BugTraq Mode:
(Page 9 of 1621)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
[SECURITY] [DSA 3252-2] sqlite3 security update 2015-06-14
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3252-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 14, 2015

[ more ]  [ reply ]
[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager 2015-06-15
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: SQL Injection in TYPO3 Extension Akronymmanager

An SQL injection vulnerability in the TYPO3 extension "Akronymmanager"
allows authenticated attackers to inject SQL statements and thereby read
data from the TYPO3 database.

Details
=======

Product: sb_akronymmanager
Affected Versions: <=

[ more ]  [ reply ]
[SECURITY] [DSA 3287-1] openssl security update 2015-06-13
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3287-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 13, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3288-1] libav security update 2015-06-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3288-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2015

[ more ]  [ reply ]
Buffer Overflow in My Wifi Router Software 2015-06-13
sudson08 gmail com
Hi there,

I have seen a buffer overflow in My Wifi Router software version 1.0

The link of the software is available :- http://mywifirouter.software.informer.com/1.0/

Exploit :- After running the software you will see two places to enter details i.e "Hotspot Name" and "Password".

To exploit thi

[ more ]  [ reply ]
[SECURITY] [DSA 3286-1] xen security update 2015-06-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3286-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3285-1] qemu-kvm security update 2015-06-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3285-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 13, 2015

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2015-162-01) 2015-06-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2015-162-01)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:10.openssl 2015-06-12
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:10.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting 2015-06-12
ludwig stage syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-020
Product(s): ZENWorks Mobile Management
Vendor: Novell
Affected Version(s): 3.1.0
Tested Version(s): 3.1.0
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Vendor Notification: 2015-0

[ more ]  [ reply ]
ZCMS SQL Injection & Persistent XSS 2015-06-12
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt

Vendor:
=============================================
http://zencherry.com/
http://sourceforge.net/projects/zencherrycms

Product:
===============

[ more ]  [ reply ]
[slackware-security] php (SSA:2015-162-02) 2015-06-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2015-162-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.4

[ more ]  [ reply ]
Nakid-CMS CSRF, Persistent XSS & LFI 2015-06-11
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NAKIDCMS0611.txt

Vendor:
================================
http://kilrizzy.github.io/Nakid-CMS/

Product:
================================
kilrizzy-Nakid-CMS-f2

[ more ]  [ reply ]
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability 2015-06-11
Egidio Romano (research karmainsecurity com)
-----------------------------------------------------------
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
-----------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1, 5.7.4, and probably other ve

[ more ]  [ reply ]
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities 2015-06-11
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
----
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------
----

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versi

[ more ]  [ reply ]
[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability 2015-06-11
Egidio Romano (research karmainsecurity com)
-------------------------------------------------------------------
Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
-------------------------------------------------------------------

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Version 5.7.3.1 and p

[ more ]  [ reply ]
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin 2015-06-10
Larry W. Cashdollar (larry0 me com)
Title: Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-07
Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-for
ms
Vendor: Waters Edge Web Design and Nether

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability 2015-06-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150611-iosxr

Revision 1.0

For Public Release 2015 June 11 16:00 UTC (GMT)

+--------------------------------------------------

[ more ]  [ reply ]
D-Link DSP-W110 - multiple vulnerabilities 2015-06-11
Peter Adkins (peter adkins kernelpicnic net)
>> D-Link DSP-W110 - multiple vulnerabilities

----
Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

----
Access:
----
Local network; unauthenticated access.

----
Tracking and identifiers:
----
CVE - None allocated.

----
Platforms / Firmware confirmed affected:
----
D-Link DSP-W11

[ more ]  [ reply ]
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04686230

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04686230
Version: 1

HPSBUX03337 SS

[ more ]  [ reply ]
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 2015-06-10
Larry W. Cashdollar (larry0 me com)
Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-06
Advisory: http://www.vapid.dhs.org/advisory.php?v=124
Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/
Vendor: https://profiles.w

[ more ]  [ reply ]
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) 2015-06-11
stasvolfus gmail com
Advisory: Adobe Connect Reflected XSS
Author: Stas Volfus (Bugsec Information Security LTD)
Vendor URL: http://www.adobe.com/
Status: Vendor Notified

==========================
Vulnerability Description
==========================

Adobe Connect (Central) version: 9.3 is vulnerable to Reflec

[ more ]  [ reply ]
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability 2015-06-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1323

Video: http://www.vulnerability-lab.com/get_content.php?id=1336

Vulnerability Magazine: http://maga

[ more ]  [ reply ]
Use-After-Free in PHP 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23262
Product: PHP
Vendor: PHP Group
Vulnerable Version(s): 5.6.9 and probably prior
Tested Version: 5.6.9
Advisory Publication: May 20, 2015 [without technical details]
Vendor Notification: May 20, 2015
Vendor Patch: June 2, 2015
Public Disclosure: June 10, 2015
Vulnerability

[ more ]  [ reply ]
Multiple Vulnerabilities in ISPConfig 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23260
Product: ISPConfig
Vendor: http://www.ispconfig.org
Vulnerable Version(s): 3.0.5.4p6 and probably prior
Tested Version: 3.0.5.4p6
Advisory Publication: May 20, 2015 [without technical details]
Vendor Notification: May 20, 2015
Vendor Patch: June 4, 2015
Public Disclosure:

[ more ]  [ reply ]
Arbitrary File Disclosure and Open Redirect in Bonita BPM 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23259
Product: Bonita BPM
Vendor: Bonitasoft
Vulnerable Version(s): 6.5.1 and probably prior
Tested Version: 6.5.1 (Windows and Mac OS packages)
Advisory Publication: May 7, 2015 [without technical details]
Vendor Notification: May 7, 2015
Vendor Patch: June 9, 2015
Public Di

[ more ]  [ reply ]
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forge

[ more ]  [ reply ]
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate a

[ more ]  [ reply ]
[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04693706

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04693706
Version: 1

HPSBUX03341 SS

[ more ]  [ reply ]
Elasticsearch vulnerability CVE-2015-4165 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to crea

[ more ]  [ reply ]
(Page 9 of 1621)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus