-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2014-024: EMC Documentum Digital Asset Manager Blind DQL Injection
Vulnerability
EMC Identifier: ESA-2014-024
CVE Identifier: CVE-2014-2503
Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Affected products:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2947-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
June 04, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2948-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
June 04, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2946-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
June 04, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04272892
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04272892
Version: 3
HPSBMU03033
On 04/06/14 11:13, Jose Carlos Luna Duran wrote:
In my opinion the drop of privs in bash was mostly a help measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this as the problem that could be
exploited by that would really be in the
Jose Carlos Luna Duran writes:
In my opinion the drop of privs in bash was mostly a help measure
for poorly written setuid programs executing system() calls. I don't
think is the role of bash to do this ...
True, but it is a slight help and I'm in favour of keeping it.
Correct me if I'm
On 03/06/14 23:46, Hector Marco wrote:
Recently we discovered a bug in bash. After some time after reporting
it to bash developers, it has not been fixed.
...
Any comments about this issue are welcomed.
Details at:
http://hmarco.org/bugs/bash_4.3-setuid-bug.html
I'm only going by the
Advisory: Directory Traversal in DevExpress ASP.NET File Manager
During a penetration test RedTeam Pentesting discovered a directory
traversal vulnerability in DevExpress' ASP.NET File Manager and File
Upload. Attackers are able to read arbitrary files by specifying a
relative path.
Details
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2950-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
June 05, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2949-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-14:14.opensslSecurity Advisory
The FreeBSD Project
Topic:
#+
# Title : multiple Vulnerability in WahmShoppes eStore
# Author : alieye
# vendor : http://www.wahmshoppes.com/
# Contact : cseye...@yahoo.com
# Risk : High
# Class: Remote
# Google Dork:
# inurl:WsError.asp
# inurl:store/ We apologize
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
EMC Identifier: ESA-2014-046
CVE Identifier: CVE-2014-2506, CVE-2014-2507, CVE-2014-2508
Severity Rating: CVSS v2 Base Score: See below for individual scores
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04268240
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04268240
Version: 2
HPSBMU03029
--
Technical Service Bulletin 2014-28 (TSB)
Title: Security Vulnerability: Sensitive Configuration Values Exposed in
Cloudera Manager
Certain configuration values that are stored in Cloudera Manager are
16 matches
Mail list logo