-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2875-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2874-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2876-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
March 12, 2014
Advisory ID: HTB23204
Product: Open Classifieds
Vendor: Open Classifieds Team
Vulnerable Version(s): 2-2.1.2 and probably prior
Tested Version: 2-2.1.2
Advisory Publication: February 19, 2014 [without technical details]
Vendor Notification: February 19, 2014
Vendor Patch: February 20, 2014
Publ
Title: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem
Author: Larry W. Cashdollar, @_larry0
Download Site: http://rubygems.org/gems/Arabic-Prawn
CVE: 2014-2322
Date: 12/17/2013
In Arabic-Prawn-0.0.1/lib/string_utf_support.rb, the following lines pass
unsanitized input to the shell.
4
Vulnerability title: SQL Injection in Procentia IntelliPen
CVE: CVE-2014-2043
Vendor: Procentia
Product: IntelliPen
Affected version: 1.1.12.1520
Fixed version: 1.1.18.1658
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an
authenticated user.
Vulnerability title: Local File Inclusion in Vtiger CRM
CVE: CVE-2014-1222
Vendor: Vtiger
Product: CRM
Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA
Fixed version: Vtiger CRM 6.0.0 Security patch 1
Reported by: Jerzy Kramarz
Details:
A local file inclusion vulnerability was discovered in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- ---
VMware Security Advisory
Advisory ID: VMSA-2014-0002
Synopsis:VMware vSphere updates to third party libraries
Issue date: 2014-03-11
Updated on: 2014-03-11 (initial advis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0097 Blank password may bypass user authentication
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring Security 3.2.0 to 3.2.1
- - Spring Security 3.1.0 to 3.1.5
Description:
The ActiveDirectoryLdapAuthenticator doe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-1904 XSS when using Spring MVC
Severity: Moderate
Vendor: Spring by Pivotal
Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected
Description:
When a programmer does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2014-0054 Incomplete fix for CVE-2013-4152 / CVE-2013-6429 (XXE)
Severity: Important
Vendor: Spring by Pivotal
Versions Affected:
- - Spring MVC 3.0.0 to 3.2.8
- - Spring MVC 4.0.0 to 4.0.1
- - Earlier unsupported versions may be affected
Descr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-2873-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
March 11, 2014
Summary
This advisory concerns the forced disclosure of 2 vulnerabilities that were
previously disclosed to BlackBerry. Disclosure has been forced since these
vulnerabilities have been publicly disclosed (with PoC) on the exploit-db
web site.
Two local privilege escalation vulnerabilities have b
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities
1. *Advisory Information*
Title: Oracle VirtualBox 3D Acceleration Multiple Memory Corruption
Vulnerabilities
Advisory ID: CORE-2014-0002
Advisory UR
14 matches
Mail list logo