-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3083-1 secur...@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
November 30, 2014
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3082-1 secur...@debian.org
http://www.debian.org/security/Sebastien Delafond
November 30, 2014
Hi,
This is part 9 of the ManageOwnage series. For previous parts see [1].
Today we have yet another 0 day - an arbitrary file download
vulnerability that be exploited unauthenticated in NetFlow Analyzer
and authenticated in IT360.
I'm releasing this as a 0 day because ManageEngine have been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3081-1 secur...@debian.org
http://www.debian.org/security/ Luciano Bello
November 29, 2014
#
#
# SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security
#
#
#
# CVE ID: CVE-2014-3809
# Product: 1830 Photonic Service Switch PSS-32/16/4
# Vendor: Alcatel-Lucent
#
Advisory: Information Disclosure in TYPO3 Extension ke_questionnaire
The TYPO3 extension ke_questionnaire stores answered questionnaires in a
publicly reachable directory on the webserver with filenames that are
easily guessable.
Details
===
Product: ke_questionnaire
Affected Versions:
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf
During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.
Details
===
Advisory: EntryPass N5200 Credentials Disclosure
EntryPass N5200 Active Network Control Panels allow the unauthenticated
downloading of information that includes the current administrative
username and password.
Details
===
Product: EntryPass N5200 Active Network Control Panel
Affected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3084-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
December 01, 2014
