BugTraq Mode:
(Page 1 of 1655)  1 2 3 4 5 6 7 8 9 10 11  Next >
HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
HD Video Player v2.5 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1719

Release Date:
=============
2016-02-11

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) 2016-02-12
Berend-Jan Wever (berendjanwever gmail com)
Hello everyone,

I've recently released examples on twitter of how to trigger two
security vulnerabilities in Microsoft Internet Explorer. These issue
were discovered last year and reported to Microsoft through ZDI.
Microsoft release security updates to address these issues last Tuesday.

CVE-2016-0

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-042-01) 2016-02-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-042-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3473-1] nginx security update 2016-02-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3473-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2016

[ more ]  [ reply ]
Re: [oss-security] HTTPS Only (Open Source, Python) 2016-02-11
P J P (ppandit redhat com)
+-- On Thu, 11 Feb 2016, David Leo wrote --+
| If browser tries to access HTTP address,
| you will have three options:
| try HTTPS,
| Google Cache,
| or copy-and-paste the address.
|
| There is no option to "temporarily bypass HTTPS Only".
| You can always do that in another browser.
|
| Project H

[ more ]  [ reply ]
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-11
Securify B.V. (lists securify nl)

On 11-02-16 14:14, Stefan Kanthak wrote:
> "Securify B.V." <lists (at) securify (dot) nl [email concealed]> wrote:
>> Microsoft released MS16-014 that fixes this vulnerability.
> Such vulnerabilities can be exploited without Office or OLE
> (see "Example 7" of <http://seclists.org/fulldisclosure/2013/Jun/123>):
>
> [snip]
>
>

[ more ]  [ reply ]
Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)
------------------------------------------------------------------------
-----------------------
RatioSec Research Security Advisory RS-2016-002
------------------------------------------------------------------------
-----------------------

Duplicator Wordpress Plugin Code And Database Dump Via CSRF

[ more ]  [ reply ]
Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox 2016-02-10
Jason Hellenthal (jhellenthal dataix net)
In 2019 you say huh. Damn future tellers !!! I need to get one of those !!!

--
Jason Hellenthal
JJH48-ARIN

On Feb 5, 2016, at 15:50, Stefan Kanthak <stefan.kanthak (at) nexgo (dot) de [email concealed]> wrote:

Hi @ll,

the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for
Windows load and execute several DL

[ more ]  [ reply ]
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Microsoft released MS16-014 that fixes this vulnerability.

On 16-12-15 19:27, Securify B.V. wrote:
> -----------------------------------------------

[ more ]  [ reply ]
MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

MapsUpdateTask Task DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, November 2015

------------------------------------------------------------------------

[ more ]  [ reply ]
BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

BDA MPEG2 Transport Information Filter DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

-----------------------------------------------------

[ more ]  [ reply ]
NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

NPS Datastore server DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

-----------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20160210-asa-ike

Revision 1.0

For Public Release 2016 February 10 16:00 GMT (UTC)

+---------------------------------------------------

[ more ]  [ reply ]
Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23290
Product: Exponent
Vendor: http://www.exponentcms.org/
Vulnerable Version(s): 2.3.7 and probably prior
Tested Version: 2.3.7
Advisory Publication: January 13, 2016 [without technical details]
Vendor Notification: January 13, 2016
Vendor Patch: January 23, 2016
Public Disclos

[ more ]  [ reply ]
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1536

Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.h
tml

http

[ more ]  [ reply ]
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1706

Release Date:
=============
2016-02-10

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1715

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Getdpd Bug Bounty #6 - (Import) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1718

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)
Vantage Point Security Advisory 2016-001
================================

Title: File Replication Pro Remote Command Execution
Vendor: File Replication Pro
Vendor URL: http://www.filereplicationpro.com/
Versions affected: =< 7.2.0
Severity: High
Vendor notified: Yes
Reported: 29 October 2015
Public

[ more ]  [ reply ]
SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SEC Consult Vulnerability Lab Security Advisory < 20160210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Yeager CMS
vulnerable version: 1.2.1
fixed

[ more ]  [ reply ]
ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org
# ManageEngine EventLog Analyzer v10.8
# Date: 2/9/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://www.manageengine.com
# Version: 10.8

1 Description:
It is possible for a remote authenticated attacker using an unprivileged
account to gain access to the admin account via parameter manipula

[ more ]  [ reply ]
dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt


Vendor:
==================
www.applicure.com


Product:
=====================
dotDefender Firewall
Versions: 5.00.12865 / 5.13-13282


dotDefender is

[ more ]  [ reply ]
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)
Dear list

Safebreach just published an advisory on HTTP Response Splitting
vulnerability in Node.js:
http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf

The advisory is accompanied by a blog post:
http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js
-root-cause-analy

[ more ]  [ reply ]
ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities

EMC Identifier: ESA-2016-010

CVE Identifier: CVE-2016-0881, CVE-2016-0882

Severity Rating: CVSS v3 Base Score: Please refer the Details section for individual scores

[ more ]  [ reply ]
Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com
========================================================================
===========
Privilege escalation Vulnerability in ManageEngine Network Configuration Management
========================================================================
===========

. contents:: Table Of Content

Overview
=======

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-039-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libsndfile (SSA:2016-039-02)

New libsndfile packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3472-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 08, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3470-1] qemu-kvm security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3470-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3469-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3469-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
(Page 1 of 1655)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus