Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

2014-10-16 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability Advisory ID: cisco-sa-20141015-mcu Revision 1.0 For Public Release 2014 October 15 16:00 UTC (GMT)

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

2014-10-16 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software Advisory ID: cisco-sa-20141015-vcs

Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

2014-10-16 Thread Stefan Horst
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst [stefan.horst[at]sektioneins.de]

Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

2014-10-16 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability Advisory ID: cisco-sa-20141015-poodle Revision 1.0 For Public Release 2014 October 15 17:30 UTC (GMT)

[SECURITY] [DSA 3051-1] drupal7 security update

2014-10-16 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3051-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff October 15, 2014

Bypassing blacklists based on IPy

2014-10-16 Thread Nicolas Grégoire
IPy is a Python class and tools for handling of IPv4 and IPv6 addresses and networks (https://github.com/haypo/python-ipy). This library is sometimes used to implement blacklists forbidding internal, private or loopback addresses. Using octal encoding (supported by urllib2), it is possible to

[slackware-security] openssl (SSA:2014-288-01)

2014-10-16 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2014-288-01) New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog:

[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution

2014-10-16 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04471538 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04471538 Version: 1 HPSBHF03125

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)

2014-10-16 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04472444 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472444 Version: 1 HPSBMU03126

[SECURITY] [DSA 3052-1] wpa security update

2014-10-16 Thread Michael Gilbert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3052-1 secur...@debian.org http://www.debian.org/security/ Michael Gilbert October 15, 2014