Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14

2015-09-11 Thread dkl
Summary === Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected

Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15

2015-09-11 Thread LpSolit
Summary === Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: * Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected

Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability

2015-09-11 Thread Vulnerability Lab
Document Title: === Yahoo Bug Bounty #32 - CSRF bulkImport Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1552 Release Date: = 2015-09-03 Vulnerability Laboratory ID (VL-ID): =

Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability

2015-09-11 Thread Vulnerability Lab
Document Title: === Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1592 Release Date: = 2015-09-04 Vulnerability Laboratory ID (VL-ID): ==

PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability

2015-09-11 Thread Vulnerability Lab
Document Title: === PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1486 Video: http://www.vulnerability-lab.com/get_content.php?id=1485 Watch Video: https://ww

Magento Bug Bounty #19 - Persistent Filename Vulnerability

2015-09-11 Thread Vulnerability Lab
Document Title: === Magento Bug Bounty #19 - Persistent Filename Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1570 ID: APPSEC-1059 Release Date: = 2015-09-11 Vulnerability Laboratory ID (VL-ID): ==

[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability

2015-09-11 Thread Egidio Romano
--- Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability --- [-] Software Link: http://magento.com/ [-] Affected Ve

[security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code

2015-09-11 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04773272 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04773272 Version: 2 HPSBHF03408

IKEView.exe Fox beta 1 Stack Buffer Overflow

2015-09-11 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-CP_IKEVIEW-0911.txt Vendor: www.checkpoint.com Product: IKEView.exe Fox beta 1 IKEVIew.EXE is used to in

[SECURITY] [DSA 3356-1] openldap security update

2015-09-11 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3356-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 12, 2015