BugTraq Mode:
(Page 12 of 1654)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] 2015-12-15
Hector Marco-Gisbert (hecmargi upv es)
Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be
exploited under certain circumstances, allowing local attackers to bypass any
kind of authentication (plain or hashed passwords).

[ more ]  [ reply ]
phpback v1.1 XSS vulnerability 2015-12-15
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-XSS.txt

Vendor:
====================
www.phpback.org

Product:
===============
phpback v1.1

The open source feedback system, PHPBack is feedback a web application that

[ more ]  [ reply ]
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015

[ more ]  [ reply ]
[SECURITY] [DSA 3417-1] bouncycastle security update 2015-12-14
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3417-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 14, 2015

[ more ]  [ reply ]
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: SQL injection
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015
Date of Pub

[ more ]  [ reply ]
ECommerceMajor SQL Injection Vulnerability 2015-12-13
Rahul Pratap Singh (techno rps gmail com)
#Exploit Title : ECommerceMajor SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 13/Dec/2015
#Home page Link : https://github.com/xlinkerz/ecommerceMajor
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3416-1] libphp-phpmailer security update 2015-12-13
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3416-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 13, 2015

[ more ]  [ reply ]
COM+ Services DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

COM+ Services DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
Windows Authentication UI DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Windows Authentication UI DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

---------------------------------------------------------------------

[ more ]  [ reply ]
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 2015-12-12
Aravind (altoarun gmail com)
Information

=================================

#Vulnerability type: Cross Site Scripting (XSS)

#Vendor: http://www.synnefoims.com/

#Product: Synnefo Client for Synnefo Internet Management Software

(IMS) 2015 (http://www.synnefoims.com/products.html)

CVE Reference:

=========================

[ more ]  [ reply ]
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2015-12-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 1

HPSBHF03431 r

[ more ]  [ reply ]
APPLE-SA-2015-12-11-1 iTunes 12.3.2 2015-12-11
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-11-1 iTunes 12.3.2

iTunes 12.3.2 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple me

[ more ]  [ reply ]
ORGIN STUDIOS Cms Multiple Vulnerability 2015-12-11
iedb team gmail com
sql and Xss Vulnerability in ORGIN STUDIOS Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege 2015-12-08
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of 7-Zip (see <http://www.7-zip.org/>)
and ALL self-extracting archives created with 7-Zip are vulnerable:

1. They load and execute a rogue/bogus/malicious UXTheme.dll [']
eventually found in the directory they are started from (the
"application director

[ more ]  [ reply ]
WordPress <=v4.4 Username Exists Information Disclosure 2015-12-10
John SECURELI.com (john secureli com)
Information security research credited to John Martinelli @
SECURELI.com. (john (at) secureli (dot) com [email concealed])

-----

Affects: WordPress <=v4.4
Vulnerability: Information Disclosure
CVE-ID: Pending
Impact: Username exists disclosure on /wp-login.php

-----

By default, WordPress <=4.4 discloses whether a username

[ more ]  [ reply ]
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-003 10-December-2015
________________________________________________________________________
________

Vendor: Microso

[ more ]  [ reply ]
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <=7.0.611

[ more ]  [ reply ]
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

Advisory ID: cisco-sa-20151209-java-deserialization

Revision 1.0

For Public Release: 2015 December 9 16:00 GMT
+-----------------------------------------------

[ more ]  [ reply ]
APPLE-SA-2015-12-08-6 Xcode 7.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-6 Xcode 7.2

Xcode 7.2 is now available and addresses the following:

Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versi

[ more ]  [ reply ]
Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability 2015-12-08
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 08/12/2015

Microsoft Windows usp10.dll "GetFontDesc()"

Integer Underflow Vulnerability

================================================

[ more ]  [ reply ]
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 2015-12-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:

apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact:

[ more ]  [ reply ]
[SECURITY] [DSA 3414-1] xen security update 2015-12-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3414-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2015

[ more ]  [ reply ]
[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution 2015-12-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04916783

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04916783
Version: 1

HPSBHF03432 r

[ more ]  [ reply ]
APPLE-SA-2015-12-08-2 tvOS 9.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-2 tvOS 9.1

tvOS 9.1 is now available and addresses the following:

AppleMobileFileIntegrity
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
De

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability

Advisory ID: cisco-sa-20151209-pca

Revision 1.0

For Public Release 2015 December 9 16:00 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference 2015-12-09
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: Microsoft Windows Media Center link file incorrectly resolved reference
Advisory ID: CORE-2015-0014
Advisory URL: http://www.coresecurity.com/advisories/microsoft-windows-media-center-li
nk-file-incorrectly-resolved-reference
Date published: 2015-12-08
Date of last upd

[ more ]  [ reply ]
[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information 2015-12-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04918839

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04918839
Version: 1

HPSBHF03433 S

[ more ]  [ reply ]
APPLE-SA-2015-12-08-5 Safari 9.0.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-5 Safari 9.0.2

Safari 9.0.2 is now available and addresses the following:

WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website

[ more ]  [ reply ]
APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-4 watchOS 2.1

watchOS 2.1 is now available and addresses the following:

AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access t

[ more ]  [ reply ]
APPLE-SA-2015-12-08-1 iOS 9.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-1 iOS 9.2

iOS 9.2 is now available and addresses the following:

AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able t

[ more ]  [ reply ]
(Page 12 of 1654)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus