BugTraq Mode:
(Page 13 of 1723)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-008
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Open
M

[ more ]  [ reply ]
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-007
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufactu

[ more ]  [ reply ]
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-006
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: High
Solution Status: Ope

[ more ]  [ reply ]
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-005
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open

[ more ]  [ reply ]
April 2017 - HipChat Server Advisory 2017-04-13
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE ID:

* CVE-2017-7357.

Product: Hipchat Server.

Affected Hipchat Server product versions:
All versions < 2.2.3

Fixed Hipchat Server product versions:
2.2.3

Summary:
This advisory discloses a critical severity security vulnerability
that was

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) 2017-04-12
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date:

[ more ]  [ reply ]
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SE
RVICE.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
===========
MXView v2.8

Download:
http://ww

[ more ]  [ reply ]
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVA
TE-KEY-DISCLOSURE.txt
[+] ISR: APPARITIONSEC

Vendor:
============
www.moxa.com

Product:
===========
MXview V2.8

Downloa

[ more ]  [ reply ]
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-
EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
=======================
MX-AOPC UA

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp 2017-04-12
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:03.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3829-1] bouncycastle security update 2017-04-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3829-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 11, 2017

[ more ]  [ reply ]
Microsoft Office OneNote 2007 DLL side loading vulnerability 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Office OneNote 2007 DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

--------------------------------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in Proxifier for Mac 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in Proxifier for Mac
------------------------------------------------------------------------

Yorick Koster, April 2017

------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5648 Apache Tomcat Information Disclosure

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected

Descrip

[ more ]  [ reply ]
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5651 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected

Description:
The refactoring of the HTTP connectors

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities 2017-04-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted,

[ more ]  [ reply ]
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode 2017-04-09
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
[Original post can be found here:
https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-ch
romebooks-persist-certain-network-settings-in-guest-mode/]

SUMMARY

Certain network settings in ChromeOS / ChromeBooks persists between
reboots when set in guest mode. These issues have been re

[ more ]  [ reply ]
Foscam All networked devices, multiple Design Errors. SSL bypass. 2017-04-09
nick m mckenna gmail com
Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are val

[ more ]  [ reply ]
[slackware-security] libtiff (SSA:2017-098-01) 2017-04-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libtiff (SSA:2017-098-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-

[ more ]  [ reply ]
[SECURITY] [DSA 3827-1] jasper security update 2017-04-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3827-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution 2017-04-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03733en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03733en_us

Version: 1

HP

[ more ]  [ reply ]
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite 2017-04-07
Denis Magda (dmagda apache org)
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8

Description:
Apache Ignite uses an update notifier component to update the users about new project r

[ more ]  [ reply ]
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download 2017-04-07
patrykgnt gmail com
# Title: D-Link DWR-116 Arbitrary File Download
# Vendor: D-Link (www.dlink.com)
# Affected model(s): DWR-116 / DWR-116A1
# Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU)
# CVE: CVE-2017-6190
# Date: 04.07.2016
# Author: Patryk Bogdan (@patryk_bogdan)

Description:
D-Link DWR-116 with firmware before

[ more ]  [ reply ]
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum 2017-04-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
=======================================================================
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version: 1.8.11
CVE

[ more ]  [ reply ]
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2017-2387)
--
http://www.info-sec.ca/advisories/Apple-Music.html

Overview

"Listen to all the music you want, anytime."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android

[ more ]  [ reply ]
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Trend Micro Enterprise Mobile Security Android Application - MITM SSL
Certificate Vulnerability (CVE-2016-9319)
--
http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security
.html

Overview

"Trend Micro Mobile Security is the client app for Trend Microâ??s
enterprise mobility platform.

[ more ]  [ reply ]
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload 2017-04-06
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CO
NTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC

Vendor:
==================
www.spiceworks.com

Product:
=================
S

[ more ]  [ reply ]
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data 2017-04-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03727en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03727en_us

Version: 1

HP

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal 2017-04-04
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal

Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Rel

[ more ]  [ reply ]
[SECURITY] [DSA 3826-1] tryton-server security update 2017-04-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3826-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 04, 2017

[ more ]  [ reply ]
(Page 13 of 1723)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus