BugTraq Mode:
(Page 11 of 1679)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities 2016-04-19
Security Alert (Security_Alert emc com)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities

CVE Identifier: CVE-2016-0891

EMC Identifier: ESA-2016-039

Severity Rating: CVSS Base Score 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected products:
EMC ViPR SRM

[ more ]  [ reply ]
Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 2016-04-19
research (at) rv3lab (dot) org [email concealed] (research rv3lab org)
###################################################

01. ### Advisory Information ###

Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly
Webshare) v1.3.1
Date published: 2016-15-04
Date of last update: 2014-03-04
Vendors contacted: Oliver (formerly Webshare) v1.3.1
Discovered by: Rv

[ more ]  [ reply ]
[ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) â?? XSS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2234918
Author: Vahagn Vardanyan (ER

[ more ]  [ reply ]
[ERPSCAN-16-005] SAP HANA hdbxsengine JSON â?? DoS vulnerability 2016-04-19
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege 2016-04-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of G-Data's "security" products for
Windows, available from <https://www.gdata.de/downloads>, allow
escalation of privilege!

The downloadable executables are self-extractors containing the
real executable installer as resource: they create the subdirectory
%T

[ more ]  [ reply ]
[security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05085438

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05085438
Version: 2

HPSBST03576 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges 2016-04-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05085303

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05085303
Version: 1

HPSBGN03555 r

[ more ]  [ reply ]
CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030) 2016-04-18
klaus eisentraut syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-030
Product: pgpdump
Maintainer: Kazu Yamamoto
Affected Version(s): 0.29
Tested Version(s): 0.29
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: Low
Solution Status: Fixed (in 0.30)
Maintainer Notification: 2

[ more ]  [ reply ]
[SECURITY] [DSA 3552-1] tomcat7 security update 2016-04-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3552-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 17, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3551-1] fuseiso security update 2016-04-16
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3551-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
April 16, 2016

[ more ]  [ reply ]
Ahrare Andeysheh Cms Multiple Vulnerabilities 2016-04-16
iesb team gmail com
Xss and sqli and poc on ahrare andeysheh cms to all versions

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@

[ more ]  [ reply ]
[CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android 2016-04-16
urikanonov gmail com
Subject: [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android

Vulnerability Description
=========================

The vulnerability allows disclosure of Clipboard data of Samsung KNOX 1.0 and 2.3 containers.

On KNOX-enabled devices there exists a proprietary service called

[ more ]  [ reply ]
[slackware-security] samba (SSA:2016-106-02) 2016-04-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2016-106-02)

New samba packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/samba

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-106-01) 2016-04-15
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-106-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3550-1] openssh security update 2016-04-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3550-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2016

[ more ]  [ reply ]
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability 2016-04-15
Sandro Poppi (spoppi sec gmail com)
Abstract
--------
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting
Vulnerability
Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on
Windows 7 SP1
Vendor Homepage: http://www.microsoft.com
Severity: high
Status: fixed
CVE-ID: CVE-2016-0160

Description
-----------
Micr

[ more ]  [ reply ]
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda

[ more ]  [ reply ]
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1.

[ more ]  [ reply ]
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

[ more ]  [ reply ]
[SECURITY] [DSA 3549-1] chromium-browser security update 2016-04-15
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3549-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
April 15, 2016

[ more ]  [ reply ]
AST-2016-005: TCP denial of service in PJProject 2016-04-14
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-005

Product Asterisk
Summary TCP denial of service in PJProject
Nature of Advisory Crash/Denial of Service

[ more ]  [ reply ]
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk 2016-04-14
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-004

Product Asterisk
Summary Long Contact URIs in REGISTER requests can crash
Asterisk

[ more ]  [ reply ]
NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin 2016-04-14
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2016-0004
Synopsis: VMware product updates address a critical security issue in
the VMware Client I

[ more ]  [ reply ]
ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability 2016-04-14
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability

EMC Identifier: ESA-2016-036

CVE Identifier: CVE-2016-0889

Severity Rating: CVSS v3 Base Score: 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)

Affected pr

[ more ]  [ reply ]
Securing Android Applications from Screen Capture 2016-04-14
research nightwatchcybersecurity com
Original here:
https://blog.nightwatchcybersecurity.com/research-securing-android-appli
cations-from-screen-capture-8dce2c8e21d#.bw2qwe213

Research: Securing Android Applications from Screen Capture

Summary ? TL, DR
Apps on Android and some platform services are able to capture other ap

[ more ]  [ reply ]
Mybb Cms (private.php Page) Denial Of Service Vulnerability 2016-04-14
iedb team gmail com
Denial Of Service Vulnerability in Mybb All version in private.php Page
Tested On 1.6* and 1.8.*

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
#

[ more ]  [ reply ]
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-14
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1821

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
[SECURITY] [DSA 3548-2] samba regression update 2016-04-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3548-1] samba security update 2016-04-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2016

[ more ]  [ reply ]
Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

Advisory ID: cisco-sa-20160413-ucs

Revision 1.0

Published: 2016 April 13 16:00 GMT
+------------------------------------------------

[ more ]  [ reply ]
(Page 11 of 1679)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus