BugTraq Mode:
(Page 8 of 1700)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site: http://huge-it.com/joomla-video-gallery/
Vendor: www.huge-it.com, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info (at) huge-it (dot) com [email concealed]
Descripti

[ more ]  [ reply ]
[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052735
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05273584
Version: 2

HPSBGN03645 rev.2 - HPE Heli

[ more ]  [ reply ]
[slackware-security] pidgin (SSA:2016-265-01) 2016-09-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pidgin (SSA:2016-265-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-----------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3672-1] irssi security update 2016-09-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3672-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 21, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-2

Revision 1.0

Published: 2016 September 21 16:00 GMT
+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-1

Revision 1.0

Published: 2016 September 21 16:00 GMT
+------------------------------------------------------------

[ more ]  [ reply ]
APPLE-SA-2016-09-20-6 tvOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-5 watchOS 3 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-5 watchOS 3

The watchOS 3 advisory has been updated to include additional entries
as noted below.

Audio
Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory c

[ more ]  [ reply ]
APPLE-SA-2016-09-20-4 macOS Server 5.2 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-4 macOS Server 5.2

macOS Server 5.2 is now available and addresses the following:

apache
Available for: macOS 10.12 Sierra
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-3 iOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-3 iOS 10

The iOS 10 advisory has been updated to include additional entries as
noted below.

AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A

[ more ]  [ reply ]
APPLE-SA-2016-09-20-2 Safari 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciousl

[ more ]  [ reply ]
ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2016-09-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-093

CVE Identifier: CVE-2016-0925

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

EMC Identifier: ESA-2016-065

CVE Identifier: CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921

Severity Rating: See below for indi

[ more ]  [ reply ]
Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)
*
** Apologize if you receive multiple copies of this email, or if its content is irrelevant for you.
*
** Please forward for your contacts. Thank you very much!
*

---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto santo Isalnd, Madeira, Portugal
11th-13th

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
Apologies for the duplicate, this report has a correction over the previous version sent earlier.

#######################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affec

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
############################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affected:
ZooKeeper 3.4.0 to 3.4.8
ZooKeeper 3.5.0 to 3.5.2
The unsupported ZooKeeper 1.x through 3

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-259-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3669-1] tomcat7 security update 2016-09-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3669-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2016

[ more ]  [ reply ]
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities 2016-09-15
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:

? RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5

? RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

[ more ]  [ reply ]
Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com
# Title: Cisco EPC 3925 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco EPC3925 (EuroDocsis 3.0 2-PORT Voice Gateway)
# Date: 15.09.2016
# Author: Patryk Bogdan

========

Vulnerability list:
1. HTTP Response Injection via 'Lang' Cookie
2. DoS via 'Lang' Cook

[ more ]  [ reply ]
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com
Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-tr
ansmission-of-data-in-android-applications-developed-with-adobe-air-cve-
2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow

[ more ]  [ reply ]
APPLE-SA-2016-09-14-1 iOS 10.0.1 2016-09-14
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-14-1 iOS 10.0.1

iOS 10.0.1 is now available and addresses the following:

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose k

[ more ]  [ reply ]
[SECURITY] [DSA 3666-1] mysql-5.5 security update 2016-09-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3666-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 14, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052577
11

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05257711
Version: 1

HPSBST03640 rev.1 - HP XP7 C

[ more ]  [ reply ]
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052693
56

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05269356
Version: 1

HPSBGN03572 rev.1 - HPE Perf

[ more ]  [ reply ]
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

EMC Identifier: ESA-2016-108

CVE Identifier: CVE-2016-6644

Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected products:

EMC Documen

[ more ]  [ reply ]
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

EMC Identifier: ESA-2016-104

CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643

Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVE

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released 2016-09-13
Brian Demers (bdemers apache org)
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.

This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].

CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically craft

[ more ]  [ reply ]
Multiple DoS vulnerabilities in libosip2-4.1.0 2016-09-13
bshastry sec t-labs tu-berlin de
Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the following functions while parsing SIP messages and leads to a DoS if glibc hardening is enabled.
1. *osip_body_to_str*
2. *_osip_message_to_str*

All files for reproducing the issues have been filed in the bug tracker [1][2] and

[ more ]  [ reply ]
(Page 8 of 1700)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus