BugTraq Mode:
(Page 5 of 1723)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3920-1] qemu security update 2017-07-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3920-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2017

[ more ]  [ reply ]
[slackware-security] tcpdump (SSA:2017-205-01) 2017-07-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] tcpdump (SSA:2017-205-01)

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products 2017-07-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170724-0 >
=======================================================================
title: Cross-Site Scripting (XSS)
product: Ubiquiti Networks EP-R6, ER-X, ER-X-SFP
vulnerable version: Firmware v1.9.1
fixed version

[ more ]  [ reply ]
SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products 2017-07-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170724-1 >
=======================================================================
title: Open Redirect in Login Page
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE, TS-8-PR

[ more ]  [ reply ]
[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

RedTeam Pentesting discovered an arbitrary file disclosure vulnerability
in the REDDOXX appliance software, which allows unauthenticated
attackers to list directory contents and download arbitrary files

[ more ]  [ reply ]
[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

RedTeam Pentesting discovered a vulnerability which allows attackers
unauthenticated access to the diagnostic functions of the administrative
interface of the REDDOXX appliance. The functions allow, for example, to
captur

[ more ]  [ reply ]
[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance

RedTeam Pentesting discovered an information disclosure vulnerabilty in
the REDDOXX appliance software, which allows unauthenticated attackers
to extract valid session IDs.

Details
=======

Product: REDDOXX Appliance
Affected

[ more ]  [ reply ]
[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Remote Command Execution as root in REDDOXX Appliance

RedTeam Pentesting discovered a remote command execution vulnerability
in the REDDOXX appliance software, which allows attackers to execute
arbitrary command with root privileges while unauthenticated.

Details
=======

Product: REDDO

[ more ]  [ reply ]
[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Cross-Site Scripting in REDDOXX Appliance

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the REDDOXX appliance software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.

Details
=======

Product: REDDOXX Appliance
Affected Versio

[ more ]  [ reply ]
[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Undocumented Administrative Service Account in REDDOXX Appliance

RedTeam Pentesting discovered an undocumented service account in the
REDDOXX appliance software, which allows attackers to access the
administrative interface of the appliance and change its configuration.

Details
=======

[ more ]  [ reply ]
[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance 2017-07-24
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

RedTeam Pentesting discovered an arbitrary file disclosure
vulnerability in the REDDOXX appliance software, which allows
unauthenticated attackers to download arbitrary files from the affected
system.

Details
=======

Produc

[ more ]  [ reply ]
[SECURITY] [DSA 3917-1] catdoc security update 2017-07-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3917-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2017

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2017-202-01) 2017-07-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2017-202-01)

New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03745en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03745en_us

Version: 3

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS) 2017-07-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03766en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03766en_us

Version: 1

HP

[ more ]  [ reply ]
File Upload in Integration Gateway (PSIGW) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-ga
teway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFO

[ more ]  [ reply ]
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabiliti
es-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contac

[ more ]  [ reply ]
Directory Traversal vulnerability in Integration Gateway (PSIGW) 2017-07-20
ERPScan inc (erpscan online gmail com)
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulner
ability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contact

[ more ]  [ reply ]
APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

iCloud for Windows 6.2.2 is now available and addresses the
following:

libxml2
Available for: Windows 7 and later
Impact: Parsing a maliciously crafted XML document may lead to
disclosure of user infor

[ more ]  [ reply ]
APPLE-SA-2017-07-19-5 Safari 10.1.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-5 Safari 10.1.2

Safari 10.1.2 is now available and addresses the following:

Safari
Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,
and macOS Sierra 10.12.6
Impact: Processing maliciously crafted web content may le

[ more ]  [ reply ]
APPLE-SA-2017-07-19-2 macOS 10.12.6 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-2 macOS 10.12.6

macOS 10.12.6 is now available and addresses the following:

afclip
Available for: macOS Sierra 10.12.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memor

[ more ]  [ reply ]
APPLE-SA-2017-07-19-3 watchOS 3.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-3 watchOS 3.2.2

watchOS 3.2.2 is now available and addresses the following:

Contacts
Available for: All Apple Watch models
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execu

[ more ]  [ reply ]
APPLE-SA-2017-07-19-1 iOS 10.3.3 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-1 iOS 10.3.3

iOS 10.3.3 is now available and addresses the following:

Contacts
Available for: iPhone 5 and later, iPad 4th generation and later,
and iPod touch 6th generation
Impact: A remote attacker may be able to cause unexpe

[ more ]  [ reply ]
APPLE-SA-2017-07-19-6 iTunes 12.6.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-6 iTunes 12.6.2

iTunes 12.6.2 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: An access iss

[ more ]  [ reply ]
APPLE-SA-2017-07-19-4 tvOS 10.2.2 2017-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-07-19-4 tvOS 10.2.2

tvOS 10.2.2 is now available and addresses the following:

Contacts
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execut

[ more ]  [ reply ]
[SECURITY] [DSA 3914-1] imagemagick security update 2017-07-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3914-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 18, 2017

[ more ]  [ reply ]
[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm 2017-07-13
ilia shnaidman bullguard com
[+] Credits: Ilia Shnaidman
[+] @0x496c on Twitter
[+] Source:
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-i
s-compromised-by-iot-vulnerabilities/


Vendor:
=============
iSmartAlarm, inc.


Product:
===========================
iSmartAlarm cube - All

iSmartAlarm is on

[ more ]  [ reply ]
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings doesn't check contents of files being
uploaded. An attacker can cause a denial of service by uploading
multiple large files to the server
CVE-2017-7684

The issue was

[ more ]  [ reply ]
CVE-2017-7663 - Apache OpenMeetings - XSS in chat 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.2.0

Description: Both global and Room chat are vulnerable to XSS attack
CVE-2017-7663

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This issue

[ more ]  [ reply ]
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update 2017-07-13
Maxim Solodovnik (solomax apache org)
Severity: Low

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.0.0

Description: Apache OpenMeetings updates user password in insecure manner.
CVE-2017-7688

The issue was fixed in 3.3.0
All users are recommended to upgrade to Apache OpenMeetings 3.3.0

Credit: This

[ more ]  [ reply ]
(Page 5 of 1723)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus