BugTraq Mode:
(Page 2 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3622-1] python-django security update 2016-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3622-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016

[ more ]  [ reply ]
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking 2016-07-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

this is basically a followup to <http://seclists.org/oss-sec/2016/q1/58>

CVE-2016-1281 is NOT FIXED!

I've retested the current "VeraCrypt Setup 1.17.exe" on a fully
patched Windows 7, and it is STILL (or AGAIN) vulnerable there.

The following DLLs are loaded from the "application directo

[ more ]  [ reply ]
[SECURITY] [DSA 3621-1] mysql-connector-java security update 2016-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3621-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016

[ more ]  [ reply ]
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon 2016-07-18
bashis (mcw noemail eu)

#!/usr/bin/env python2.7
#
# [SOF]
#
# [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
# Research and development by bashis <mcw noemail eu> 2016
#
# This format string vulnerability has following characteristic:
# - Heap Based (Exploiting string locat

[ more ]  [ reply ]
Multiple vulns in Vodafone EasyBox 804 2016-07-17
Tim Schughart (info prosec-networks com)
Hi@all

#### General Information
## Report history:
Since 01.05. we have contacted the support of Vodafone 3 times. There has been no response until today.
Toady we release the vulnerabilities in hope that Vodafone will react.

## Vendor Information:
Vodafone is worldwide operating ISP.
Quotation of

[ more ]  [ reply ]
[SECURITY] [DSA 3620-1] pidgin security update 2016-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3620-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3619-1] libgd2 security update 2016-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3619-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2016

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-07-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 3

HPSBMU03562 r

[ more ]  [ reply ]
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

[ more ]  [ reply ]
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ER

[ more ]  [ reply ]
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for
WordPress
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability 2016-07-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

Advisory ID: cisco-sa-20160713-ncs6k

Revision 1.0

For Public Release 2016 July 13 16:00 UTC (GMT)

+-------------------------------------------------

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-07-13 2016-07-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45796 / 45811 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev44,

[ more ]  [ reply ]
missing input validation in pmount: arbitrary mount as non-root 2016-07-13
Imre RAD (imre rad search-lab hu)
Summary:
--------
pmount is a wrapper around the standard mount program which permits
normal users to mount removable devices without a matching /etc/fstab entry.
Due to a missing input validation check local users could mount devices
to arbitrary destinations and thus taking over the targeted syste

[ more ]  [ reply ]
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers 2016-07-12
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of Flash Player released 2016-06-15
fixed CVE-2016-1014 in the second attempt, but another vulnerability
remained: they create(d) and use(d) UNSAFE temporary subdirectories
into which they copy/ied themselves and extract(ed) a file "fpb.tmp"
which they load(ed) and

[ more ]  [ reply ]
Easy Forms for MailChimp Local File Inclusion vulnerability 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Easy Forms for MailChimp Local File Inclusion vulnerability
------------------------------------------------------------------------

Yorick Koster, July 2016

--------------------------------------------------------------------

[ more ]  [ reply ]
WP Fastest Cache Member Local File Inclusion vulnerability 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

WP Fastest Cache Member Local File Inclusion vulnerability
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Email Users WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code 2016-07-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05200601

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05200601
Version: 1

HPSBHF03608 r

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WordPress Activity Log plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WordPress Activity Log plugin
------------------------------------------------------------------------

Han Sahin, July 2016

-------------------------------------------------------------------

[ more ]  [ reply ]
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.5 (CVSS:

[ more ]  [ reply ]
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.4

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WP Live Chat Support plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WP Live Chat Support plugin
------------------------------------------------------------------------

Han Sahin, July 2016

---------------------------------------------------------------------

[ more ]  [ reply ]
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin 2016-07-10
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
------------------------------------------------------------------------

David Vaartjes, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
(Page 2 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus