BugTraq Mode:
(Page 4 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access 2016-07-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05184351

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05184351
Version: 1

HPSBHF03613 r

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-187-01) 2016-07-05
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-187-01)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and
- -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
Putty (beta 0.67) DLL Hijacking Vulnerability 2016-07-05
wsachin092 gmail com
/*
Exploit Title: Putty DLL Hijacking Exploit ( UxTheme.dll or ntmarta.dll )
Vendor Homepage:https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
Author: Sachin Wagh (@tiger_tigerboy)
Linkedin: https://in.linkedin.com/in/sachin-wagh-95b17555
Affected Version: beta 0.67
Tested on: Windows 7 Ulti

[ more ]  [ reply ]
Apple Safari for Mac OS X SVG local XXE 2016-07-05
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA16-003
Title: Apple Safari for Mac OS X SVG local XXE
Product: Apple Safari for Mac OS X
Version: 9.1.1 and probably prior
Vendor: apple.com
Vulnerability type: XXE
Risk level: Medium
Credit: Filippo Cavallarin - wearesegment.com
CVE: N/A
Vendor notification: 2015-04-08
Vendor fix:

[ more ]  [ reply ]
Syslog Server "npriority" field remote Denial of Service vulnerability 2016-07-04
chaoyi huang connect polyu hk
Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server

Software Version : Syslog Server 1.2.3

Vendor: https://sourceforge.net/p/syslog-server/

Vulnerability Published : 2016-07-02

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base :

[ more ]  [ reply ]
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c 2016-07-04
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.6/kernel/auditsc.c, and crafted user space data change under race condition will make control strings processe

[ more ]  [ reply ]
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability 2016-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1868

Release Date:
=============
2016-07-04

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability 2016-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1867

Release Date:
=============
2016-07-01

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
[CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c 2016-07-04
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.6/drivers/platform/chrome/cros_ec_dev.c, and crafted user space data change under race condition will lead to

[ more ]  [ reply ]
[SECURITY] [DSA 3616-1] linux security update 2016-07-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3616-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 04, 2016

[ more ]  [ reply ]
WebCalendar v1.2.7 CSRF Protection Bypass 2016-07-04
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE
CTION-BYPASS.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.k5n.us/webcalendar.php

Product:
==================

[ more ]  [ reply ]
WebCalendar v1.2.7 CSRF Protection Bypass 2016-07-04
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE
CTION-BYPASS.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.k5n.us/webcalendar.php

Product:
==================

[ more ]  [ reply ]
WebCalendar v1.2.7 CSRF Protection Bypass 2016-07-04
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTE
CTION-BYPASS.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.k5n.us/webcalendar.php

Product:
==================

[ more ]  [ reply ]
HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation 2016-07-04
Andrey B. Panfilov (andrew panfilov tel)
Vendor: EMC
Product: Documentum WDK-based applications, all versions
Security impact: high

All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator,
EPFM) contain extremely dangerous web component â?? API Tester. The â??API Testerâ? component
wanâ??t designed with

[ more ]  [ reply ]
WebCalendar v1.2.7 PHP Code Injection 2016-07-04
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-I
NJECTION.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.k5n.us/webcalendar.php

Product:
==================
WebC

[ more ]  [ reply ]
[FD]CVE ID request : SQL injection in 24Online Client 2016-07-03
rahullraz gmail com
Software name: 24 online
Version: 8.3.6 build 9.0
Vendor website: http://24onlinebilling.com

Potentially others versions older than this are vulnerable too.

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The invoiceid GET parameter

[ more ]  [ reply ]
[SECURITY] [DSA 3614-1] tomcat7 security update 2016-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3614-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3615-1] wireshark security update 2016-07-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3615-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3613-1] libvirt security update 2016-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3613-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016

[ more ]  [ reply ]
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage 2016-07-02
Robbie Gemmell (robbie apache org)
[CVE-2016-4974] Apache Qpid: deserialization of untrusted input while
using JMS ObjectMessage

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Qpid AMQP 0-x JMS client 6.0.3 and earlier
Qpid JMS (AMQP 1.0) client 0.9.0 and earlier

Description:
When applications call g

[ more ]  [ reply ]
[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information 2016-07-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05193347

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193347
Version: 1

HPSBGN03627 r

[ more ]  [ reply ]
[SECURITY] [DSA 3612-1] gimp security update 2016-07-01
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3612-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 01, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam 2016-07-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05193083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193083
Version: 1

HPSBGN03626 r

[ more ]  [ reply ]
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability 2016-07-01
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

1. Vulnerability Details

Affected Vendor: SQLi

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking 2016-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer for Microsoft's Visual Studio 2015
Community Edition, available from <https://www.visualstudio.com/>,
is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1
it loads the following DLLs from its "application directory"
instead of Windows' "system directory"

[ more ]  [ reply ]
Logic security flaw in TP-LINK - tplinklogin.net 2016-07-01
Info cybermoon cc
TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration.

The domain is available to buy via escort service, so potential attacker can get it, it's all about money.

There is unknown holder who have the domai

[ more ]  [ reply ]
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under race condition will lead to consequenc

[ more ]  [ reply ]
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to cons

[ more ]  [ reply ]
CA20160627-01: Security Notice for Release Automation 2016-06-30
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow

[ more ]  [ reply ]
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update 2016-06-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3611-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016

[ more ]  [ reply ]
(Page 4 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus