BugTraq Mode:
(Page 2 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update 2016-11-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3723-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 24, 2016

[ more ]  [ reply ]
WorldCIST'17 - Submission deadline: November 27 2016-11-24
ML (marialemos72 gmail com)
* Best papers published in SCI/SSCI-indexed journals
** Proceedings by Springer, indexed in ISI, Scopus, DBLP, EI-Compendex, etc.

------------------------------------------------------------------------
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto Sant

[ more ]  [ reply ]
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-107
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Low
Solution St

[ more ]  [ reply ]
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks 2016-11-24
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-071
Product: Smart GSM Alarm SA 2500 Kit
Manufacturer: Blaupunkt
Affected Version(s): v1.0
Tested Version(s): v1.0
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufactur

[ more ]  [ reply ]
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-064
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Improper Restriction of Excessive Authentication
At

[ more ]  [ reply ]
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-066
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution S

[ more ]  [ reply ]
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition 2016-11-24
Dawid Golunski (dawid legalhackers com)
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition
CVE-2016-7098

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: Medium

GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerability th

[ more ]  [ reply ]
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities 2016-11-23
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053368
88

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05336888

Version: 1

HPSBHF03673 rev.1

[ more ]  [ reply ]
CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details 2016-11-23
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventeenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through

[ more ]  [ reply ]
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks 2016-11-23
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-106
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medi

[ more ]  [ reply ]
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks 2016-11-23
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-072
Product: Protect 9061
Manufacturer: Olympia
Affected Version(s): Article No. 5943 rev.03
Tested Version(s): Article No. 5943 rev.03
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution St

[ more ]  [ reply ]
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities 2016-11-22
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: TP-LINK TDDP Multiple Vulnerabilities
Advisory ID: CORE-2016-0007
Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabili
ties
Date published: 2016-11-21
Date of last update: 2016-11-18
Vendors contacted: TP-Link
Release mode: User releas

[ more ]  [ reply ]
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details 2016-11-22
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
sixteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through D

[ more ]  [ reply ]
Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1 2016-11-21
Andrea Barisani (andrea inversepath com)

The following vulnerabilities have been reported to Siemens CERT and are now
covered by by Siemens Security Advisory SSA-603476, published today
(2016-11-21) and available at the following URL:

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-6034
76.pdf

-- CVE-016-8672 --------

[ more ]  [ reply ]
[SECURITY] [DSA 3719-1] wireshark security update 2016-11-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3719-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
November 21, 2016

[ more ]  [ reply ]
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component 2016-11-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2296909

Author: Vahagn Vardanyan (ERPScan)

[ more ]  [ reply ]
Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) 2016-11-21
Dawid Golunski (dawid legalhackers com)
Vulnerability: Nginx (Debian-based distros) - Root Privilege
Escalation (CVE-2016-1247)

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure permi

[ more ]  [ reply ]
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Cross-site Scripting [CWE-79]
Date found: 2016-06-29
Date published: -
CVSSv3 Score:

[ more ]  [ reply ]
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Information Exposure Through an Error Message [CWE-209]
Date found: 2016-06-29
Date p

[ more ]  [ reply ]
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution 2016-11-20
Julien Ahrens (julien ahrens rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: -
CVSSv3 Score: 6.3

[ more ]  [ reply ]
Multiple issues in OpManager 12100 & 12200 2016-11-20
Michael Heydon (michael mheydon net)
Title: Multiple issues in OpManager
Author: Michael Heydon
Product: OpManager
Tested Versions: 12100 & 12200
Vendor: Zoho ManageEngine
Vendor Notified: 2016-08-14
Disclosure Date: 2016-11-20

Product Description:
====================
OpManager is a web-based network monitoring system. It is used p

[ more ]  [ reply ]
[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) 2016-11-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053370
25

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05337025

Version: 1

HPSBHF03675 rev.1

[ more ]  [ reply ]
Putty Cleartext Password Storage 2016-11-20
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUTTY.EXE-INSECURE-PASSWORD-S
TORAGE.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.chiark.greenend.org.uk

Product:
===========
Putty.exe
v0.

[ more ]  [ reply ]
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: -
CVSSv3 Score: 6.3

[ more ]  [ reply ]
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Check Email WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Check Email WordPress Plugin
------------------------------------------------------------------------

Antonis Manaras, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
------------------------------------------------------------------------

Antonis Manaras, July 2016

-----------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-323-01) 2016-11-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-323-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details 2016-11-18
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
fourteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through

[ more ]  [ reply ]
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability 2016-11-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2003

Release Date:
=============
2016-11-14

Vulnerability Laboratory ID (VL-ID):
======

[ more ]  [ reply ]
(Page 2 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus