BugTraq Mode:
(Page 4 of 1627)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation 2015-08-18
Gregory Pickett (gpickett71 yahoo com)
Title
===================
Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation

Summary
===================
Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, is vulnerable to local privilege escalation via Command Injection. Cumu

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:20.expat 2015-08-18
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:20.expat Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3338-1] python-django security update 2015-08-18
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3338-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
August 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3337-1] gdk-pixbuf security update 2015-08-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3337-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3325-2] apache2 regression update 2015-08-18
Stefan Fritsch (sf debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3325-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Stefan Fritsch
August 18, 2015

[ more ]  [ reply ]
Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE 2015-08-18
rahfsk gmail com
ERPSCAN Research Advisory [ERPSCAN-15-013] SAP NetWeaver AS Java CIM
UPLOAD â?? XXE

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver AS Java 7.4, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 16.06.2014
Reported: 17.06.2014
Vendor response: 17.06.2014

[ more ]  [ reply ]
Re: [SECURITY] [DSA 3336-1] nss security update 2015-08-17
miguelmellolopes gmail com
....
.....

[ more ]  [ reply ]
EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) 2015-08-17
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

For detailed description see http://seclists.org/bugtraq/2015/Jul/51

New behavior introduced in CVE-2015-4532:

API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS='

[ more ]  [ reply ]
[SECURITY] [DSA 3336-1] nss security update 2015-08-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3336-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2015

[ more ]  [ reply ]
sysadmin privilege in EMC Documentum Content Server 2015-08-17
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content
Server, which allows users with sysadmin privileges to elevate their
privileges to superuser (see CVE-2011-4144). O

[ more ]  [ reply ]
Insufficient certificate validation in EMC Secure Remote Services Virtual Edition 2015-08-17
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Insufficient certificate validation in EMC Secure Remote Services
Virtual Edition
------------------------------------------------------------------------

Han Sahin, November 2014

----------------------------------------------

[ more ]  [ reply ]
Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal 2015-08-17
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Weak authentication in EMC Secure Remote Services Virtual Edition Web
Portal
------------------------------------------------------------------------

Han Sahin, November 2014

---------------------------------------------------

[ more ]  [ reply ]
[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE 2015-08-17
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-013] SAP NetWeaver AS Java CIM
UPLOAD â?? XXE

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver AS Java 7.4, probably others
Vendor URL: http://SAP.com
Bugs: XML External Entity
Sent: 16.06.2014
Reported: 17.06.2014
Vend

[ more ]  [ reply ]
[ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow 2015-08-17
ERPScan inc (erpscan online gmail com)
ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow
Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Buffer Overflow
Sent: 13.03.2015
Reported: 14.03.2015
Vendor response: 14.03.2015
Date of Publ

[ more ]  [ reply ]
ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability 2015-08-17
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability

EMC Identifier: ESA-2015-130

CVE Identifier: CVE-2015-4530

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected pr

[ more ]  [ reply ]
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities 2015-08-17
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities

EMC Identifier: ESA-2015-131

CVE Identifier: CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536

Severity Rating: CVSS v2 Base Score:

[ more ]  [ reply ]
ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities 2015-08-17
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities

EMC Identifier: ESA-2015-094

CVE Identifier: CVE-2015-0542

Severity Rating: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products:

RSA

[ more ]  [ reply ]
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities 2015-08-17
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities

EMC Identifier: ESA-2015-081

CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537

[ more ]  [ reply ]
Poor security in SOHO routers, again. Changing configuration parameters with a click. 2015-08-17
DonVallejo . (j v vallejo gmail com)
Hello all,

i would like to share with you a security issue that i found with some
Comtrend's routers and probably other manufacturer's routers.

The method would let us to configure some router models when a user
clicks a link created by us. I have not read about this method on the
internet, sorry

[ more ]  [ reply ]
Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2015-08-15
ahmadshafique live com
Hi there I know a person in France who is involved in using paypal for his stealing money purposes he ads credit card of anyone and purchase online with pay pal if i help paypal to arrest that man can i get rewarded..?

[ more ]  [ reply ]
vBulletin x.x.x rce "0day" 2015-08-15
Joshua Rogers (honey internot info)
Not really a 0day since it's fixed in some versions, but still an
exploit that doesn't seem to be "that" public. Please note, I didn't
find this.

vBulletin's memcache setting is vulnerable in certain versions(all
before 4.2.2) to an RCE. vBulletin seem to have refused to classify it
as a vulnerabil

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2015-226-01) 2015-08-14
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-226-01)

New mozilla-firefox packages are available for Slackware 14.1 to fix
security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozil

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2015-226-02) 2015-08-14
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2015-226-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor 2015-08-13
simon mungewell org
In reading the WPBT document from MS I think I see another problem; namely that the WPBT table can contain a 'command line' which is not signed (only checksum of table).

So on the assumption that you can insert the table into ACPI list that the BIOS present to OS (maybe with a flashed PCI perpheral

[ more ]  [ reply ]
(Page 4 of 1627)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus