BugTraq Mode:
(Page 12 of 1691)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+-----------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A

[ more ]  [ reply ]
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD 2016-06-29
Cantor, Scott (cantor 2 osu edu)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fail

[ more ]  [ reply ]
Symantec SEPM v12.1 Multiple Vulnerabilities 2016-06-29
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.
txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manage

[ more ]  [ reply ]
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution 2016-06-28
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1.

[ more ]  [ reply ]
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
------------------------------------------------------------------------
-------

[-] Software Link:

https://www.concrete5.org/

[-] Affec

[ more ]  [ reply ]
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------
-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
--
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
------------------------------------------------------------------------
--

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

[ more ]  [ reply ]
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/

[ more ]  [ reply ]
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3607-1] linux security update 2016-06-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3607-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016

[ more ]  [ reply ]
Craft CMS affected by server side template injection 2016-06-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Craft CMS affected by server side template injection
------------------------------------------------------------------------

Nelson Berg & Jurgen Kloosterman, June 2016

--------------------------------------------------------

[ more ]  [ reply ]
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Dat

[ more ]  [ reply ]
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27
Matt Bush (matt 3xocyte net)
Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary

[ more ]  [ reply ]
MyLittleForum v2.3.5 PHP Command Injection 2016-06-27
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI
ON.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-176-01) 2016-06-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3606-1] libpdfbox security update 2016-06-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3606-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016

[ more ]  [ reply ]
#146416 Ruby:HTTP Header injection in 'net/http' 2016-06-24
redrain root (rootredrain gmail com)
TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.

[ more ]  [ reply ]
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure 2016-06-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version

[ more ]  [ reply ]
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Vers

[ more ]  [ reply ]
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabi

[ more ]  [ reply ]
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[ more ]  [ reply ]
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------
------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected V

[ more ]  [ reply ]
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability 2016-06-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-06-22 2016-06-22
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-r

[ more ]  [ reply ]
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

A

[ more ]  [ reply ]
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them 2016-06-21
Berend-Jan Wever (berendjanwever gmail com)
(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not al

[ more ]  [ reply ]
(Page 12 of 1691)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus