[security bulletin] HPSBMU03072 SSRT101644 rev.1 - HP Data Protector, Remote Execution of Arbitrary Code

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04373818 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04373818 Version: 1 HPSBMU03072

KL-001-2014-001 : Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

Title: Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-001 Publication Date: 07.15.2014 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-001.txt 1. Vulnerability Details Affected Vendor: Oracle Affected Product:

SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-0 === title: Multiple SSRF vulnerabilities product: Alfresco Community Edition vulnerable version

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer CSS @import Memory Corruption (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included as part of

VUPEN Security Research - Microsoft Internet Explorer Request Object Confusion Sandbox Bypass (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer Request Object Confusion Sandbox Bypass (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and included

VUPEN Security Research - Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass (Pwn2Own 2014)

VUPEN Security Research - Microsoft Internet Explorer ShowSaveFileDialog() Protected Mode Sandbox Bypass (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Internet Explorer is a web browser developed by Microsoft and

VUPEN Security Research - Microsoft Windows DirectShow Privilege Escalation Vulnerability (Pwn2Own 2014)

VUPEN Security Research - Microsoft Windows DirectShow Local Privilege Escalation Vulnerability (Pwn2Own 2014) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Microsoft Windows is a series of software operating systems and graphical user

Reflected Cross-Site Scripting (XSS) in e107

Advisory ID: HTB23220 Product: e107 Vendor: e107 Vulnerable Version(s): 2.0 alpha2 and probably prior Tested Version: 2.0 alpha2 Advisory Publication: June 18, 2014 [without technical details] Vendor Notification: June 18, 2014 Vendor Patch: June 27, 2014 Public Disclosure: July 16, 2014

SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access Server Desktop Client

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-1 === title: Remote Code Execution via CSRF product: OpenVPN Access Server Desktop Client

SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-2 === title: Multiple vulnerabilities product: Citrix NetScaler Application Delivery Controller

SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender GravityZone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140716-3 === title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable