BugTraq Mode:
(Page 4 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. 2017-04-19
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7220
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC:

https://gist.github.com/andreybpanfilov/d879248

[ more ]  [ reply ]
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-19
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Product: Squirrelmail
Version: 1.4.22 and probably prior
Vendor: squirrelmail.org
Type: Command Injection
Risk level: 4 / 5
Credit:

[ more ]  [ reply ]
[slackware-security] minicom (SSA:2017-108-01) 2017-04-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] minicom (SSA:2017-108-01)

New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset 2017-04-18
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-R
EMOTE-PASSWORD-RESET.txt
[+] ISR: ApparitionSec

Vendor:
================
www.mantisbt.org

Product:
==================

[ more ]  [ reply ]
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability 2017-04-18
Simon Steiner (simonsteiner1984 gmail com)
CVE-2017-5661:
Apache XML Graphics FOP information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
FOP 1.0 - 2.1

Description:
Files lying on the filesystem of the server which uses batik can
be re

[ more ]  [ reply ]
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 2017-04-17
Bryan Call (bcall apache org)
There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0.

Downloads:
https://trafficserver.apache.org/downloads

Jira Ticket:
ttps://issues.apache.org/jira/browse/TS-5019

CVE
https://www.cve.m

[ more ]  [ reply ]
Watchguard Fireware XXE DoS & User Enumeration 2017-04-17
David Fernandez (david fdmv gmail com)
Watchguardâ??s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the

[ more ]  [ reply ]
concrete5 v8.1.0 Host Header Injection 2017-04-14
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-
INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.concrete5.org

Product:
================
concrete5

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-103-01) 2017-04-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-103-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data 2017-04-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03728en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03728en_us

Version: 1

HP

[ more ]  [ reply ]
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-009
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Risk Le

[ more ]  [ reply ]
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-008
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Open
M

[ more ]  [ reply ]
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-007
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufactu

[ more ]  [ reply ]
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-006
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: High
Solution Status: Ope

[ more ]  [ reply ]
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-005
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open

[ more ]  [ reply ]
April 2017 - HipChat Server Advisory 2017-04-13
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE ID:

* CVE-2017-7357.

Product: Hipchat Server.

Affected Hipchat Server product versions:
All versions < 2.2.3

Fixed Hipchat Server product versions:
2.2.3

Summary:
This advisory discloses a critical severity security vulnerability
that was

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) 2017-04-12
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date:

[ more ]  [ reply ]
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SE
RVICE.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
===========
MXView v2.8

Download:
http://ww

[ more ]  [ reply ]
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVA
TE-KEY-DISCLOSURE.txt
[+] ISR: APPARITIONSEC

Vendor:
============
www.moxa.com

Product:
===========
MXview V2.8

Downloa

[ more ]  [ reply ]
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-
EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
=======================
MX-AOPC UA

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp 2017-04-12
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:03.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3829-1] bouncycastle security update 2017-04-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3829-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 11, 2017

[ more ]  [ reply ]
Microsoft Office OneNote 2007 DLL side loading vulnerability 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Office OneNote 2007 DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

--------------------------------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in Proxifier for Mac 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in Proxifier for Mac
------------------------------------------------------------------------

Yorick Koster, April 2017

------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5648 Apache Tomcat Information Disclosure

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected

Descrip

[ more ]  [ reply ]
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5651 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected

Description:
The refactoring of the HTTP connectors

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities 2017-04-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted,

[ more ]  [ reply ]
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode 2017-04-09
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
[Original post can be found here:
https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-ch
romebooks-persist-certain-network-settings-in-guest-mode/]

SUMMARY

Certain network settings in ChromeOS / ChromeBooks persists between
reboots when set in guest mode. These issues have been re

[ more ]  [ reply ]
Foscam All networked devices, multiple Design Errors. SSL bypass. 2017-04-09
nick m mckenna gmail com
Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are val

[ more ]  [ reply ]
[slackware-security] libtiff (SSA:2017-098-01) 2017-04-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libtiff (SSA:2017-098-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-

[ more ]  [ reply ]
(Page 4 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus