Feed aggregator

Bugtraq: Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - October 17, 2014 - 5:30am
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
Categories:

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

BugTraq Latest Security Advisories - October 17, 2014 - 5:22am

Posted by Apple Product Security on Oct 17

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

OS X Yosemite v10.10 is now available and addresses the following:

802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods....
Categories:

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

BugTraq Latest Security Advisories - October 17, 2014 - 5:11am

Posted by CORE Advisories Team on Oct 17

Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

1. **Advisory Information**

Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service
Vulnerability
Advisory ID: CORE-2014-0007
Advisory URL:
http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability
Date published: 2014-10-15
Date of last...
Categories:

[SECURITY] [DSA 3053-1] openssl security update

BugTraq Latest Security Advisories - October 17, 2014 - 5:01am

Posted by Thijs Kinkhorst on Oct 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-3053-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
October 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2014-3513 CVE-2014-3566...
Categories:

Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

BugTraq Latest Security Advisories - October 17, 2014 - 4:52am

Posted by Cisco Systems Product Security Incident Response Team on Oct 17

Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20120126-ironport

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

Revision 2.0

Last Updated 2014 October 16 13:40 UTC (GMT)

For Public Release 2012 January 26 17:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco...
Categories:

Bugtraq: [SECURITY] [DSA 3052-1] wpa security update

Security Focus Latest Security Advisories - October 17, 2014 - 4:15am
[SECURITY] [DSA 3052-1] wpa security update
Categories:

Bugtraq: [security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

Security Focus Latest Security Advisories - October 17, 2014 - 4:15am
[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
Categories:

Bugtraq: [security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution

Security Focus Latest Security Advisories - October 17, 2014 - 4:15am
[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution
Categories:

Bugtraq: Bypassing blacklists based on IPy

Security Focus Latest Security Advisories - October 17, 2014 - 4:15am
Bypassing blacklists based on IPy
Categories:

[SECURITY] [DSA 3052-1] wpa security update

BugTraq Latest Security Advisories - October 16, 2014 - 6:11am

Posted by Michael Gilbert on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3052-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2014-3686
Debian Bug : 765352...
Categories:

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

BugTraq Latest Security Advisories - October 16, 2014 - 6:01am

Posted by security-alert on Oct 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472444
Version: 1

HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications
Broker), Remote Cross-site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution

BugTraq Latest Security Advisories - October 16, 2014 - 5:53am

Posted by security-alert on Oct 16

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471538
Version: 1

HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[slackware-security] openssl (SSA:2014-288-01)

BugTraq Latest Security Advisories - October 16, 2014 - 5:43am

Posted by Slackware Security Team on Oct 16

[slackware-security] openssl (SSA:2014-288-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-solibs-1.0.1j-i486-1_slack14.1.txz: Upgraded.
(* Security fix *)
patches/packages/openssl-1.0.1j-i486-1_slack14.1.txz: Upgraded.
This update fixes several security...
Categories:

Bypassing blacklists based on IPy

BugTraq Latest Security Advisories - October 16, 2014 - 5:33am

Posted by Nicolas Grégoire on Oct 16

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses
and networks" (https://github.com/haypo/python-ipy). This library is
sometimes used to implement blacklists forbidding internal, private or
loopback addresses.

Using octal encoding (supported by urllib2), it is possible to bypass
checks based on the result of the iptype() function. For example, IP
address '0177.0000.0000.0001' is considered as...
Categories:

[SECURITY] [DSA 3051-1] drupal7 security update

BugTraq Latest Security Advisories - October 16, 2014 - 5:26am

Posted by Moritz Muehlenhoff on Oct 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3051-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : drupal7
CVE ID : CVE-2014-3704

Stefan Horst...
Categories:

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:18am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Advisory ID: cisco-sa-20141015-poodle

Revision 1.0

For Public Release 2014 October 15 17:30 UTC (GMT)

+---------------------------------------------------------------------

Summary
+======

On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when
using a block cipher in Cipher...
Categories:

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 5:07am

Posted by Stefan Horst on Oct 16

SektionEins GmbH
www.sektioneins.de

-= Security Advisory =-

Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Application: Drupal >= 7.0 <= 7.31
Severity: Full SQL injection, which results in total control and code execution of Website.
Risk: Highly Critical...
Categories:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

BugTraq Latest Security Advisories - October 16, 2014 - 4:58am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway
Software

Advisory ID: cisco-sa-20141015-vcs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

Revision 1.0

For Public Release 2014 October 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Video...
Categories:

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

BugTraq Latest Security Advisories - October 16, 2014 - 4:50am

Posted by Cisco Systems Product Security Incident Response Team on Oct 16

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

Advisory ID: cisco-sa-20141015-mcu

Revision 1.0

For Public Release 2014 October 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker
to cause the exhaustion of available memory...
Categories:

SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces

BugTraq Latest Security Advisories - October 15, 2014 - 9:28am

Posted by SEC Consult Vulnerability Lab on Oct 15

SEC Consult Vulnerability Lab Security Advisory < 20141015-0 >
=======================================================================
title: Potential Cross-Site Scripting
product: ADF Faces
vulnerable version: 12.1.2.0
fixed version: versions with CPU Oct-2014 patch applied
impact: low
homepage: http://www.oracle.com/adf
found: 2014-05-01
by: W....
Categories: