BugTraq Mode:
(Page 2 of 1703)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure 2017-01-05
Mark Thomas (markt apache org)
CVE-2016-8745 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Apache Tomcat 8.0.0.RC1 to 8.0.39 (new)
Apache Tomcat 7.0.0 to 7.0.73 (new)
Apache Tomcat 6.0.16 to 6.0

[ more ]  [ reply ]
ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities 2017-01-05
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities

EMC Identifier: ESA-2016-157

CVE Identifier: CVE-2016-9867, CVE-2016-9868, CVE-2016-9869

Severity Rating: CVSS v3Base Score: See below for individual scores

Affected products:

EMC Scale

[ more ]  [ reply ]
[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-01-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053619
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05361944

Version: 1

HPSBGN03688 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update 2017-01-03
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
January 3, 2017

[ more ]  [ reply ]
0-day: QNAP NAS Devices suffer of heap overflow 2016-12-31
bashis (mcw noemail eu)
Greetings,

Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting vulnerability, and twice I got mailer-daemon back.

So, Iâ??ll post my vulnerabilities here instead (Was not meant to be 0-dayâ?¦ whatever).

Have a nice day (and happy new ye

[ more ]  [ reply ]
[SECURITY] [DSA 3750-1] libphp-phpmailer security update 2016-12-31
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
December 31, 2016

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2016-365-03) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2016-365-03)

New seamonkey packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability 2016-12-31
Pedro Santos (pedrosans gmail com)
Forwarding the message em plain text mode to:

- be accepted by securityfocus's mail server ( didn't accepted MIME
Content-Type 'multipart/alternative' )
- add oss-security (at) lists.openwall (dot) com [email concealed] at the open receiver ( openwall
is not accepting emails if in BCC)
- adding missing Apache's security team (

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-365-02) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-365-02)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
[slackware-security] libpng (SSA:2016-365-01) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2016-365-01)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage 2016-12-28
Oleksandr Rudyy (orudyy gmail com)
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage

Vendor: The Apache Software Foundation

Versions Affected: Apache Qpid Broker for Java versions 6.0.1,
6.0.2, 6.0.3, 6.0.4, 6.0.5, and 6.1.0

Description:

The Qpid Broker for Java can be configured to use differen

[ more ]  [ reply ]
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) 2016-12-28
Dawid Golunski (dawid legalhackers com)
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Desc:

I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible t

[ more ]  [ reply ]
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] 2016-12-27
Dawid Golunski (dawid legalhackers com)
PHPMailer < 5.2.18 Remote Code Execution
CVE-2016-10033

Here's an updated version of the advisory with more details + simple PoC.

Still incomplete. There will be more updates/exploits soon at:

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-C
VE-2016-10033-Vuln.html

https:/

[ more ]  [ reply ]
[SECURITY] [DSA 3746-1] graphicsmagick security update 2016-12-24
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3746-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 24, 2016

[ more ]  [ reply ]
[slackware-security] expat (SSA:2016-359-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] expat (SSA:2016-359-01)

New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-------------------------

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-358-02) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-358-02)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2016-358-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2016-358-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
XAMPP Control Panel Memory Corruption Denial Of Service 2016-12-24
apparitionsec gmail com (HYP3RLINX)
[+] Credits: John Page (hyp3rlinx)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CO
RRUPTION-DOS.txt

[+] ISR: ApparitionSec

Vendor:
=====================
www.apachefriends.org

Product:
===================
XAMPP Cont

[ more ]  [ reply ]
[SECURITY] [DSA 3744-1] libxml2 security update 2016-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3744-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp 2016-12-22
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow 2016-12-21
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[SECURITY] [DSA 3732-2] php-ssh2 regression update 2016-12-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3732-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 21, 2016

[ more ]  [ reply ]
ASP.NET Core 5-RC1 HTTP Header Injection 2016-12-21
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: ASP.NET Core
# Vendor: Microsoft https://www.microsoft.com
# CSNC ID: CSNC

[ more ]  [ reply ]
[SECURITY] [DSA 3743-1] python-bottle security update 2016-12-20
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3743-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 20, 2016

[ more ]  [ reply ]
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free 2016-12-20
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[SECURITY] [DSA 3738-1] tomcat7 security update 2016-12-18
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3738-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 18, 2016

[ more ]  [ reply ]
Samsung DVR credentials encoded in base64 in cookie header 2016-12-17
Jacobo Avariento (spinfoo vuln gmail com)
Product: Samsung DVR
Impact: High

Intro
~~~~~~~~~~~~~~~

Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits
the credentials encoded in the Cookie header using very bad security
practice, just encoding the login and password in BASE64 codification.
It is trivial to decode those

[ more ]  [ reply ]
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities 2016-12-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053563
63

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05356363

Version: 1

HPSBMU03684 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3736-1] libupnp security update 2016-12-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3736-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 16, 2016

[ more ]  [ reply ]
CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom 2016-12-16
unlimitsec gmail com
Description of the potential vulnerability:Lack of appropriate exception handling in some receivers of the Telecom application allows attackers crash the system easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
The patch prevents

[ more ]  [ reply ]
(Page 2 of 1703)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus