BugTraq Mode:
(Page 7 of 1685)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Symphony CMS v2.6.7 Session Fixation 2016-06-20
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION
.txt

[+] ISR: APPARITIONSEC

Vendor:
====================
www.getsymphony.com

Product:
==================
Symphony CMS v2.6.7

Downlo

[ more ]  [ reply ]
[SECURITY] [DSA 3605-1] libxslt security update 2016-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3605-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2016

[ more ]  [ reply ]
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS 2016-06-19
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt

[+] ISR: APPARITIONSEC

Vendor:
============
snewscms.com

Product:
================
sNews CMS v1.7.1

Vulnerability Type:
===========================

[ more ]  [ reply ]
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion 2016-06-17
Berend-Jan Wever (berendjanwever gmail com)
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
========================================================================
====
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-

[ more ]  [ reply ]
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author:

[ more ]  [ reply ]
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (

[ more ]  [ reply ]
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player 2016-06-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their "application directory" instead
of Windows' "system directory" %SystemRoot%\Sy

[ more ]  [ reply ]
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense 2016-06-16
Remco Sprooten (remco sprooten org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I. VULNERABILITY
- -------------------------
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
Version 2.3.1-RELEASE-p1

II. BACKGROUND
- -------------------------
The pfSense project is a free network firewall distribution, based on the
F

[ more ]  [ reply ]
User enumeration in Skype for Business 2013 2016-06-17
nyxgeek (nyxgeek rslabs co)
# Exploit Title: Skype for Business 2013 user enumeration timing attack
# Date: 2016-06-08
# Exploit Author: nyxgeek
# Vendor Homepage: https://www.microsoft.com
# Version: Skype for Business 2013
#
#
# Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration
#
#

[ more ]  [ reply ]
[SECURITY] [DSA 3604-1] drupal7 security update 2016-06-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3604-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2016

[ more ]  [ reply ]
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176765

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176765
Version: 1

HPSBNS03625 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176716

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176716
Version: 1

HPSBGN03553 r

[ more ]  [ reply ]
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) 2016-06-15
iancling gmail com
[+] Credits: Ian Ling
[+] Website: iancaling.com

Vendor:
=================
www.ceragon.com

Product:
======================
-FibeAir IP-10

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================
Ceragon FibeAir I

[ more ]  [ reply ]
[MWR-2016-0002] DDN Default SSH Keys 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Default SSH Keys]###

DDN SFA devices have default SSH keys in place

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002
* Type: Default Credentials
* Author: John Fitzpatrick
* Date: 2016-06-15

## Descript

[ more ]  [ reply ]
[MWR-2016-0001] DDN Insecure Update Mechanism 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Insecure Update Process]###

An insecure update mechanism on DDN SFA devices allows for privilege escalation

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0001)
* Type: Insecure update mechanism
* Author: J

[ more ]  [ reply ]
Microsoft Visio multiple DLL side loading vulnerabilities 2016-06-15
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Visio multiple DLL side loading vulnerabilities
------------------------------------------------------------------------

Yorick Koster, August 2015

--------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability 2016-06-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
BookingWizz < 5.5 Multiple Vulnerability 2016-06-15
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BookingWizz < 5.5 Multiple Vulnerability
Application: BookingWizz
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: < 5.5
Vendor URL: http://codecanyon.net/item/booking-system/87919
Bugs: Def

[ more ]  [ reply ]
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-06-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fort

[ more ]  [ reply ]
Joomla com_enmasse - SQL Injection 2016-06-15
hamedizadi gmail com
# Exploit Title: Joomla com_enmasse - SQL Injection

# Author: [ Hamed Izadi ]

#IRAN

# Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/
en-masse
# Category: [ Webapps ]
# Tested on: [ Win ]
# Versions: 5.1-6.4
# Date: 2016/06/15
# Google Dork: inurl

[ more ]  [ reply ]
NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue 2016-06-15
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2016-0009
Synopsis: VMware vCenter Server updates address an important
reflective cross-site scripting issue
Issue date

[ more ]  [ reply ]
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers 2016-06-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla's executable installers for
Windows ... but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner's error!) is well-known and well-documented as
<http

[ more ]  [ reply ]
[SECURITY] [DSA 3603-1] libav security update 2016-06-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3603-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 14, 2016

[ more ]  [ reply ]
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability 2016-06-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
[SECURITY] [DSA 3602-1] php5 security update 2016-06-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3602-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3601-1] icedove security update 2016-06-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3601-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2016

[ more ]  [ reply ]
Oracle Orakill.exe Buffer Overflow 2016-06-14
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-ORAKILL.EXE-BUFFER-OVE
RFLOW.txt

[+] ISR: apparitionsec

Vendor:
==============
www.oracle.com

Product:
===================
orakill.exe v11.2.0

The orakill utility is

[ more ]  [ reply ]
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability 2016-06-13
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2016-047

CVE Identifier: CVE-2016-0899

Severity Rating: CVSS v3 Base Score: 6.3 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Produc

[ more ]  [ reply ]
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability 2016-06-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
(Page 7 of 1685)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus