BugTraq Mode:
(Page 10 of 1627)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect 2015-07-13
Pedro Ribeiro (pedrib gmail com)
tl;dr
Two vulns in Kaseya Virtual System Administrator - an authenticated
arbitrary file download and two lame open redirects.

Full advisory text below and at [1]. Thanks to CERT for helping me to
disclose these vulnerabilities [2].

>> Multiple vulnerabilities in Kaseya Virtual System Administrato

[ more ]  [ reply ]
CFP: Passwords 2015, Dec 7-9, Cambridge, UK 2015-07-10
Per Thorsheim (per thorsheim net)
========================================================================
=
Passwords 2015
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
http://www.cl.cam.ac.uk/events/passwords2015/
https://passwordscon.org/
===============================

[ more ]  [ reply ]
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal 2015-07-13
Brian Cardinale (brian cardinaleconsulting com)
The AjaxControlToolkit prior to version 15.1 has a file upload directory
traversal vulnerability which on a poorly configured web server can lead to
remote code execution.

The issue affects any application using the AjaxFileUpload control. The
vulnerability arises because the =E2=80=9CfileId=E2=80=

[ more ]  [ reply ]
[SYSS-2015-031] sysPass - SQL Injection 2015-07-13
disclosure syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-031
Product: sysPass
Vendor: http://cygnux.org/
Affected Version(s): 1.0.9 and below
Tested Version(s): 1.0.9
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-07-27
S

[ more ]  [ reply ]
phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS 2015-07-13
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt

Vendor:
================================
phpsqlitecms.net

Product:
================================
ilosuna-phpsqlitecms-d9b8219

Adviso

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2015-192-01) 2015-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2015-192-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 2015-07-10
Tim Coen (tc coen gmail com)
Vulnerability: SQL Injection, Reflected XSS, Path Traversal
Affected Software: ZenPhoto (http://www.zenphoto.org/)
Affected Version: 1.4.8 (probably also prior versions)
Patched Version: 1.4.9
Risk: Medium
Vendor Contacted: 2015-05-18
Vendor Fix: 2015-07-09
Public Disclosure: 2015-07-10

SQL Injecti

[ more ]  [ reply ]
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04740527

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04740527
Version: 1

HPSBGN03373 re

[ more ]  [ reply ]
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products 2015-07-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products

Advisory ID: cisco-sa-20150710-openssl

Revision 1.0

For Public Release 2015 July 10 16:00 UTC (GMT)

+------------------------

[ more ]  [ reply ]
ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability 2015-07-10
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability

EMC Identifier: ESA-2015-115

CVE Identifier: CVE-2015-4526

Severity Rating: CVSSv2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

[ more ]  [ reply ]
CVE-2014-7952, Android ADB backup APK injection vulnerability 2015-07-10
Imre RAD (imre rad search-lab hu)
The Android operating system offers a backup/restore mechanism of
installed packages through the ADB utility. Full backup of applications
including the private files stored on /data partition is performed by
default, but applications can customize this behavior by implementing a
BackupAgent class. T

[ more ]  [ reply ]
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 2

HPSBGN03351 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS) 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04739301

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04739301
Version: 1

HPSBGN03371 re

[ more ]  [ reply ]
NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability 2015-07-10
VMware Security Response Center (security vmware com)
------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerab

[ more ]  [ reply ]
[SECURITY] [DSA 3307-1] pdns-recursor security update 2015-07-09
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3307-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 09, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3306-1] pdns security update 2015-07-09
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3306-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 09, 2015

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2015-190-01) 2015-07-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2015-190-01)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:12.openssl 2015-07-09
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:12.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20141008-asa

Revision 3.0

Last Updated 2015 July 8 21:04 UTC (GMT)

For Public Release

[ more ]  [ reply ]
Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution 2015-07-08
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On November 2013 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to execute arbitrary commands using
dm_bp_transition docbase method (for detailed

[ more ]  [ reply ]
[SECURITY] [DSA 3305-1] python-django security update 2015-07-08
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3305-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 08, 2015

[ more ]  [ reply ]
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection 2015-07-08
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: AirLink101 SkyIPCam1620W OS Command Injection
Advisory ID: CORE-2015-0011
Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-comma
nd-injection
Date published: 2015-07-08
Date of last update: 2015-07-08
Vendors contacted: AirLink101
Releas

[ more ]  [ reply ]
[security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information 2015-07-08
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04725401

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04725401
Version: 1

HPSBUX03363 re

[ more ]  [ reply ]
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution 2015-07-08
hdau deloitte fr
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution

CVEs: CVE-2015-1560, CVE-2015-1561

Vendor: Merethis - www.centreon.com
Product: Centreon
Version affected: 2.5.4 and prior

Product description:
Centreon is the choice of some of the world's largest companies

[ more ]  [ reply ]
SQL Injection in easy2map-photos wordpress plugin v1.09 2015-07-08
Larry W. Cashdollar (larry0 me com)
Title: SQL Injection in easy2map-photos wordpress plugin v1.09
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map-photos
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.1.0
Vendor Contact: https://profiles.wordpress.org/stevenel

[ more ]  [ reply ]
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 2015-07-08
Larry W. Cashdollar (larry0 me com)
Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2015-07-05
Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling
Vendor: https://profiles.wordpress.org/haet/
Vendor Notified: 2015-07-05, fixed i

[ more ]  [ reply ]
Symantec EP 12.1.4013 Disabling Vulnerability 2015-07-08
apparitionsec gmail com
#include <windows.h>
#include <Tlhelp32.h>
#define SMC_EXE "Smc.exe"
#define SMC_GUI "SmcGui.exe"
#define CC_SVC_HST "ccSvcHst.exe"

/*
By John Page (hyp3rlinx) - Dec 2014 - hyp3rlinx.altervista.org
Symantec Endpoint Protection version 12.1.4013
First reported to Symantec - Jan 20, 2015

Goal:
Kill

[ more ]  [ reply ]
[slackware-security] bind (SSA:2015-188-04) 2015-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2015-188-04)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2015-188-03) 2015-07-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2015-188-03)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patche

[ more ]  [ reply ]
[slackware-security] cups (SSA:2015-188-01) 2015-07-08
Slackware Security Team (security slackware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] cups (SSA:2015-188-01)

New cups packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
(Page 10 of 1627)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus