BugTraq Mode:
(Page 5 of 1621)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information 2015-07-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04716090
Version: 1

HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Rele

[ more ]  [ reply ]
RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED) 2015-07-06
Patterson, Derrick A CTR \(US\) (derrick a patterson ctr mail mil)
Classification: UNCLASSIFIED
Caveats: NONE

John
I hope you all had a great 4th of July weekend.

I have configure the IP address on the sensor. The software version is
7.1.3.88. I will send the password once you have verified the version of
software is ok. Thanks
PS my cert is attached so you

[ more ]  [ reply ]
[security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information 2015-07-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04725761

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04725761
Version: 1

HPSBGN03361 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information 2015-07-07
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04543623

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04543623
Version: 1

HPSBMU03234 re

[ more ]  [ reply ]
[SECURITY] [DSA 3303-1] cups-filters security update 2015-07-07
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3303-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 07, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3302-1] libwmf security update 2015-07-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3302-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 06, 2015

[ more ]  [ reply ]
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection 2015-07-06
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: AirLive Multiple Products OS Command Injection
Advisory ID: CORE-2015-0012
Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-comm
and-injection
Date published: 2015-07-06
Date of last update: 2015-07-06
Vendors contacted: AirLive
Release

[ more ]  [ reply ]
phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities 2015-07-05
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt

Vendor:
================================
bitbucket.org/phpliteadmin

Product:
================================
phpLiteAdmin v1.1

Adviso

[ more ]  [ reply ]
Google Chrome Address Spoofing - Google's Opinion 2015-07-06
David Leo (david leo deusen co uk)
It's public now:
https://code.google.com/p/chromium/issues/detail?id=497588

Interesting Points:

They did reproduce
"I can reproduce this locally"

They say it's DoS
"seems like any renderer denial-of-service"
(The browser does not crash!)

They say it's not security issue
"remove security flags fr

[ more ]  [ reply ]
[SECURITY] [DSA 3301-1] haproxy security update 2015-07-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3301-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2015

[ more ]  [ reply ]
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request 2015-07-06
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 127 ipTIME router models vulnerable to an unauthenticated RCE
by sending a crafted DHCP request
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt
Blog URL: https://pierrekim.github.io/blog/2015-

[ more ]  [ reply ]
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1472

Ebay Inc Security ID: EIBBP-31808

Release Date:
=============
2015-07-02

Vulnerability Laboratory ID (VL-

[ more ]  [ reply ]
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability 2015-07-03
Federico Fazzi (federico fazzi gmail com)
--------------------------------------------------------
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
--------------------------------------------------------

Vendor
------

https://www.snorby.org/

Version
-------

2.6.2

Description
-----------

During my research and testing of new

[ more ]  [ reply ]
Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled 2015-07-03
Kevin Beaumont (kevin beaumont gmail com)
SCOPE

Every version of Microsoft Office on every Windows OS includes a
feature called OLE Packager, allowing content to be embedded in
documents. This includes executable content (.exe, .js, .vbe etc) -
there is no restriction of embeddable content. There is no way to
disable or restrict this fun

[ more ]  [ reply ]
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Document Title:
===============
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1541

Release Date:
=============
2015-07-02

Vulnerability Laboratory ID (VL-ID):
==

[ more ]  [ reply ]
[SECURITY] [DSA 3300-1] iceweasel security update 2015-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3300-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 04, 2015

[ more ]  [ reply ]
WK UDID v1.0.1 iOS - Command Inject Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WK UDID v1.0.1 iOS - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1539

Release Date:
=============
2015-07-01

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Ruxcon 2015 Final Call For Presentations 2015-07-06
cfp ruxcon org au
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th

[ more ]  [ reply ]
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 2015-07-03
Alessandro Zala (Alessandro Zala csnc ch)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Sub

[ more ]  [ reply ]
SQL Injection in easy2map wordpress plugin v1.24 2015-07-02
Larry W. Cashdollar (larry0 me com)
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory:

[ more ]  [ reply ]
ipTIME n104r3 vulnerable to CSRF and XSS attacks 2015-07-02
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-
CSRF-and-XSS

[ more ]  [ reply ]
[SECURITY] [DSA 3299-1] stunnel4 security update 2015-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3299-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015

[ more ]  [ reply ]
ToorCon 17 Call For Papers! 2015-07-01
h1kari (h1kari toorcon org)
TOORCON 17 CALL FOR PAPERS

It's that time of year again! ToorCon 17 is coming so get your code
finished and submit a talk this time around. We're letting you decide
if you want to be a part of our 50-minute talks on Saturday, 20-minute
talks on Sunday, and 75-minute talks for our Deep Knowledge Sem

[ more ]  [ reply ]
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.

QuickTime 7.7.7, QuickTime.msi

unquoted pathname of executables in command line

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell

[ more ]  [ reply ]
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) 2015-07-01
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please find a text-only version below sent to security mailing-lists.

The complete version on exploits about my last advisory of ipTIME
products is posted here:

https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-ipt
ime-router-

[ more ]  [ reply ]
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Isilon OneFS 7.2.0

[ more ]  [ reply ]
Path Traversal in BlackCat CMS 2015-07-01
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1

[ more ]  [ reply ]
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

[ more ]  [ reply ]
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected pro

[ more ]  [ reply ]
(Page 5 of 1621)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus