BugTraq Mode:
(Page 5 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Foscam All networked devices, multiple Design Errors. SSL bypass. 2017-04-09
nick m mckenna gmail com
Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are val

[ more ]  [ reply ]
[slackware-security] libtiff (SSA:2017-098-01) 2017-04-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libtiff (SSA:2017-098-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-

[ more ]  [ reply ]
[SECURITY] [DSA 3827-1] jasper security update 2017-04-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3827-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution 2017-04-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03733en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03733en_us

Version: 1

HP

[ more ]  [ reply ]
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite 2017-04-07
Denis Magda (dmagda apache org)
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8

Description:
Apache Ignite uses an update notifier component to update the users about new project r

[ more ]  [ reply ]
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download 2017-04-07
patrykgnt gmail com
# Title: D-Link DWR-116 Arbitrary File Download
# Vendor: D-Link (www.dlink.com)
# Affected model(s): DWR-116 / DWR-116A1
# Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU)
# CVE: CVE-2017-6190
# Date: 04.07.2016
# Author: Patryk Bogdan (@patryk_bogdan)

Description:
D-Link DWR-116 with firmware before

[ more ]  [ reply ]
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum 2017-04-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
=======================================================================
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version: 1.8.11
CVE

[ more ]  [ reply ]
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2017-2387)
--
http://www.info-sec.ca/advisories/Apple-Music.html

Overview

"Listen to all the music you want, anytime."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android

[ more ]  [ reply ]
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Trend Micro Enterprise Mobile Security Android Application - MITM SSL
Certificate Vulnerability (CVE-2016-9319)
--
http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security
.html

Overview

"Trend Micro Mobile Security is the client app for Trend Microâ??s
enterprise mobility platform.

[ more ]  [ reply ]
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload 2017-04-06
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CO
NTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC

Vendor:
==================
www.spiceworks.com

Product:
=================
S

[ more ]  [ reply ]
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data 2017-04-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03727en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03727en_us

Version: 1

HP

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal 2017-04-04
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal

Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Rel

[ more ]  [ reply ]
[SECURITY] [DSA 3826-1] tryton-server security update 2017-04-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3826-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 04, 2017

[ more ]  [ reply ]
AST-2017-001: Buffer overflow in CDR's set user 2017-04-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-001

Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow

[ more ]  [ reply ]
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-02

Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider SoMachine Basic 1.4 SP1, Schne

[ more ]  [ reply ]
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-01
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider Modicon TM221CE16R, Firmware 1.

[ more ]  [ reply ]
Moodle URL Manipulation Remote Account Information Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-in
formation-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in

[ more ]  [ reply ]
iPlatinum iOneView Multiple Parameter Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-ref
lected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie
)</script>
http://

[ more ]  [ reply ]
Kaseya information disclosure vulnerability 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerabili
ty.html

Date:
04-Apr-2017

Product:
Kaseya VSA

Versions affected:
9.02.00.04

Vulnerability:

Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html

When the product is installed

[ more ]  [ reply ]
AcoraCMS browser redirect and Cross-site scripting vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-
scripting-vulnerabilities.html

Date:
04-Apr-2017

Product:
AcoraCMS

Versions affected:
7.0.0.6 (known bugs from 6.0.6 are still present
http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt).

Vulnerabilities:
1) Arbi

[ more ]  [ reply ]
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-pers
onal-information-disclosure-and-phpmailer-package.html

Date:
04-Apr-2017

Product:
SmartJobBoard

Versions affected:
v5.0.9 and below.

Vulnerability:

1) Cross-site scripting vulnerabilities in the following locations and
para

[ more ]  [ reply ]
SilverStripe CMS - Path Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html

Date:
04-Apr-2017

Product:
SilverStripe CMS

Versions affected:
3.1.9 and below.

Vulnerability:
Path disclosure.

Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php

h

[ more ]  [ reply ]
Tweek!DM Document Management Authentication bypass, SQL injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/tweekdm-document-management-authenticatio
n-bypass-sql-injection-vulnerabilities.html

Date:
04-Apr-2017

Product:
Tweek!DM Document Management

Versions affected:
Unknown

Vulnerabilities:
1) Authentication bypass - the software sends a 301 Location redirect
back to th

[ more ]  [ reply ]
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-resp
onse-splitting-directory-traversal-vulnerabilities.html

Date:
04-Apr-2017

Product:
Computer Associates (Layer7) API Gateway

Versions affected:
v7, v8, v9

Vulnerabilities:

1) CRLF Response Splitting

https://[target]:8443/te

[ more ]  [ reply ]
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service 2017-04-04
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#############################################################
#
# Product: Mongoose OS
# Vendor: Cesanta
# CVE ID: CVE-2017-7185
# CSNC ID: CSNC-20

[ more ]  [ reply ]
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection
-reflected-xss.html

Date:
04-Apr-2017

Product:
LanternCMS

Versions affected:
Unknown

Vulnerabilities:

1) Path disclosure
By requesting a site with an invalid intSiteI or numRedirectCount:
http://[target]/www/default.asp?int

[ more ]  [ reply ]
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workpl
ace-management-system-xml-external-entity-xxe-injection-file-disclosure.
html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML Ext

[ more ]  [ reply ]
AirWatch Self Service Portal Username Parameter LDAP Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/airwatch-self-service-portal-username-par
ameter-ldap-injection.html

Date:
04-Apr-2017

Product:
AirWatch Self Service MDM

Versions affected:
v6.1.x
v6.4.x

Vulnerability:
LDAP injection

Example:
https://[target]/DeviceManagement/ URL accepts the following
POST param

[ more ]  [ reply ]
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_logino
wneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL in

[ more ]  [ reply ]
Lotus Protector for Mail Security remote code execution 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-
code-execution.html

Date:
09-Nov-2012

Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)

Vulnerability:
Local File Inclusion to Remote Code Execution

Details:
There is local file inclusion vulnerability in
th

[ more ]  [ reply ]
(Page 5 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus