Document Title:
===
Microsoft Office 365 Outlook - Filter Bypass Persistent Editor Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=811
Microsoft Security Response Center (MSRC) ID: 14095
Release Date:
=
Vulnerability title: Remote Command Execution in Fitnesse Wiki
CVE: CVE-2014-1216
Vendor: Fitnesse
Product: Wiki
Affected version: v20131110 and earlier
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
The Fitnesse wiki does not validate the syntax of edited pages to
validate whether the
Vulnerability title: Authentication Bypass in Oracle Demantra
CVE: CVE-2014-5880
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
The authentication filter in Oracle Demantra is broken by design.
For example the page:
Apologies, the CVE-ID for this advisory is actually CVE-2013-5795
Apologies, the CVE-ID for this advisory is actually CVE-2013-5880
Vulnerability title: SQL Injection in Oracle Demantra
CVE: CVE-2014-0372
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
The Oracle Demantra application is vulnerable to SQL injection.
An attacker with access to the
Vulnerability title: Database Credentials Leak in Oracle Demantra
CVE: CVE-2014-5795
Vendor: Oracle
Product: Demantra
Affected version: 12.2.1
Fixed version: 12.2.3
Reported by: Oliver Gruskovnjak
Details:
Oracle Demantra version 12.2.1 has a backend function that allows anyone
to retrieve the
###
01. ### Advisory Information ###
Title: Remote Privilege Escalation in SpagoBI
Date published: 2013-02-28
Date of last update: 2013-02-28
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity: High
02. ###
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management
Vulnerability
EMC Identifier: ESA-2014-003
CVE Identifier: CVE-2014-0624
Severity Rating: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C)
Affected Products:
RSA Data
#
#
# @@@@@@@ @@@@@ @@@
# @@@@@@@@@ @@ @@@ @@@@@
# @@@@@@@@@@@ @@@ @@ @@@ @@@ @@@
# @@@@@@
###
01. ### Advisory Information ###
Title: Persistent Cross-Site Scripting (XSS) in SpagoBI
Date published: 2014-03-01
Date of last update: 2014-03-01
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity: High
02. ###
###
01. ### Advisory Information ###
Title: Persistent HTML Script Insertion permits offsite-bound forms
Date published: 2014-03-01
Date of last update: 2014-03-01
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity:
###
01. ### Advisory Information ###
Title: XSS File Upload
Date published: 2014-03-01
Date of last update: 2014-03-01
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity: Medium
02. ### Vulnerability Information
RCE Security Advisory
http://www.rcesecurity.com
1. ADVISORY INFORMATION
---
Product:GetGo Download Manager
Vendor URL: www.getgosoft.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2014-02-20
Date published: 2014-03-02
CVSSv2 Score:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2868-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2014
PasswordsCon will be held on Tuesday and Wednesday, August 5th 6th, at
Tuscany Suites Casino, 255 East Flamingo Rd., Las Vegas.
Yes, we are teaming up with BsidesLV and co-locating with them. 2-for-1
conference action - all for the low, low price of FREE!
For the first time we'll expand into 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2869-1 secur...@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
March 03, 2014
17 matches
Mail list logo