BugTraq Mode:
(Page 1 of 1681)  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam 2016-07-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05193083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193083
Version: 1

HPSBGN03626 r

[ more ]  [ reply ]
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability 2016-07-01
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

1. Vulnerability Details

Affected Vendor: SQLi

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking 2016-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer for Microsoft's Visual Studio 2015
Community Edition, available from <https://www.visualstudio.com/>,
is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1
it loads the following DLLs from its "application directory"
instead of Windows' "system directory"

[ more ]  [ reply ]
Logic security flaw in TP-LINK - tplinklogin.net 2016-07-01
Info cybermoon cc
TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration.

The domain is available to buy via escort service, so potential attacker can get it, it's all about money.

There is unknown holder who have the domai

[ more ]  [ reply ]
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under race condition will lead to consequenc

[ more ]  [ reply ]
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to cons

[ more ]  [ reply ]
CA20160627-01: Security Notice for Release Automation 2016-06-30
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow

[ more ]  [ reply ]
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update 2016-06-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3611-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3610-1] xerces-c security update 2016-06-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3610-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016

[ more ]  [ reply ]
BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs 2016-06-29
Blue Frost Security Research Lab (research bluefrostsecurity de)
________________________________________________________________________

Vendor: Huawei, www.huawei.com
Affected Product: HiSuite for Windows
Affected Version: <= 4.0.3.301
CVE ID: CVE-2016-5821
OVE ID: OVE-20160624-0001
Severity: High
Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH
Tit

[ more ]  [ reply ]
[SECURITY] [DSA 3608-1] libreoffice security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3608-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3609-1] tomcat8 security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3609-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+-----------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A

[ more ]  [ reply ]
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD 2016-06-29
Cantor, Scott (cantor 2 osu edu)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fail

[ more ]  [ reply ]
Symantec SEPM v12.1 Multiple Vulnerabilities 2016-06-29
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.
txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manage

[ more ]  [ reply ]
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution 2016-06-28
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1.

[ more ]  [ reply ]
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
------------------------------------------------------------------------
-------

[-] Software Link:

https://www.concrete5.org/

[-] Affec

[ more ]  [ reply ]
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------
-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
--
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
------------------------------------------------------------------------
--

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

[ more ]  [ reply ]
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/

[ more ]  [ reply ]
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3607-1] linux security update 2016-06-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3607-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016

[ more ]  [ reply ]
Craft CMS affected by server side template injection 2016-06-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Craft CMS affected by server side template injection
------------------------------------------------------------------------

Nelson Berg & Jurgen Kloosterman, June 2016

--------------------------------------------------------

[ more ]  [ reply ]
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Dat

[ more ]  [ reply ]
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27
Matt Bush (matt 3xocyte net)
Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary

[ more ]  [ reply ]
MyLittleForum v2.3.5 PHP Command Injection 2016-06-27
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI
ON.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product

[ more ]  [ reply ]
(Page 1 of 1681)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus