BugTraq Mode:
(Page 7 of 1654)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com
Subject: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3

Vulnerability Description
=========================
The vulnerability allows disclosure of Data-at-Rest of Samsung KNOX 1.0 containers.

KNOX container data is encrypted using eCryptFS containers. T

[ more ]  [ reply ]
[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-16
urikanonov gmail com
Subject: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3

Vulnerability Description
=========================
The vulnerability allows disclosure of Data-in-Motion of Samsung KNOX 1.0 containers.

In KNOX 1.0.0 the applications inside the container us

[ more ]  [ reply ]
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability 2016-01-15
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------------
CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability
---------------------------------------------------------------

[-] Software Link:

http://cakephp.org

[-] Affected Versions:

Version 3.2.0 RC1 and prior 3.x versions.

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories? 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in 2009/2010, after beeing hit by "carpet bombing" and "binary
planting" alias "DLL hijacking/spoofing/preloading" (see
<https://blogs.technet.com/b/srd/archive/2009/04/14/ms09-014-addressing-
the-safari-carpet-bomb-vulnerability.aspx>
and <https://technet.microsoft.com/en-us/library/2269637

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution 2016-01-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers python-3.5.1-webinstall.exe and
python-3.5.1.exe available on
<https://www.python.org/downloads/windows/> load and execute
multiple DLLs from their "application directory".

For software downloaded with a web browser the application
directory is typically the user

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-014-01) 2016-01-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-014-01)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:07.openssh 2016-01-15
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:07.openssh Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD bsnmpd information disclosure 2016-01-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: FreeBSD bsnmpd information disclosure
Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-5677-freebsd-bsnmpd.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd
.html
Date pu

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160113-wlc

Revision: 1.0

For Public Release 2016 January 13 16:00 GMT

+-------------------------------------------------------------

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:05.tcp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:05.tcp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:01.sctp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:01.sctp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability

Advisory ID: cisco-sa-20160113-aironet

Revision 1.0

For Public Release 2016 January 13 16:00 UTC (GMT)

+---------------------------------------------------------------------

Sum

[ more ]  [ reply ]
[slackware-security] dhcp (SSA:2016-012-01) 2016-01-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2016-012-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
Remote Code Execution in Roundcube 2016-01-13
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23283
Product: Roundcube
Vendor: Roundcube.net
Vulnerable Version(s): 1.1.3 and probably prior
Tested Version: 1.1.3
Advisory Publication: December 21, 2015 [without technical details]
Vendor Notification: December 21, 2015
Vendor Patch: December 26, 2015
Public Disclosure: Janua

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:04.linux 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:04.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege 2016-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 3

HPSBUX03359 S

[ more ]  [ reply ]
[SECURITY] [DSA 3444-1] wordpress security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3444-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability

Advisory ID: cisco-sa-20160113-air

Revision 1.0

For Public Release 2016 January 13 16:00 UTC (GMT)

+-------------------------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04939841

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04939841
Version: 1

HPSBHF03535 r

[ more ]  [ reply ]
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 2016-01-14
Qualys Security Advisory (qsa qualys com)

Qualys Security Advisory

Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

========================================================================

Contents
========================================================================

Summary
Information Leak (CVE-2016-0777)
- Anal

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:06.bsnmpd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3445-1] pygments security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3445-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016

[ more ]  [ reply ]
WP Symposium Pro Social Network Plugin XSS Vulnerability 2016-01-12
Rahul Pratap Singh (techno rps gmail com)
##FULL DISCLOSURE

#Product : WP Symposium Pro Social Network plugin
#Exploit Author : Rahul Pratap Singh
#Home page Link : https://wordpress.org/plugins/wp-symposium-pro
#Version : 16.1
#Website : 0x62626262.wordpress.com
#Twitter : @0x62626262
#Linkedin : https://in.linkedin.com/in/rahulprataps

[ more ]  [ reply ]
[security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities 2016-01-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04941487

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04941487
Version: 1

HPSBGN03532 r

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:02.ntp 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:02.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module 2016-01-13
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23279
Product: mcart.xls Bitrix module
Vendor: www.mcart.ru
Vulnerable Version(s): 6.5.2 and probably prior
Tested Version: 6.5.2
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Public Disclosure: January 13, 2016
Vulnera

[ more ]  [ reply ]
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... 2016-01-13
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

IExpress (<https://msdn.microsoft.com/en-us/library/dd346760.aspx>)
creates executable installers [°] or self-extracting archives for
Windows by embedding a .CAB archive and some strings as resources
into a copy of the program %SystemRoot%\System32\WExtract.exe.

These self-extracting archi

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:03.linux 2016-01-14
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:03.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3443-1] libpng security update 2016-01-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3443-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability 2016-01-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160113-ise

Revision: 1.0

For Public Release 2016 January 13 16:00 GMT

+------------------------------------------------------------

[ more ]  [ reply ]
(Page 7 of 1654)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus