Feed aggregator

bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

BugTraq Latest Security Advisories - August 24, 2015 - 5:30am

Posted by Vulnerability Lab on Dec 31

Document Title:
===============
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1571

Release Date:
=============
2015-08-12

Vulnerability Laboratory ID (VL-ID):
====================================
1571

Common Vulnerability Scoring System:
====================================
8.7

Product & Service Introduction:...
Categories:

Windows Platform Binary Table (WPBT) - BIOS PE backdoor

BugTraq Latest Security Advisories - August 24, 2015 - 4:15am

Posted by Kevin Beaumont on Dec 31

PRECURSOR

There will be debate about if this is a vulnerability. It affects a
majority of user PCs -- including all Enterprise editions of Windows,
there is no way to disable it, and allows direct code execution into
secure boot sequences. I believe it is worth discussing.

SCOPE

Microsoft documented a feature in Windows 8 and above called Windows
Platform Binary Table. Up until two days ago, this was a single Word
document not referenced...
Categories:

Pdf Shaper Buffer Overflow

BugTraq Latest Security Advisories - August 24, 2015 - 4:15am

Posted by metacom27 on Dec 31

##
# This module requires Metabuffer: http://metabuffer.com/download
# Current source: https://github.com/rapid7/metabuffer-framework
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
#Rank definition: http://dev.metabuffer.com/redmine/projects/framework/wiki/Exploit_Ranking
#ManualRanking/LowRanking/AverageRanking/NormalRanking/GoodRanking/GreatRanking/ExcellentRanking
Rank = NormalRanking

include...
Categories:

[SECURITY] [DSA 3334-1] gnutls28 security update

BugTraq Latest Security Advisories - August 24, 2015 - 4:15am

Posted by Salvatore Bonaccorso on Dec 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3334-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gnutls28
CVE ID : not yet available
Debian Bug...
Categories:

Bugtraq: Logstash vulnerability CVE-2015-5619

Security Focus Latest Security Advisories - August 24, 2015 - 3:15am
Logstash vulnerability CVE-2015-5619
Categories:

Bugtraq: [security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

Security Focus Latest Security Advisories - August 24, 2015 - 3:15am
[security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
Categories:

Bugtraq: Re: [SECURITY] [DSA 3325-2] apache2 regression update

Security Focus Latest Security Advisories - August 24, 2015 - 3:15am
Re: [SECURITY] [DSA 3325-2] apache2 regression update
Categories:

Bugtraq: APPLE-SA-2015-08-20-1 QuickTime 7.7.8

Security Focus Latest Security Advisories - August 24, 2015 - 3:15am
APPLE-SA-2015-08-20-1 QuickTime 7.7.8
Categories:

[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values

BugTraq Latest Security Advisories - August 23, 2015 - 11:30pm

Posted by Onapsis Research Labs on Dec 31

Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault
Predictable encryption passwordsfor Configuration Values

1. Impact on Business
---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt and modify sensitive configuration
values used by SAP business applications.

Risk Level: High

2. Advisory Information
-----------------------

* Public Release...
Categories:

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

BugTraq Latest Security Advisories - August 23, 2015 - 11:30pm

Posted by Onapsis Research Labs on Dec 31

Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault
Predictable Encryption Password for Secure Storage

1. Impact on Business
---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to read sensitive information, including
encrypted log in credentials, stored in the device, potentially
connecting to business applications and accessing or modifying business...
Categories:

[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery

BugTraq Latest Security Advisories - August 23, 2015 - 11:30pm

Posted by Onapsis Research Labs on Dec 31

Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault
Keystream Recovery

1. Impact on Business
---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt credentials and other sensitive
information stored in it, potentially being able to connect to other
business systems.

Risk Level: High

2. Advisory Information
-----------------------

* Public Release...
Categories:

4.2-rc8: mainline

Linux Kernel Updates - August 23, 2015 - 10:53pm
Version:4.2-rc8 (mainline) Released:2015-08-24 Source:linux-4.2-rc8.tar.xz PGP Signature:linux-4.2-rc8.tar.sign Patch:patch-4.2-rc8.xz

Logstash vulnerability CVE-2015-5619

BugTraq Latest Security Advisories - August 21, 2015 - 1:54pm

Posted by Suyog Rao on Aug 21

Summary:
Logstash 1.5.3 and prior versions are vulnerable to a SSL/TLS security
issue which allows an attacker to successfully implement a man in the
middle attack. This vulnerability is not present in the initial
installation of Logstash. This insecurity is exposed when users
configure Lumberjack output to connect two Logstash instances. In such
deployments, a Logstash instance is used to collect logs from a
webserver and securely transmit them...
Categories:

[security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

BugTraq Latest Security Advisories - August 21, 2015 - 11:14am

Posted by security-alert on Aug 21

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774040

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774040
Version: 1

HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-21
Last...
Categories:

Re: [SECURITY] [DSA 3325-2] apache2 regression update

BugTraq Latest Security Advisories - August 21, 2015 - 6:40am

Posted by franzskinn on Aug 21

All my sources are fake packages and my I have a lot of malware in my phone
Categories:

APPLE-SA-2015-08-20-1 QuickTime 7.7.8

BugTraq Latest Security Advisories - August 21, 2015 - 6:31am

Posted by Apple Product Security on Aug 21

APPLE-SA-2015-08-20-1 QuickTime 7.7.8

QuickTime 7.7.8 is now available and addresses the following:

QuickTime
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3788 : Ryan Pentney and...
Categories:

[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege

BugTraq Latest Security Advisories - August 20, 2015 - 4:13pm

Posted by security-alert on Aug 20

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04735247

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04735247
Version: 1

HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-20
Last Updated:...
Categories:

[SECURITY] [DSA 3342-1] vlc security update

BugTraq Latest Security Advisories - August 20, 2015 - 4:03pm

Posted by Alessandro Ghedini on Aug 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3342-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
August 20, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vlc
CVE ID : CVE-2015-5949

Loren Maggiore of Trail...
Categories:

[oCERT-2015-009] VLC arbitrary pointer dereference

BugTraq Latest Security Advisories - August 20, 2015 - 3:55pm

Posted by Andrea Barisani on Aug 20

#2015-009 VLC arbitrary pointer dereference

Description:

The VLC media player is an open source media player and streaming media
server.

The stable VLC version suffers from an arbitrary pointer dereference
vulnerability.

The vulnerability affects the 3GP file format parser, insufficient
restrictions on a writable buffer can be exploited to execute arbitrary code
via the heap memory. A specific 3GP file can be crafted to trigger the...
Categories: