BugTraq Mode:
(Page 15 of 1727)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi 2017-05-02
Anti Räis (antirais gmail com)
MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi
##############################################

Information
===========

Name: MODX Revolution 2.0.1 - 2.5.6 (based on git commit)
Software: MODX CMS
Homepage: https://modx.com
Vulnerability: blind SQL injection
Prerequisites: attacke

[ more ]  [ reply ]
[security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information 2017-05-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03741en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03741en_us

Version: 1

HP

[ more ]  [ reply ]
IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom 2017-04-29
IML 2017 Conference (cfp iml-conference site)
Call for Papers

International Conference on Internet of Things and Machine Learning (IML 2017)

Venue: Liverpool John Moores University, United Kingdom

Proceedings: ACM Digital Library/ ISBN: 978-1-4503-5243-7

Extended papers will be invited to our journals (Indexed by Thomson Reuters)

https://b

[ more ]  [ reply ]
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options 2017-04-29
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

SyntaxHighlight MediaWiki extension allows injection of arbitrary
Pygments options
------------------------------------------------------------------------

Yorick Koster, February 2017

-----------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X 2017-04-29
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
------------------------------------------------------------------------

Han Sahin, April 2017

-------------------------------------

[ more ]  [ reply ]
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-04-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03738en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03738en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3838-1] ghostscript security update 2017-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3838-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2017

[ more ]  [ reply ]
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability 2017-04-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability

References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059

Video: https://www.youtube.com/watch?v=MSscCLATxPQ

Release Date:
=============
2017-04-27

Vulnerability Laboratory

[ more ]  [ reply ]
Live Helper Chat - Cross-Site Scripting 2017-04-28
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#############################################################
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper Chat

[ more ]  [ reply ]
[SECURITY] [DSA 3836-1] weechat security update 2017-04-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3836-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2017

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter 2017-04-27
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:04.ipfilter Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability 2017-04-26
Chris Douglas (cdouglas apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS

[ more ]  [ reply ]
April 2017 - Confluence - Security Advisory 2017-04-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE ID:

* CVE-2017-7415.

Product: Confluence.

Affected Confluence product versions:

6.0.0 <= version < 6.0.7

Fixed Confluence product versions:

* for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue.

Summary:
This advisory

[ more ]  [ reply ]
[SECURITY] [DSA 3834-1] mysql-5.5 security update 2017-04-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3834-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2017

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-114-01) 2017-04-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-114-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3833-1] libav security update 2017-04-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3833-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2017

[ more ]  [ reply ]
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials

Title: Solarwinds LEM Database Listener with Hardcoded Credentials
Advisory ID: KL-001-2017-009
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt

1. Vulnera

[ more ]  [ reply ]
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read

Title: Solarwinds LEM Management Shell Arbitrary File Read
Advisory ID: KL-001-2017-008
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt

1. Vulnerability Details

[ more ]  [ reply ]
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection

Title: Solarwinds LEM Management Shell Escape via Command Injection
Advisory ID: KL-001-2017-007
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt

1. Vulne

[ more ]  [ reply ]
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse

Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Advisory ID: KL-001-2017-006
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Advisory ID: KL-001-2017-005
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt

1. Vulne

[ more ]  [ reply ]
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method 2017-04-24
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7221
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC: https://gist.github.com/andreybpanfilov/0a4fdfad5

[ more ]  [ reply ]
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-23
Dawid Golunski (dawid legalhackers com)
Hi Filippo,

I received a reply from MITRE regarding which CVE to use in this
situation. Here is the reply I received:

'CVE-2017-7692 is now correct.

CVE-2017-5181 is no longer a valid ID number according to our
http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf policy. We fully
recognize that you ma

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2017-112-02) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2017-112-02)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-112-01) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-112-01)

New mozilla-firefox packages are available for Slackware 14.1 to
fix security and stability issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[slackware-security] proftpd (SSA:2017-112-03) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] proftpd (SSA:2017-112-03)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges 2017-04-22
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------

Remco Vermeulen, April 2017

-----------------------

[ more ]  [ reply ]
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStrea

[ more ]  [ reply ]
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set

[ more ]  [ reply ]
[SECURITY] [DSA 3831-1] firefox-esr security update 2017-04-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3831-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017

[ more ]  [ reply ]
(Page 15 of 1727)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus