BugTraq Mode:
(Page 3 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2015-3251: Apache CloudStack VM Credential Exposure 2016-02-05
John Kinsella (jlk thrashyour com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2015-3251: Apache CloudStack VM Credential Exposure

CVSS v2:
6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1

Description:
Apache CloudStack provides an AP

[ more ]  [ reply ]
[SECURITY] [DSA 3466-1] krb5 security update 2016-02-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3466-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2016

[ more ]  [ reply ]
WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

* Exploit Title: WordPress User Meta Manager Plugin [Blind SQLI]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugi

[ more ]  [ reply ]
WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

* Exploit Title: WordPress User Meta Manager Plugin [Privilege Escalation]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress

[ more ]  [ reply ]
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1710

Apple Follow-up ID: 631627909

Video: http://www.vulnerability-lab.com/get_content.php?id=1711

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-034-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2016-034-03)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-034-04)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.1

[ more ]  [ reply ]
[slackware-security] MPlayer (SSA:2016-034-02) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] MPlayer (SSA:2016-034-02)

New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
AST-2016-002: File descriptor exhaustion in chan_sip 2016-02-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-002

Product Asterisk
Summary File descriptor exhaustion in chan_sip
Nature of Advisory Denial of Service

[ more ]  [ reply ]
AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data. 2016-02-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-003

Product Asterisk
Summary Remote crash vulnerability when receiving UDPTL FAX
data.

[ more ]  [ reply ]
AST-2016-001: BEAST vulnerability in HTTP server 2016-02-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-001

Product Asterisk
Summary BEAST vulnerability in HTTP server
Nature of Advisory Unauthorized data disclosure due to

[ more ]  [ reply ]
[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300 2016-02-04
Pedro Ribeiro (pedrib gmail com)
Hi,

CERT/CC has helped me disclose two vulnerabilities in NETGEAR's
Pro"safe" Network Management System 300 [1]. Two classical bugs: one
remote code execution via arbitrary file upload and an authenticated
arbitrary file download.

The full advisory can be seen in my repo at [2] and it is also past

[ more ]  [ reply ]
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability 2016-02-03
David Coomber (davidcoomber infosec gmail com)
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
--
http://www.info-sec.ca/advisories/Dell-SecureWorks.html

Overview

"Access your critical Dell SecureWorks security information on the go."

"With the Dell SecureWorks Mobile App you can:

* Quickly respond to security incidents

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

Advisory ID: cisco-sa-20160203-n9knci

Revision 1.0

For Public Release 2016 February 3 16:00 UTC (GMT)

+---------------------------------------------------------------------

Sum

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20160203-prsm

Revision: 1.0

For Public Release 2016 February 03 16:00 UTC (GMT)

+----------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2016-02-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability

Advisory ID: cisco-sa-20160203-apic

Revision: 1.0

For Public Release 2016 February 03 16:00 UTC (GMT)

+-----------------------------------------

[ more ]  [ reply ]
Security Advisories 2016-02-03
Portcullis Advisories (advisories portcullis-security com)
Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300
CVE: CVE-2014-2045
Vendor: Viprinet
Product: Multichannel VPN Router 300
Affected version: 2013070830/2013080900
Fixed version: 2014013131/2014020702
Reported by: Tim Brown
Details:

The data su

[ more ]  [ reply ]
Soso Transfer v1.1 iOS - Denial of Service Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Soso Transfer v1.1 iOS - Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1703

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities 2016-02-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1704

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
SimpleView CRM - Client Side Open Redirect Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SimpleView CRM - Client Side Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1668

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1464

ID: #14770

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
========

[ more ]  [ reply ]
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability 2016-02-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1705

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
Mezzanine CMS 4.1.0 XSS 2016-02-03
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Dj

[ more ]  [ reply ]
Mezzanine CMS 4.1.0 Arbitrary File Upload 2016-02-03
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-
UPLOAD.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using th

[ more ]  [ reply ]
ASUS RT-N56U Persistent XSS 2016-02-02
graphx sigaint org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239

1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the user

[ more ]  [ reply ]
TimeClock - Multiple SQL Injections 2016-02-02
marcelabx gmail com
#############################
Exploit Title : Multiple SQL injections
Author:Marcela Benetrix
Date: 02/03/2016
version: 0.995 (older version may be vulnerable too)
software link:http://timeclock-software.net

#############################
Timeclock software

Timeclock-software.net's free software pr

[ more ]  [ reply ]
[SECURITY] [DSA 3465-1] openjdk-6 security update 2016-02-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3465-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2016

[ more ]  [ reply ]
MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS 2016-02-02
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker
Name: XSS Vulnerability in MailPoet Newsletters
Affected Software : MailPoet Newsletters
Affected Versions: v2.6.19 and possibly below
Vendor Homepage : http://www.mailpoet.com/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE

[ more ]  [ reply ]
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Following up inline...

On Sat, 30 Jan 2016 12:13:46 +0100, <t.schughart () prosec-networks
com> wrote:

> Hi@all,
>
> VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior
> versions with DKIM implementation are vulnerable to longterm Mail
>

[ more ]  [ reply ]
(Page 3 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus