BugTraq Mode:
(Page 8 of 1621)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting 2015-06-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2015-109

CVE Identifier: CVE-2015-0549

Severity Rating: CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Affected products:

EMC Documentum D2 ver

[ more ]  [ reply ]
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) 2015-06-23
n4ser farhadi gmail com
#!/usr/bin/python
#
# KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass)
#
# Author: Naser Farhadi
#
# Date: 21 June 2015 # Version: 3.9.1.136 # Tested on: Windows 7 SP1 (32 bit)
#
# Usage:
# chmod +x KMPlayer.py
# python KMPlayer.py
# Alt+c | Video Capture | Alt+a |

[ more ]  [ reply ]
The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address 2015-06-22
Amit Klein (aksecurity gmail com)
Dear list

Please check out the extended advisory available from this page:
http://www.securitygalore.com/site3/localhosed

Late last week Microsoft informed me that they don't plan to fix this
vulnerability. So enjoy...

Thanks,
-Amit
http://www.securitygalore.com/

[ more ]  [ reply ]
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability 2015-06-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1488

Release Date:
=============
2015-06-22

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
[oCERT-2015-008] FreeRADIUS insufficent CRL application 2015-06-22
Andrea Barisani (lcars ocert org)

#2015-008 FreeRADIUS insufficent CRL application

Description:

The FreeRADIUS server is an open source project that provides a RADIUS
implementation.

The FreeRADIUS server relies on OpenSSL to perform certificate validation,
including Certificate Revocation List (CRL) checks. The FreeRADIUS usage

[ more ]  [ reply ]
mysql-lite-administrator XSS vulnerabilities 2015-06-21
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621
.txt

Vendor:
=============================================
code.google.com/p/mysql-lite-administrator

Product:
==================================

[ more ]  [ reply ]
mysql-lite-administrator XSS vulnerabilities 2015-06-21
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621
.txt

Vendor:
=============================================
code.google.com/p/mysql-lite-administrator

Product:
==================================

[ more ]  [ reply ]
[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information 2015-06-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718196

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718196
Version: 1

HPSBMU03356 re

[ more ]  [ reply ]
GeniXCMS XSS Vulnerabilities 2015-06-22
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt

Vendor:
=============================================
genixcms.org

Product:
=====================================================
GeniXCMS v0

[ more ]  [ reply ]
[SECURITY] [DSA 3293-1] pyjwt security update 2015-06-20
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3293-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 20, 2015

[ more ]  [ reply ]
[CVE-2015-3188] Apache Storm remote code execution vulnerability 2015-06-20
P. Taylor Goetz (ptgoetz apache org)
CVE-2015-3188: Apache Storm remote code execution vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Storm 0.10.0-beta

Description:
The UI daemon in Apache Storm 0.10.0-beta allows remote users to run
arbitrary code as the user running the web ser

[ more ]  [ reply ]
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1473

EIBBP-31541

Release Date:
=============
2015-06-15

Vulnerability Laboratory ID (V

[ more ]  [ reply ]
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1457

eBay Inc. Bug Bounty Program ID: EIBBP-31603

Video: https://www.youtube.com/watch?v=WffsHd8pibE

Re

[ more ]  [ reply ]
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1460

Video: http://www.vulnerability-lab.com/get_content.php?id=1526

View Video: https://www.yo

[ more ]  [ reply ]
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1522

Release Date:
=============
2015-06-16

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1501

Release Date:
=============
2015-06-19

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
[SECURITY] [DSA 3292-1] cinder security update 2015-06-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3292-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 19, 2015

[ more ]  [ reply ]
DUO Security push Timing Attack 2015-06-18
jpierini paysw com
DUO ?push? Timing Attack

PSC Risk Assessment
CVSS 7.3, (AV:N/AC:L/Au:M/C:C/I:N/A:C/E:F/RL:ND/RC:ND)

Description
Duo ?push? authentications are susceptible to a low-profile timing-based attack that permits an intruder to steal an authenticated session from an end-user accessing Duo-protected resour

[ more ]  [ reply ]
[SECURITY] [DSA 3291-1] drupal7 security update 2015-06-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3291-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3290-1] linux security update 2015-06-18
Ben Hutchings (benh debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3290-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
June 18, 2015

[ more ]  [ reply ]
[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information 2015-06-17
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04687922

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04687922
Version: 1

HPSBGN03338 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information 2015-06-17
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04708650

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04708650
Version: 1

HPSBGN03350 re

[ more ]  [ reply ]
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities 2015-06-17
VCE - PSIRT (VCEPSIRT vce com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities

CVE Identifier: CVE-2015-4056, CVE-2015-4057

Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE

Affected products:

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) in SearchBlox 2015-06-17
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23256
Product: SearchBlox
Vendor: SearchBlox Software, Inc.
Vulnerable Version(s): 8.2 and probably prior
Tested Version: 8.2
Advisory Publication: April 22, 2015 [without technical details]
Vendor Notification: April 22, 2015
Vendor Patch: May 26, 2015
Public Disclosure: June 17

[ more ]  [ reply ]
OS Command Injection in Vesta Control Panel 2015-06-17
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23261
Product: Vesta Control Panel
Vendor: http://vestacp.com
Vulnerable Version(s): 0.9.8 and probably prior
Tested Version: 0.9.8
Advisory Publication: May 20, 2015 [without technical details]
Vendor Notification: May 20, 2015
Vendor Patch: June 3, 2015
Public Disclosure: June

[ more ]  [ reply ]
ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities 2015-06-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities

EMC Identifier: ESA-2015-043

CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-256

[ more ]  [ reply ]
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability 2015-06-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability

EMC Identifier: ESA-2015-106

CVE Identifier: CVE-2015-0546

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affe

[ more ]  [ reply ]
BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability 2015-06-16
d4rkr0id gmail com
# Exploit Title: BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability
# Date: 2015/06/16
# Vendor Homepage: http://blackcat-cms.org/
# Software Link: http://blackcat-cms.org/temp/packetyzer/blackcatcms_2fo3PXdKj1.zip
# Version: v1.1.1
# Tested on: Centos 6.5,PHP 5.4.41
# Category: webapps

* D

[ more ]  [ reply ]
[SECURITY] [DSA 3289-1] p7zip security update 2015-06-15
Ben Hutchings (benh debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3289-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
June 15, 2015

[ more ]  [ reply ]
WebdesignJiNi Cms Sql Injection Vulnerability 2015-06-14
iedb team gmail com
Sql Injection Vulnerability in WebdesignJiNi Cms in All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @

[ more ]  [ reply ]
(Page 8 of 1621)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus