BugTraq Mode:
(Page 3 of 1685)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
-----------------------------------------------------------------

Platforms / Firmware confirmed affected:
- Cisco EPC3925, ESIP-12-v302r125573-131230c_upc

Vulnerabilities
---------------
Default SSID and passphrase can be calculate

[ more ]  [ reply ]
[SECURITY] [DSA 3623-1] apache2 security update 2016-07-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3623-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2016

[ more ]  [ reply ]
CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603] 2016-07-19
Programa STIC (stic fundacionsadosky org ar)
Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Heap memory corruption in ASN.1 parsing code generated by Objective
Systems Inc. ASN1C compiler for C/C++

1. *Advisory Information*

Title: Heap memory corruption in ASN.1 parsing code generated by
Objective S

[ more ]  [ reply ]
Multiple SQL injection vulnerabilities in WordPress Video Player 2016-07-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple SQL injection vulnerabilities in WordPress Video Player
------------------------------------------------------------------------

David Vaartjes & Yorick Koster, July 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Icegram WordPress Plugin 2016-07-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Icegram WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin 2016-07-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress
Plugin
------------------------------------------------------------------------

Han Sahin, July 2016

------------------------------------------------------

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking 2016-07-19
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe
too) loads and executes multiple DLLs (in version 4.5 also
CMD.EXE) from its "application directory".

* version 4.5 ("Mars") on Windows 7:
UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll,
Slc.dll, NTMarta.dll, ProfAPI

[ more ]  [ reply ]
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186) 2016-07-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869

Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases

[ more ]  [ reply ]
APPLE-SA-2016-07-18-6 iTunes 12.4.2 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-6 iTunes 12.4.2

iTunes 12.4.2 for Windows is now available and addresses the following:

libxml2
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory h

[ more ]  [ reply ]
APPLE-SA-2016-07-18-5 Safari 9.1.2 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing i

[ more ]  [ reply ]
APPLE-SA-2016-07-18-4 tvOS 9.2.2 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-4 tvOS 9.2.2

tvOS 9.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue

[ more ]  [ reply ]
APPLE-SA-2016-07-18-3 watchOS 2.2.2 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-3 watchOS 2.2.2

watchOS 2.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may be able to execut

[ more ]  [ reply ]
APPLE-SA-2016-07-18-2 iOS 9.3.3 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-2 iOS 9.3.3

iOS 9.3.3 is now available and addresses the following:

Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a

[ more ]  [ reply ]
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 2016-07-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:

apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capita

[ more ]  [ reply ]
[SECURITY] [DSA 3622-1] python-django security update 2016-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3622-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016

[ more ]  [ reply ]
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking 2016-07-18
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

this is basically a followup to <http://seclists.org/oss-sec/2016/q1/58>

CVE-2016-1281 is NOT FIXED!

I've retested the current "VeraCrypt Setup 1.17.exe" on a fully
patched Windows 7, and it is STILL (or AGAIN) vulnerable there.

The following DLLs are loaded from the "application directo

[ more ]  [ reply ]
[SECURITY] [DSA 3621-1] mysql-connector-java security update 2016-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3621-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016

[ more ]  [ reply ]
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon 2016-07-18
bashis (mcw noemail eu)

#!/usr/bin/env python2.7
#
# [SOF]
#
# [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
# Research and development by bashis <mcw noemail eu> 2016
#
# This format string vulnerability has following characteristic:
# - Heap Based (Exploiting string locat

[ more ]  [ reply ]
Multiple vulns in Vodafone EasyBox 804 2016-07-17
Tim Schughart (info prosec-networks com)
Hi@all

#### General Information
## Report history:
Since 01.05. we have contacted the support of Vodafone 3 times. There has been no response until today.
Toady we release the vulnerabilities in hope that Vodafone will react.

## Vendor Information:
Vodafone is worldwide operating ISP.
Quotation of

[ more ]  [ reply ]
[SECURITY] [DSA 3620-1] pidgin security update 2016-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3620-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3619-1] libgd2 security update 2016-07-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3619-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2016

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-07-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 3

HPSBMU03562 r

[ more ]  [ reply ]
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

[ more ]  [ reply ]
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ER

[ more ]  [ reply ]
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for
WordPress
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability 2016-07-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

Advisory ID: cisco-sa-20160713-ncs6k

Revision 1.0

For Public Release 2016 July 13 16:00 UTC (GMT)

+-------------------------------------------------

[ more ]  [ reply ]
(Page 3 of 1685)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus