BugTraq Mode:
(Page 4 of 1653)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities 2016-01-25
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: Lenovo ShareIT Multiple Vulnerabilities
Advisory ID: CORE-2016-0002
Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabi
lities
Date published: 2016-01-25
Date of last update: 2016-01-22
Vendors contacted: Lenovo
Release mode: Coordina

[ more ]  [ reply ]
Authentication bypass in PHP File Manager 0.9.8 2016-01-25
Imre Rad (imre rad search-lab hu)
PHP File Manager 0.9.8 (http://phpfm.sourceforge.net/) is vulnerable
to authentication bypass due to insecure implementation of register
globals emulation. An attacker is able to override the blockKeys array
and thus build a valid session and access all the protected
functionality (including executi

[ more ]  [ reply ]
APPLE-SA-2016-01-25-1 tvOS 9.1.1 2016-01-25
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-25-1 tvOS 9.1.1

tvOS 9.1.1 is now available and addresses the following:

Disk Images
Available for: Apple TV (4th generation)
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory

[ more ]  [ reply ]
Magento 1.9.x Multiple Man-In The Middle 2016-01-25
cxsecurity protonmail com
Magento 1.9.x Multiple Man-In The Middle
https://cxsecurity.com/issue/WLB-2016010129

--- Description ---
The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different tech

[ more ]  [ reply ]
glibc catopen() Multiple unbounded stack allocations 2016-01-25
cxsecurity protonmail com
glibc catopen() Multiple unbounded stack allocations
URL: https://cxsecurity.com/issue/WLB-2016010149

---------------------------------------
PoC:

#include <nl_types.h>
#include <string.h>
#include <stdlib.h>

int main(){

char *buff;
buff=malloc(11111111);
memset(buff,'A',11111110);
buff[11111110

[ more ]  [ reply ]
[SECURITY] [DSA 3453-1] mariadb-10.0 security update 2016-01-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3453-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 25, 2016

[ more ]  [ reply ]
WP Easy Gallery v4.1.4 Stored XSS Vulnerability 2016-01-26
Rahul Pratap Singh (techno rps gmail com)
#Product : WP Easy Gallery
#Exploit Author : Rahul Pratap Singh
#Version : 4.1.4
#Home page Link : https://wordpress.org/plugins/wp-easy-gallery
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 26/Jan/2016

XSS Vulnerability:

----

[ more ]  [ reply ]
PHP LiteSpeed SAPI secret key improper disposal 2016-01-25
Imre RAD (imre rad search-lab hu)
In suEXEC_Daemon mode of the LiteSpeed web server spawns one PHP master
process during startup. It is running as root and accepts LSAPI
requests, which in turn specify what user under the script should run.
The LSAPI request is authenticated with a MAC, which is based on
preshared random key between

[ more ]  [ reply ]
PHP-FPM fpm_log.c memory leak and buffer overflow 2016-01-25
Imre RAD (imre rad search-lab hu)
The FastCGI Process Manager (FPM) SAPI of PHP was vulnerable to memory
leak and buffer overflow in the access logging feature.

PHP-FPM offers customization of the access log lines based on format
string variables which can be specified with the access.format option of
the FPM configuration file.
Th

[ more ]  [ reply ]
Remote shutdown vulnerability in Buffalo NAS (Linkstation 420) 2016-01-24
zemnmez googlemail com
The Buffalo NAS device includes a web interface located at its IP address. A shutdown of the device can be initiated without confirmation by loading the endpoint /shutdown.html on this address. This shutdown powers off the device, requiring physical access to restart.

The shutdown webpage has no sp

[ more ]  [ reply ]
ZyXel WAP3205 v1 Multiple XSS 2016-01-23
graphx sigaint org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

#Vendor: ZyXel WAP3205 - version 1 (Product is EOL and no patch
forthcoming)
#Firmware version: V1.00(BFR.6) - V1.00(BFR.8)C0
#Exploit Author: Nicholas Lehman @GraphX
#Vulnerability: Multiple persistent and reflected XSS vulnerabilities

Description

[ more ]  [ reply ]
HP ToComMsg DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

HP ToComMsg DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

------------------------------------------------------------------------

Abstrac

[ more ]  [ reply ]
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities 2016-01-23
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities
------------------------------------------------------------------------

Yorick Koster, September 2015

-------------------------------------------------------

[ more ]  [ reply ]
HP LaserJet Fax Preview DLL side loading vulnerability 2016-01-23
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

HP LaserJet Fax Preview DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

--------------------------------------------------------------------

[ more ]  [ reply ]
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto 2016-01-23
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XMB-WEAK-CRYPTO.txt

Vendor:
==============
xmbforum2.com

Product:
======================================
XMB - eXtreme Message Board v1.9.11.13
XMB forum software is open sourc

[ more ]  [ reply ]
imageone Cms Multiple vulnerabilities 2016-01-23
iedb team gmail com
Sql and Xss vulnerability in imageone Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@

[ more ]  [ reply ]
[SECURITY] [DSA 3452-1] claws-mail security update 2016-01-23
Ben Hutchings (benh debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3452-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
January 23, 2016

[ more ]  [ reply ]
imageone Cms Multiple vulnerabilities 2016-01-23
iedb team gmail com
Sql and Xss vulnerability in imageone Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@

[ more ]  [ reply ]
January 2016 - Bamboo - Critical Security Advisory 2016-01-22
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/VzlZLw .

CVE IDs:
* CVE-2014-9757 - Deserialisation in Smack.
* CVE-2015-8360 - Deserialisation in Bamboo.
* CVE-2015-8361 - Missing authentication checks i

[ more ]  [ reply ]
[SECURITY] [DSA 3451-1] fuse security update 2016-01-21
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3451-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
January 20, 2016

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe" 2016-01-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

executable installers [°] created with the WiX Toolset (see
<http://wixtoolset.org/>, and of course the WiX Toolset installer
itself too) resp. using its bootstrapper "burn.exe" are vulnerable:
see <https://www.firegiant.com/blog/2016/1/20/wix-v3.10.2-released/>

1. They load and execute a

[ more ]  [ reply ]
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices 2016-01-21
SEC Consult Vulnerability Lab (research sec-consult com)
Disclaimer:
Although the backdoor vulnerability is quite a serious matter, we
have published an accompanying blog post to this technical advisory
which sheds a more funny light on this topic. Visit our blog at
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account
-in.html
for more

[ more ]  [ reply ]
Oracle HtmlConverter.exe Buffer Overflow 2016-01-21
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-HTMLCONVERTER-BUFFER-O
VERFLOW.txt

Vendor:
===============
www.oracle.com

Product:
========================================
Java Platform SE 6 U24 HtmlConverter.exe
Prod

[ more ]  [ reply ]
QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys 2016-01-20
issues github com
QuickAuth Pebble application loads the configuration page via HTTP. As such it is possible for an attacker to setup and use a MITM proxy to inject Javascript which posts the key to an external site to steal the TOTP keys as they are being updated on the Pebble app.

Original GitHub issue : https://g

[ more ]  [ reply ]
Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com
Vendor Response Continuation
============================
KNOX 2.0 fixes the issue. KNOX 2.3 makes some further improvements (with the introduction of Sensitive Data Protection), but even KNOX 2.0 has a different key derivation scheme.

[ more ]  [ reply ]
Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3 2016-01-19
urikanonov gmail com
Vendor Response Continuation
============================
The issue is a limitation of the KNOX 1.0 architecture, which was removed by KNOX 2.0. VPNs that implement their own certificate pinning can be trusted with KNOX 1.0 containers, as a result. The vendor encourages users to upgrade to KNOX 2.x.

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability

Advisory ID: cisco-sa-20160120-d9036

Revision 1.0

For Public Release 2016 January 20 16:00 UTC (GMT)
+----------------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3450-1] ecryptfs-utils security update 2016-01-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3450-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 20, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability 2016-01-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160120-ucsm

Revision: 1.0

For Public Release 2016 January 20 16:00 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8 2016-01-20
bugtraq internetwache org
Hello,

Vulnerability information
===============
Date: 13th January 2016
Product: Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8
Vendor: OpenVAS <http://www.openvas.org/>
Risk: Low, CVSS 1.9 (AV:A/AC:M/Au:M/C:P/I:N/A:N)

Description
===============
It has been identified that Greenbone Se

[ more ]  [ reply ]
(Page 4 of 1653)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus