Microsoft Online, Office Cloud - Persistent Encoding Vulnerabilities

Document Title: === Microsoft Online, Office Cloud - Persistent Encoding Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=806 Microsoft Security Response Center (MSRC) ID: 14090 Microsoft Security Response Center (MSRC)

DC4420 - DefCon London: Christmas Social (= no talks), Tuesday 17th December 2013

We have the DOWNSTAIRS bar at The Phoenix, Cavendish Square from 18:00 until the bar closes (~23:00) Agenda: Drinking beer and/or other beverages. Swapping war stories. Drinking more beer. Eating yummy food, pre-order Christmas menu details here -

Advisory 01/2013: PHP openssl_x509_parse() Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP openssl_x509_parse() Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser

Call for Papers -YSTS 8 - Information Security Conference, Brazil

Hello Bugtraq readers, the CFP for YSTS 8 is now opened. == YSTS 8th Edition Sao Paulo, Brazil April 14th, 2014 Call for Papers Opens: December 13th, 2013 Call for Papers Close: February 1st, 2014 http://www.ysts.org @ystscon INTRODUCTION After 7 very successful editions here

Last Call - 2sd World Conference on IST; Submission: December 29

2sd World Conference on Information Systems and Technologies - WorldCIST'14 April 15-18, 2014, Madeira Island, Portugal http://www.aisti.eu/worldcist14/ Submission deadline: December 29

[SECURITY] [DSA 2817-1] libtar security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2817-1 secur...@debian.org http://www.debian.org/security/ Luciano Bello December 14, 2013

LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client

Author: Jakub Zoczek [zoc...@gmail.com] CVE Reference: CVE-2013-7032 Product: LiveZilla Vendor: LiveZilla GmbH [http://livezilla.net] Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted

LiveZilla 5.1.2.0 Insecure password storage

Author: Jakub Zoczek [zoc...@gmail.com] CVE Reference: CVE-2013-7033 Product: LiveZilla Vendor: LiveZilla GmbH [http://livezilla.net] Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Status: Partly fixed 0x01 Background LiveZilla, the widely-used and

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Date: 11/15/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/bio-basespace-sdk Description: BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the development of Apps

Command injection vulnerability in Ruby Gem sprout 0.7.246

Title: Command injection vulnerability in Ruby Gem sprout 0.7.246 Date: 11/14/2013 Download: http://rubygems.org/gems/sprout, http://projectsprouts.org/ Vulnerability: The unpack_zip() function contains the following code: sprout-0.7.246/lib/sprout/archive_unpacker.rb 60 zip_dir =

LiveZilla 5.1.2.0 PHP Object Injection

Author: Jakub Zoczek [zoc...@gmail.com] CVE Reference: CVE-2013-7034 Product: LiveZilla Vendor: LiveZilla GmbH [http://livezilla.net] Affected version: 5.1.2.0 Severity: Medium CVSSv2 Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted

Command injection in Ruby Gem Webbynode 1.0.5.3

Title: Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2013 Author: Larry W. Cashdollar, @_larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user

Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities

Document Title: === Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1168 Release Date: = 2013-12-11 Vulnerability Laboratory ID (VL-ID):

User Identity Spoofing in Bitrix Site Manager

Advisory ID: HTB23183 Product: Bitrix Site Manager Vendor: Bitrix, Inc Vulnerable Version(s): 12.5.13 and probably prior Tested Version: 12.5.13 Advisory Publication: November 6, 2013 [without technical details] Vendor Notification: November 6, 2013 Vendor Patch: November 12, 2013 Public

[SECURITY] [DSA 2818-1] mysql-5.5 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2818-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso December 16, 2013

[security bulletin] HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04045640 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04045640 Version: 1 HPSBHF02953

[SECURITY] [DSA 2819-1] End-of-life announcement for iceape

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2819-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff December 16, 2013

XSS and Full Path Disclosure in MijoSearch Joomla Extension

Advisory ID: HTB23186 Product: MijoSearch Vendor: Mijosoft Vulnerable Version(s): 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: November 25, 2013 [without technical details] Vendor Notification: November 25, 2013 Public Disclosure: December 16, 2013 Vulnerability Type: