BugTraq Mode:
(Page 7 of 1686)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3607-1] linux security update 2016-06-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3607-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016

[ more ]  [ reply ]
Craft CMS affected by server side template injection 2016-06-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Craft CMS affected by server side template injection
------------------------------------------------------------------------

Nelson Berg & Jurgen Kloosterman, June 2016

--------------------------------------------------------

[ more ]  [ reply ]
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Dat

[ more ]  [ reply ]
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27
Matt Bush (matt 3xocyte net)
Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary

[ more ]  [ reply ]
MyLittleForum v2.3.5 PHP Command Injection 2016-06-27
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI
ON.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-176-01) 2016-06-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3606-1] libpdfbox security update 2016-06-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3606-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016

[ more ]  [ reply ]
#146416 Ruby:HTTP Header injection in 'net/http' 2016-06-24
redrain root (rootredrain gmail com)
TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.

[ more ]  [ reply ]
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure 2016-06-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version

[ more ]  [ reply ]
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Vers

[ more ]  [ reply ]
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabi

[ more ]  [ reply ]
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[ more ]  [ reply ]
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------
------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected V

[ more ]  [ reply ]
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability 2016-06-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-06-22 2016-06-22
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-r

[ more ]  [ reply ]
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

A

[ more ]  [ reply ]
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them 2016-06-21
Berend-Jan Wever (berendjanwever gmail com)
(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not al

[ more ]  [ reply ]
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author

[ more ]  [ reply ]
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 29.09.2015

Reported: 30.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238765

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author:

[ more ]  [ reply ]
[slackware-security] pcre (SSA:2016-172-02) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pcre (SSA:2016-172-02)

New pcre packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/pcre-8.39-i486

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2016-172-01) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2016-172-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/li

[ more ]  [ reply ]
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 2016-06-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and
7.7.7

AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available
and addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extr

[ more ]  [ reply ]
Symphony CMS v2.6.7 Session Fixation 2016-06-20
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION
.txt

[+] ISR: APPARITIONSEC

Vendor:
====================
www.getsymphony.com

Product:
==================
Symphony CMS v2.6.7

Downlo

[ more ]  [ reply ]
[SECURITY] [DSA 3605-1] libxslt security update 2016-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3605-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2016

[ more ]  [ reply ]
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS 2016-06-19
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt

[+] ISR: APPARITIONSEC

Vendor:
============
snewscms.com

Product:
================
sNews CMS v1.7.1

Vulnerability Type:
===========================

[ more ]  [ reply ]
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion 2016-06-17
Berend-Jan Wever (berendjanwever gmail com)
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
========================================================================
====
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-

[ more ]  [ reply ]
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author:

[ more ]  [ reply ]
(Page 7 of 1686)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus