BugTraq Mode:
(Page 9 of 1721)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-04-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03738en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03738en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3838-1] ghostscript security update 2017-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3838-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2017

[ more ]  [ reply ]
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability 2017-04-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability

References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059

Video: https://www.youtube.com/watch?v=MSscCLATxPQ

Release Date:
=============
2017-04-27

Vulnerability Laboratory

[ more ]  [ reply ]
Live Helper Chat - Cross-Site Scripting 2017-04-28
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#############################################################
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper Chat

[ more ]  [ reply ]
[SECURITY] [DSA 3836-1] weechat security update 2017-04-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3836-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2017

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter 2017-04-27
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:04.ipfilter Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability 2017-04-26
Chris Douglas (cdouglas apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS

[ more ]  [ reply ]
April 2017 - Confluence - Security Advisory 2017-04-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE ID:

* CVE-2017-7415.

Product: Confluence.

Affected Confluence product versions:

6.0.0 <= version < 6.0.7

Fixed Confluence product versions:

* for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue.

Summary:
This advisory

[ more ]  [ reply ]
[SECURITY] [DSA 3834-1] mysql-5.5 security update 2017-04-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3834-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2017

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-114-01) 2017-04-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-114-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3833-1] libav security update 2017-04-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3833-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2017

[ more ]  [ reply ]
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials

Title: Solarwinds LEM Database Listener with Hardcoded Credentials
Advisory ID: KL-001-2017-009
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt

1. Vulnera

[ more ]  [ reply ]
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read

Title: Solarwinds LEM Management Shell Arbitrary File Read
Advisory ID: KL-001-2017-008
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt

1. Vulnerability Details

[ more ]  [ reply ]
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection

Title: Solarwinds LEM Management Shell Escape via Command Injection
Advisory ID: KL-001-2017-007
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt

1. Vulne

[ more ]  [ reply ]
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse

Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Advisory ID: KL-001-2017-006
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Advisory ID: KL-001-2017-005
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt

1. Vulne

[ more ]  [ reply ]
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method 2017-04-24
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7221
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC: https://gist.github.com/andreybpanfilov/0a4fdfad5

[ more ]  [ reply ]
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-23
Dawid Golunski (dawid legalhackers com)
Hi Filippo,

I received a reply from MITRE regarding which CVE to use in this
situation. Here is the reply I received:

'CVE-2017-7692 is now correct.

CVE-2017-5181 is no longer a valid ID number according to our
http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf policy. We fully
recognize that you ma

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2017-112-02) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2017-112-02)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-112-01) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-112-01)

New mozilla-firefox packages are available for Slackware 14.1 to
fix security and stability issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[slackware-security] proftpd (SSA:2017-112-03) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] proftpd (SSA:2017-112-03)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges 2017-04-22
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------

Remco Vermeulen, April 2017

-----------------------

[ more ]  [ reply ]
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStrea

[ more ]  [ reply ]
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set

[ more ]  [ reply ]
[SECURITY] [DSA 3831-1] firefox-esr security update 2017-04-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3831-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017

[ more ]  [ reply ]
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th 2017-04-19
Hafez Kamal (aphesz hackinthebox org)
FINAL CALL!

CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/

HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agen

[ more ]  [ reply ]
October CMS v1.0.412 several vulnerabilities 2017-04-19
Anti Räis (antirais gmail com)
October CMS v1.0.412 several vulnerabilities
############################################

Information
===========

Name: October CMS v1.0.412 (build 412)
Homepage: http://octobercms.com
Vulnerability: several issues, including PHP code execution
Prerequisites: attacker has to be auth

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability 2017-04-19
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability

Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted
Rele

[ more ]  [ reply ]
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. 2017-04-19
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7220
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC:

https://gist.github.com/andreybpanfilov/d879248

[ more ]  [ reply ]
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-19
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Product: Squirrelmail
Version: 1.4.22 and probably prior
Vendor: squirrelmail.org
Type: Command Injection
Risk level: 4 / 5
Credit:

[ more ]  [ reply ]
(Page 9 of 1721)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus