BugTraq Mode:
(Page 12 of 1675)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
Remote Code Execution in DVR affecting over 70 different vendors 2016-03-23
rotem kerner (nullfield gmail com)
0day exploit affecting CCTV DVR of over 70 different vendors. Attached
is a link to the research containing the vulnerability description and
a working exploit. In addition, It discuss the problem in performing
responsible disclosure with white label products.

Full research -
http://www.kerneronsec

[ more ]  [ reply ]
[SECURITY] [DSA 3525-1] pixman security update 2016-03-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3525-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 22, 2016

[ more ]  [ reply ]
[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2 2016-03-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Cross-site Scripting in Securimage 3.6.2

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.

Details
=======

Product: Securimage
Affected Versions: >=

[ more ]  [ reply ]
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:

apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10

[ more ]  [ reply ]
APPLE-SA-2016-03-21-6 Safari 9.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead

[ more ]  [ reply ]
APPLE-SA-2016-03-21-3 tvOS 9.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary

[ more ]  [ reply ]
APPLE-SA-2016-03-21-7 OS X Server 5.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-7 OS X Server 5.1

OS X Server 5.1 is now available and addresses the following:

Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions e

[ more ]  [ reply ]
APPLE-SA-2016-03-21-4 Xcode 7.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-4 Xcode 7.3

Xcode 7.3 is now available and addresses the following:

otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execut

[ more ]  [ reply ]
APPLE-SA-2016-03-21-2 watchOS 2.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-2 watchOS 2.2

watchOS 2.2 is now available and addresses the following:

Disk Images
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: An application may be able to execute arbitr

[ more ]  [ reply ]
APPLE-SA-2016-03-21-1 iOS 9.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-1 iOS 9.3

iOS 9.3 is now available and addresses the following:

AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitr

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 1

HPSBMU03562 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05050545

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05050545
Version: 1

HPSBGN03560 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05053211

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05053211
Version: 1

HPSBGN03551 r

[ more ]  [ reply ]
AbsoluteTelnet 10.14 DLL Hijack Code Exec 2016-03-21
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ABSOLUTETELNET-DLL-HIJACK.txt

Vendor:
==========================
www.celestialsoftware.net

Product:
=====================
AbsoluteTelnet 10.14

AbsoluteTelnet / SSH is a telne

[ more ]  [ reply ]
[SECURITY] [DSA 3524-1] activemq security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3524-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3523-1] iceweasel security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3523-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3522-1] squid3 security update 2016-03-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3522-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3521-1] git security update 2016-03-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3521-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 19, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass 2016-03-19
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0503167
4

HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass

SUPPORT COMMUNICATION - SECURITY B

[ more ]  [ reply ]
[SECURITY] [DSA 3520-1] icedove security update 2016-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3520-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2016

[ more ]  [ reply ]
SQL Injection and RCE in WebsiteBaker 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23296
Product: WebsiteBaker
Vendor: WebsiteBaker Org e.V.
Vulnerable Version(s): 2.8.3-SP5 and probably prior
Tested Version: 2.8.3-SP5
Advisory Publication: February 24, 2016 [without technical details]
Vendor Notification: February 24, 2016
Vendor Patch: February 26, 2016
Publi

[ more ]  [ reply ]
Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23294
Product: Dating Pro
Vendor: DatingPro
Vulnerable Version(s): Genie (2015.7) and probably prior
Tested Version: Genie (2015.7)
Advisory Publication: February 10, 2016 [without technical details]
Vendor Notification: February 10, 2016
Vendor Patch: February 29, 2016
Public Di

[ more ]  [ reply ]
Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23293
Product: iTop
Vendor: Combodo
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Advisory Publication: February 10, 2016 [without technical details]
Vendor Notification: February 10, 2016
Vendor Patch: February 11, 2016
Public Disclosure: March 18, 2016

[ more ]  [ reply ]
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315) 2016-03-18
Laël Cellier (lael cellier laposte net)
Oh?????????? Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version
(which was 2.7.1) would be the one which will include the fix.
But as pointed out on
https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions
including the fixes

[ more ]  [ reply ]
Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===========================
Directo

[ more ]  [ reply ]
Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===================================
CSRF - Arbitra

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-077-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3519-1] xen security update 2016-03-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3519-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2016

[ more ]  [ reply ]
[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17
contact securifera com
Document Title:
===============
Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability

References (Source):
====================
http://www.kb.cert.org/vuls/id/897144
https://www.securifera.com/advisories/cve-2016-2345
http://www.dameware.com/products/mini-remote-control/produc

[ more ]  [ reply ]
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)
The security advisory announcement claims that ActiveMQ 5.13.1 and
older versions are affected and that ActiveMQ 5.13.2 fixes the issues.

On 10 March 2016 at 07:45, Christopher Shannon
<christopher.l.shannon (at) gmail (dot) com [email concealed]> wrote:
> There following security vulnerability was reported against Apache
> Ac

[ more ]  [ reply ]
(Page 12 of 1675)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus