BugTraq Mode:
(Page 10 of 1654)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[SECURITY] [DSA 3430-1] libxml2 security update 2015-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3430-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2015

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege 2015-12-23
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

F-Secure's online virus scanner F-SecureOnlineScanner.exe, available
via <https://www.f-secure.com/en/web/home_global/online-scanner>,
loads and executes several rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll,
RASAdHlp.dll, SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll,
OLEAcc.dll etc.)

[ more ]  [ reply ]
[slackware-security] blueman (SSA:2015-356-01) 2015-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] blueman (SSA:2015-356-01)

New blueman packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 2015-12-22
LpSolit gmail com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* Unfiltered HTML injected into a dependency graph could be used to
create a cross-site scripting attack.

* Some web browsers

[ more ]  [ reply ]
ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability

EMC Identifier: ESA-2015-179

CVE Identifier: CVE-2015-6852

Severity Rating: CVSS v2 Base Score: 5.5 (AV:A/AC:L/Au:S/C:C/I:N/A:N)

Affected products:

EMC

[ more ]  [ reply ]
ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability

EMC Identifier: ESA-2015-174

CVE Identifier: CVE-2015-6850

Severity Rating: CVSS Base Score 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected Products

EMC Software: EMC VPLEX GeoSynchrony

[ more ]  [ reply ]
Aeris Calandar v2.1 - Buffer Overflow Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Aeris Calandar v2.1 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1656

Release Date:
=============
2015-12-01

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1657

Release Date:
=============
2015-11-26

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Switch v4.68 - Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Switch v4.68 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1649

Release Date:
=============
2015-11-23

Vulnerability Laboratory ID (VL-ID):
====================================
1649

[ more ]  [ reply ]
Lithium Forum - (previewImages) Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lithium Forum - (previewImages) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1520

Release Date:
=============
2015-12-18

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1655

Release Date:
=============
2015-12-07

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1657

Release Date:
=============
2015-12-14

Vulnerability Laboratory ID (VL-ID):
===

[ more ]  [ reply ]
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1360

Tracking ID: 15943

Release Date:
=============
2015-12-18

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality 2015-12-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login
Functionality

A session fixation vulnerability within the Symfony web application
framework's "Remember Me" login functionality allows an attacker to
impersonate the victim towards the web application if the session

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer [°]['] (rather: the 7-Zip based executable
self-extractor [²]) of Rapid7's (better known for their flagship
Metasploit) ScanNowUPnP.exe loads and executes several rogue/bogus
DLLs eventually found in the directory it is started from (the
"application directory"), co

[ more ]  [ reply ]
[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 1

HPSBHF03419 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926463

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926463
Version: 1

HPSBGN03526 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926482

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926482
Version: 1

HPSBGN03527 r

[ more ]  [ reply ]
[SECURITY] [DSA 3429-1] foomatic-filters security update 2015-12-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3429-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2015

[ more ]  [ reply ]
ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability 2015-12-21
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-177: RSA SecurID® Web Agent Authentication Bypass Vulnerability

EMC Identifier: ESA-2015-177

CVE Identifier: CVE-2015-6851

Severity Rating: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Affected Products:

- RSA SecurID® Web Agent version

[ more ]  [ reply ]
giflib: heap overflow in giffix (CVE-2015-7555) 2015-12-21
Hans Jerry Illikainen (hji dyntopia com)

About
=====

giflib[1] is a library for working with GIF images. It also provides
several command-line utilities.

CVE-2015-7555
=============

A heap overflow may occur in the giffix utility included in giflib-5.1.1
when processing records of the type `IMAGE_DESC_RECORD_TYPE' due to the
allocate

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer [°] of ESET's NOD32 antivirus,
eset_nod32_antivirus_live_installer_.exe, loads and executes
(at least) the rogue/bogus/malicious Cabinet.dll and DbgHelp.dll
eventually found in the directory it is started from ['] (the
"application directory").

For software downloa

[ more ]  [ reply ]
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in <http://seclists.org/fulldisclosure/2015/Nov/101> I showed
general mitigations for DLL hijacking via runtime dependencies
(<https://msdn.microsoft.com/en-us/library/ms685090.aspx>).

DLL hijacking is but also possible via load-time dependencies
(<https://msdn.microsoft.com/en-us/library/

[ more ]  [ reply ]
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password

Title: Seagate GoFlex Satellite Remote Telnet Default Password
Advisory ID: KL-001-2015-007
Publication Date: 2015.12.18
Publication URL: https://www.korelogic.com/Resources/Ad

[ more ]  [ reply ]
[SECURITY] [DSA 3427-1] blueman security update 2015-12-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3427-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3428-1] tomcat8 security update 2015-12-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3428-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 18, 2015

[ more ]  [ reply ]
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address 2015-12-18
KoreLogic Disclosures (disclosures korelogic com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address

Title: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Advisory ID: KL-001-2015-008
Publication Date: 2015.12.18
Publication URL

[ more ]  [ reply ]
[slackware-security] grub (SSA:2015-351-01) 2015-12-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] grub (SSA:2015-351-01)

New grub packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/grub-2.00-i48

[ more ]  [ reply ]
[slackware-security] libpng (SSA:2015-351-02) 2015-12-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2015-351-02)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege 2015-12-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

avira_registry_cleaner_en.exe, available from
<https://www.avira.com/en/download/product/avira-registry-cleaner>
to clean up remnants the uninstallers of their snakeoil products
fail to remove, is vulnerable: it loads and executes WTSAPI32.dll,
UXTheme.dll and RichEd20.dll from its applicat

[ more ]  [ reply ]
(Page 10 of 1654)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus