BugTraq Mode:
(Page 3 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-031] SAP NetWeaver AS ABAP â?? directory traversal using READ DATASET 2016-11-18
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Pro

[ more ]  [ reply ]
[ERPSCAN-16-032] SAP Telnet Console â?? Directory traversal vulnerability 2016-11-18
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2280371

Author:

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody 2016-11-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in response to <http://seclists.org/fulldisclosure/2016/Jan/24>
EmsiSoft fixed some of the DLL hijacking vulnerabilities in some
of their executable installers and unpackers.

EmsisoftEmergencyKit.exe still has beginner's errors which allow
escalation of privilege for EVERY local user:

0.

[ more ]  [ reply ]
[SECURITY] [DSA 3716-1] firefox-esr security update 2016-11-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3716-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 16, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS) 2016-11-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053333
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333384

Version: 1

HPSBGN03676 rev.1

[ more ]  [ reply ]
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details 2016-11-16
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twelfth entry in that series. Unfortunately I won't be able to publish
everything within one month at the current rate, so I may continue to
publish these through Dec

[ more ]  [ reply ]
[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information 2016-11-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053332
97

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297

Version: 1

HPSBST03671 rev.1

[ more ]  [ reply ]
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset 2016-11-15
Andrew Klaus (andrewklaus gmail com)
### Device Details
Vendor: Actiontec (Telus Branded)
Model: WCB3000N
Affected Firmware: v0.16.2.5
Device Manual: http://static.telus.com/common/cms/files/internet/wifi_plus_extender.pdf

Reported: November 2015
Status: Fixed on newest pushed firmware version
CVE: Update is handled by the vendor, th

[ more ]  [ reply ]
CVE-2016-4484: - Cryptsetup Initrd root Shell 2016-11-14
Hector Marco (hmarco hmarco org) (1 replies)
Hello All,

Affected package
----------------
Cryptsetup <= 2:1

CVE-ID
------
CVE-2016-4484

Description
-----------
A vulnerability in Cryptsetup, concretely in the scripts that unlock the
system partition when the partition is ciphered using LUKS (Linux
Unified Key Setup).

This vulnerability

[ more ]  [ reply ]
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell 2016-11-15
Leo Famulari (leo famulari name)
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 2

HPSBUX03665 rev.2

[ more ]  [ reply ]
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
55

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324755

Version: 1

HPSBGN03669 rev.1

[ more ]  [ reply ]
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 2016-11-14
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161114-0 >
=======================================================================
title: Multiple vulnerabilities
product: I-Panda SolarEagle - Solar Controller Administration
Software / MPPT Solar Co

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-13
iedb team gmail com
Mail Delivery Reports crash database Local Vulnerability in WHM Panel All Version

###########################

# WHM Panel Mail Delivery Reports crash database Vulnerability

###########################

#####################################

# Iranian Exploit DataBase And Security

[ more ]  [ reply ]
Multiple vulnerabilities in Barco Clickshare 2016-11-14
vincent ruijter kpn com
CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1
Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1).
A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-12
iedb team gmail com
Mail Delivery Reports crash database in whm panel 60.0 ( build 17) version local exploit
Pic:http://kkli.ir/C6LGY

#####################################

# Iranian Exploit DataBase And Security Team - iedb.ir

# Title : WHM Panel Mail Delivery Reports crash database Vulnerability

#

[ more ]  [ reply ]
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details 2016-11-14
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
tenth entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161114001.html.

Follow me on http://twitter.co

[ more ]  [ reply ]
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE 2016-11-13
Maxim Solodovnik (solomax apache org)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Apache Openmeetings is vulnerable to Remote Code
Execution via RMI deserialization attack

The issue was fixed in 3.1.2
All users are recommended to upgrade to Apache OpenMeetings 3

[ more ]  [ reply ]
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart 2016-11-12
unlimitsec gmail com
Description of the potential vulnerability:
Severity: Low
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart.
The patch fixes the vuln

[ more ]  [ reply ]
[SECURITY] [DSA 3711-1] mariadb-10.0 security update 2016-11-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3711-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 11, 2016

[ more ]  [ reply ]
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Microsoft Windows OTF Parsing Table Encoding Record Offset

Vulnerability

=================================================================

[ more ]  [ reply ]
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser 2016-11-10
tallison apache org
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.6-1.13

Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files. T

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected S

[ more ]  [ reply ]
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.

Th

[ more ]  [ reply ]
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10
nickyccwu tencent com
Document Title:
===============
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0

References (Source):
====================
https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-
sql-injection-vulnerability-in-exponent-cms-240-4
https://github.com/exponentcms/exponent-cms/com

[ more ]  [ reply ]
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventh entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
th

[ more ]  [ reply ]
[SECURITY] [DSA 3709-1] libxslt security update 2016-11-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3709-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 08, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution 2016-11-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053274
47

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05327447

Version: 1

HPSBGN03670 rev.1

[ more ]  [ reply ]
URL Redirection Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com
URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

De

[ more ]  [ reply ]
(Page 3 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus