Feed aggregator

Bugtraq: Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

Security Focus Latest Security Advisories - October 15, 2014 - 10:15am
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
Categories:

SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces

BugTraq Latest Security Advisories - October 15, 2014 - 9:28am

Posted by SEC Consult Vulnerability Lab on Oct 15

SEC Consult Vulnerability Lab Security Advisory < 20141015-0 >
=======================================================================
title: Potential Cross-Site Scripting
product: ADF Faces
vulnerable version: 12.1.2.0
fixed version: versions with CPU Oct-2014 patch applied
impact: low
homepage: http://www.oracle.com/adf
found: 2014-05-01
by: W....
Categories:

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

BugTraq Latest Security Advisories - October 15, 2014 - 9:18am

Posted by High-Tech Bridge Security Research on Oct 15

Advisory ID: HTB23237
Product: MaxButtons WordPress plugin
Vendor: Max Foundry
Vulnerable Version(s): 1.26.0 and probably prior
Tested Version: 1.26.0
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: October 2, 2014
Public Disclosure: October 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7181
Risk Level: Low
CVSSv2 Base Score: 2.6...
Categories:

Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin

BugTraq Latest Security Advisories - October 15, 2014 - 9:08am

Posted by High-Tech Bridge Security Research on Oct 15

Advisory ID: HTB23236
Product: WP Google Maps WordPress plugin
Vendor: WP Google Maps
Vulnerable Version(s): 6.0.26 and probably prior
Tested Version: 6.0.26
Advisory Publication: September 24, 2014 [without technical details]
Vendor Notification: September 24, 2014
Vendor Patch: September 29, 2014
Public Disclosure: October 15, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7182
Risk Level: Low
CVSSv2 Base...
Categories:

Bugtraq: [SE-2014-01] Breaking Oracle Database through Java exploits (details)

Security Focus Latest Security Advisories - October 15, 2014 - 9:00am
[SE-2014-01] Breaking Oracle Database through Java exploits (details)
Categories:

Bugtraq: two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)

Security Focus Latest Security Advisories - October 15, 2014 - 9:00am
two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)
Categories:

Bugtraq: [SECURITY] [DSA 3049-1] wireshark security update

Security Focus Latest Security Advisories - October 15, 2014 - 9:00am
[SECURITY] [DSA 3049-1] wireshark security update
Categories:

Bugtraq: LiveZilla 5.3.0.7 Security Issue

Security Focus Latest Security Advisories - October 15, 2014 - 9:00am
LiveZilla 5.3.0.7 Security Issue
Categories:

Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

BugTraq Latest Security Advisories - October 15, 2014 - 8:57am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1129

PayPal Security UID: TM13a2uL

Release Date:
=============
2014-10-14

Vulnerability Laboratory ID (VL-ID):
====================================
1129

Common Vulnerability Scoring System:
====================================
4.1...
Categories:

Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

BugTraq Latest Security Advisories - October 15, 2014 - 8:48am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1303

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
====================================
1303

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...
Categories:

PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability

BugTraq Latest Security Advisories - October 15, 2014 - 8:38am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
PayPal Inc #90 PDF Mailer - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=940
http://www.vulnerability-lab.com/get_content.php?id=1274

Release Date:
=============
2014-10-02

Vulnerability Laboratory ID (VL-ID):
====================================
940

Common Vulnerability Scoring System:
====================================
5.1...
Categories:

PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

BugTraq Latest Security Advisories - October 15, 2014 - 8:28am

Posted by Vulnerability Lab on Oct 15

Document Title:
===============
PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=983

Release Date:
=============
2014-10-13

Vulnerability Laboratory ID (VL-ID):
====================================
983

Common Vulnerability Scoring System:
====================================
4.1

Product & Service Introduction:...
Categories:

[SE-2014-01] Breaking Oracle Database through Java exploits (details)

BugTraq Latest Security Advisories - October 15, 2014 - 8:19am

Posted by Security Explorations on Oct 15

Hello All,

Oracle Oct 2014 CPU addresses 22 security issues affecting Java VM
implementation embedded in Oracle Database software.

We have published details of the fixed issues and a description of
some privilege elevation techniques abusing a complete Java security
sandbox bypass condition for gaining DBA role in an environment of
Oracle Database software.

All relevant materials accompanied with Proof of Concept codes can
be found at our...
Categories:

[SECURITY] [DSA 3049-1] wireshark security update

BugTraq Latest Security Advisories - October 15, 2014 - 8:09am

Posted by Moritz Muehlenhoff on Oct 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3049-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2014-6422 CVE-2014-6423...
Categories:

two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other)

BugTraq Latest Security Advisories - October 15, 2014 - 8:00am

Posted by Michal Zalewski on Oct 15

First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused
Firefox prior to version 33 (released today) to leak bits of
uninitialized memory when rendering certain types of truncated images
onto <canvas>.

Mozilla's advisory is here:
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html

Bug is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=1063733

PoC is here:
http://lcamtuf.coredump.cx/ffgif2/

Secondly, MSRC case...
Categories:

LiveZilla 5.3.0.7 Security Issue

BugTraq Latest Security Advisories - October 15, 2014 - 7:52am

Posted by sourav . infosec on Oct 15

I had reported few xss issues on LiveZilla 5.3.0.7 . They fixed it properly and informed me. Now latest build is
5.3.0.8 / 2014-09-25.

http://changelog.livezilla.net/

Can you help me regarding CVE. I can send you the vulnerability details.
Categories:

Bugtraq: [security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery

Security Focus Latest Security Advisories - October 15, 2014 - 7:45am
[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
Categories:

Bugtraq: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager

Security Focus Latest Security Advisories - October 15, 2014 - 7:45am
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
Categories:

Bugtraq: [security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution

Security Focus Latest Security Advisories - October 15, 2014 - 7:45am
[security bulletin] HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
Categories:

Bugtraq: [security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution

Security Focus Latest Security Advisories - October 15, 2014 - 7:45am
[security bulletin] HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
Categories: