6:45am
Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities
Categories:

Bugtraq: Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 6:45am
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability
Categories:

WorldCIST 2015 - 3rd World Conference on Information Systems and Technologies

BugTraq Latest Security Advisories - September 29, 2014 - 6:38am

Posted by ML on Sep 29

------
WorldCIST'15 - 3rd World Conference on Information Systems and Technologies
Ponta Delgada, Azores *, Portugal
1 - 3 April 2015
http://www.aisti.eu/worldcist15/
------
* Azores is ranked as the second most beautiful archipelago in the world by National Geographic.
------------

SCOPE

The WorldCIST'15 - 3rd World Conference on Information Systems and Technologies, to be held at Ponta Delgada, São
Miguel, Azores, Portugal, 1 - 3...
Categories:

[SECURITY] [DSA 3037-1] icedove security update

BugTraq Latest Security Advisories - September 29, 2014 - 5:38am

Posted by Yves-Alexis Perez on Sep 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3037-1 security () debian org
http://www.debian.org/security/ Yves-Alexis Perez
September 26, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2014-1568

Antoine...
Categories:

Bugtraq: Oracle Corporation MyOracle - Persistent Vulnerability

Security Focus Latest Security Advisories - September 29, 2014 - 5:30am
Oracle Corporation MyOracle - Persistent Vulnerability
Categories: