BugTraq Mode:
(Page 10 of 1694)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1876

Release Date:
=============
2016-07-25

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1885

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
============

[ more ]  [ reply ]
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1875

Release Date:
=============
2016-07-13

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
[SECURITY] [DSA 3631-1] php5 security update 2016-07-26
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3631-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3630-1] libgd2 security update 2016-07-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3630-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 26, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) 2016-07-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05212266

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05212266
Version: 1

HPSBST03603 r

[ more ]  [ reply ]
Silurus Classifieds XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Silurus Classifieds XSS Vulnerability
Software : Silurus Classifieds

Software Version : v2.0

Vendor: http://snowhall.com/slides/silurus

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 (at) gmail (dot) com [email concealed]
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in ColorWay WordPress Theme 2016-07-26
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in ColorWay WordPress Theme
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------------

[ more ]  [ reply ]
Dropbox 6.4.14 DLL Hijacking Vulnerability 2016-07-26
mehta himanshu21 gmail com
Aloha,

Summary
Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'DropboxInstaller.exe' improperly. And it allows an a

[ more ]  [ reply ]
Huawei ISM Professional XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484@gmail

[ more ]  [ reply ]
Crashing Browsers Remotely via Insecure Search Suggestions 2016-07-26
research nightwatchcybersecurity com
[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-br
owsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected brow

[ more ]  [ reply ]
MySQL 0days followup (CVE-2016-3477) CVSS 8.1 2016-07-26
lem nikolas gmail com
Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauth

[ more ]  [ reply ]
July 2016 - Bamboo Server - Critical Security Advisory 2016-07-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= vers

[ more ]  [ reply ]
[SECURITY] [DSA 3629-1] ntp security update 2016-07-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3629-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-07-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 1

HPSBGN03630 r

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "akey" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected So

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch 2016-07-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:25.bspatch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3628-1] perl security update 2016-07-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2016

[ more ]  [ reply ]
XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-07-25
Larry W. Cashdollar (larry0 me com)
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galler
ies/gallery-pro
Vendor: huge-it.com
Vendor Notif

[ more ]  [ reply ]
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr 2016-07-25
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.

[ more ]  [ reply ]
[SECURITY] [DSA 3627-1] phpmyadmin security update 2016-07-24
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3627-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
July 24, 2016

[ more ]  [ reply ]
Cross-Site Scripting in Code Snippets WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Code Snippets WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Neoscreen v4.5 Cross-site scripting 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Detail

[ more ]  [ reply ]
Neoscreen v4.5 Blind SQL injection 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [C

[ more ]  [ reply ]
Neoscreen v4.5 Authentication bypass 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

[ more ]  [ reply ]
[SECURITY] [DSA 3626-1] openssh security update 2016-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3626-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016

[ more ]  [ reply ]
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 2016-07-23
mgill c0ffee me
Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context.

Proof of Concept:
The fol

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design 2016-07-23
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be

[ more ]  [ reply ]
(Page 10 of 1694)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus