BugTraq Mode:
(Page 2 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2015-118: EMC Avamar Directory Traversal Vulnerability 2015-07-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability

EMC Identifier: ESA-2015-118

CVE Identifier: CVE-2015-4527

Severity Rating: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Affected products:

? EMC Avamar Server all vers

[ more ]  [ reply ]
Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] 2015-07-22
modzero (security modzero ch)

See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt

---------------------------------------------------------------------

modzero Security Advisory:
Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02]

---------------------------------------------------------------------

-

[ more ]  [ reply ]
Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin 2015-07-22
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23264
Product: Paid Memberships Pro WordPress plugin
Vendor: Stranger Studios
Vulnerable Version(s): 1.8.4.2 and probably prior
Tested Version: 1.8.4.2
Advisory Publication: July 1, 2015 [without technical details]
Vendor Notification: July 1, 2015
Vendor Patch: July 8, 2015
Pub

[ more ]  [ reply ]
SQL Injection in Count Per Day WordPress Plugin 2015-07-22
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23267
Product: Count Per Day WordPress plugin
Vendor: Tom Braider
Vulnerable Version(s): 3.4 and probably prior
Tested Version: 3.4
Advisory Publication: July 1, 2015 [without technical details]
Vendor Notification: July 1, 2015
Vendor Patch: July 1, 2015
Public Disclosure: July

[ more ]  [ reply ]
[SECURITY] [DSA 3312-1] cacti security update 2015-07-22
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3312-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 22, 2015

[ more ]  [ reply ]
NetCracker Resource Management 8.0 - SQL Injection Vulnerability 2015-07-22
jychia sec gmail com
# Vulnerability type: SQL Injection
# Vendor: http://www.netcracker.com/
# Product: NetCracker Resource Management System
# Affected version: =< 8.0
# Patched version: 8.2
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-3423

# PROOF OF CONCEPT (SQLi)

SQL Injection (SQLi) vul

[ more ]  [ reply ]
NetCracker Resource Management 8.0 - XSS Vulnerability 2015-07-22
jychia sec gmail com
# Vulnerability type: Cross-site Scripting
# Vendor: http://www.netcracker.com/
# Product: NetCracker Resource Management System
# Affected version: =< 8.0
# Patched version: 8.2
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-2207

# PROOF OF CONCEPT (XSS)

Cross-site script

[ more ]  [ reply ]
Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities 2015-07-22
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt

Vendor:
================================
www.openwebanalytics.com

Product:
================================
Open-Web-Analytics-1.5.7

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:13.tcp 2015-07-22
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:13.tcp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Logstash vulnerability CVE-2015-5378 2015-07-21
Kevin Kluge (kevin elastic co)
Summary:

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting communication between the Logstash Forwarder agent and Lo

[ more ]  [ reply ]
WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals 2015-07-21
Maria Lemos (marialemos72 gmail com)
-----------
CALL FOR WORKSHOPS PROPOSALS
WorldCIST'16 - 4th World Conference on Information Systems and Technologies
Recife, PE, Brazil
22th-24th of March 2016
http://www.aisti.eu/worldcist16/
-------------------------------------------

WORKSHOP FORMAT

The Information Systems and Technologies res

[ more ]  [ reply ]
CVE-2015-5379: Axigen XSS vulnerability for html attachments 2015-07-21
Ioan Indreias (ioan indreias axigen com)
CVEID: CVE-2015-5379

SUBJECT: Axigen XSS vulnerability for html attachments

DESCRIPTION: Axigen's WebMail Ajax interface implements a view
attachment function that executes javascript code that is part of email
HTML attachments.
This allows a malicious user to craft email messages that could expos

[ more ]  [ reply ]
[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities 2015-07-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04746490

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04746490
Version: 1

HPSBMU03380 re

[ more ]  [ reply ]
[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information 2015-07-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04743784

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04743784
Version: 1

HPSBMU03377 re

[ more ]  [ reply ]
[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-07-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04745746

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04745746
Version: 1

HPSBUX03379 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3311-1] mariadb-10.0 security update 2015-07-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3311-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3310-1] freexl security update 2015-07-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3310-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3309-1] tidy security update 2015-07-18
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3309-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3308-1] mysql-5.5 security update 2015-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3308-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2015

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2015-198-01) 2015-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2015-198-01)

New httpd packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd

[ more ]  [ reply ]
[slackware-security] php (SSA:2015-198-02) 2015-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2015-198-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.4

[ more ]  [ reply ]
AirDroid ID - Client Side JSONP Callback Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AirDroid ID - Client Side JSONP Callback Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1544

Release Date:
=============
2015-07-10

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1451

098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0

Release Date:
=============
2015-

[ more ]  [ reply ]
UDID+ v2.5 iOS - Mail Command Inject Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
UDID+ v2.5 iOS - Mail Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1542

Release Date:
=============
2015-07-06

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Oracle E-Business Suite Servlet URL Redirection Vulnerability 2015-07-17
owais md khan gmail com
Oracle E-Business Suite Servlet URL Redirection vulnerability (CVE-2015-2630)

Versions Affected: 11.5.10.2, 12.0.6, 12.1.3

Discussion:
Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a

[ more ]  [ reply ]
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks 2015-07-17
adrian vollmer syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-021
Product: GroupWise
Vendor: Novell
Affected Version(s): 2014
Tested Version(s): 2014
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2015-05-04
Solution Date: 20

[ more ]  [ reply ]
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express 2015-07-16
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20150716-0 >
=======================================================================
title: Permanent Cross-Site Scripting
product: Oracle Application Express
vulnerable versio

[ more ]  [ reply ]
Elasticsearch CVE-2015-5531 2015-07-16
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.

We have been assigned CVE-2015-5531 for this issue.

Fixed versions:
Versions 1.6.1 and 1.7.0 address t

[ more ]  [ reply ]
Elasticsearch CVE-2015-5377 2015-07-16
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253.

Deployments are vulnerable even when Groovy dynamic scripting is disabled.

We

[ more ]  [ reply ]
ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability

ESA Identifier: ESA-2015-123

CVE Identifier: CVE-2015-4529

Severity Rating: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Affected products:

? EMC Documentum WebTop v

[ more ]  [ reply ]
(Page 2 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus