BugTraq Mode:
(Page 4 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion 2016-06-06
Gregory Pickett (gpickett71 yahoo com)
rConfig v3.1.1 introduced whitelisting. This is how to get past that. :)

Greg

Verification of Vulnerability (for v3.1.1)
===================
The following steps can be carried out in duplicating this vulnerability.

Step 1:
Enter the following into your browser address bar:

http://<SERVER>/l

[ more ]  [ reply ]
[SECURITY] [DSA 3596-1] spice security update 2016-06-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3596-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3595-1] mariadb-10.0 security update 2016-06-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3595-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3548-3] samba regression update 2016-06-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-3 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3594-1] chromium-browser security update 2016-06-04
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3594-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 04, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:24.ntp 2016-06-04
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:24.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2016-155-01) 2016-06-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2016-155-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER 2016-06-03
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0515855
5

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158555
Version: 1

HPSBHF3548 - Linux Kernel F

[ more ]  [ reply ]
[security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access 2016-06-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05162399

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05162399
Version: 2

HPSBUX03616 S

[ more ]  [ reply ]
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability 2016-06-03
Brian Demers (bdemers apache org)
Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
1.0.0-incubating - 1.2.4

Description:
A default cipher key is used for the "remember me" feature when not
explicitly configured. A request that included a specially crafted
request parameter could be used to execute ar

[ more ]  [ reply ]
Notilus v2012 R3 - SQL injection 2016-06-03
alex_haynes outlook com
Exploit Title: Notilus SQL injection
Product: Notilus travel solution software
Vulnerable Versions: 2012 R3
Tested Version: 2012 R3
Advisory Publication: 03/06/2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
C

[ more ]  [ reply ]
[SECURITY] [DSA 3593-1] libxml2 security update 2016-06-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3593-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 02, 2016

[ more ]  [ reply ]
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability 2016-06-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-060

CVE Identifier: CVE-2016-0908

Severity Rating: CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected products:

? EMC

[ more ]  [ reply ]
Zoho OpManager < v12 2016-06-02
d_fens redbrick dcu ie
Reported these 27/08/2015 these were eventually fixed in version 12 because the entire application is based on emberjs now. There are no CVEs for these issues assigned nor is there any acknowledgement of the issues in any patches. Therefore only version 12 fixes these.

Multiple stored and reflected

[ more ]  [ reply ]
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) 2016-06-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157667

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157667
Version: 1

HPSBMU03607 r

[ more ]  [ reply ]
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway 2016-06-02
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Firmware EVW3226_1.0.20

[ more ]  [ reply ]
XML External Entity XXE vulnerability in OpenID component of Liferay 2016-06-02
Sandro Gauci (sandro enablesecurity com)
# XML External Entity XXE vulnerability in OpenID component of Liferay

- Author: Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
- Liferay reference: LPS-58014
- Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-life
ray

[ more ]  [ reply ]
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158380

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158380
Version: 1

HPSBMU03612

[ more ]  [ reply ]
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158626

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158626
Version: 1

HPSBOV03615 r

[ more ]  [ reply ]
[SECURITY] [DSA 3592-1] nginx security update 2016-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3592-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20160601-prime3

Revision 1.0

For Public Release 2016 June 1 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summa

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160601-prime

Version 1.0: Final

For public release: 2016 June 1 16:00 GMT

+--------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157423

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157423
Version: 1

HPSBGN03609 r

[ more ]  [ reply ]
[SECURITY] [DSA 3591-1] imagemagick security update 2016-06-01
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3591-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
June 01, 2016

[ more ]  [ reply ]
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU
TION.txt

[+] ISR: apparitionsec

Vendor:
==========
sourceforge.net
smsid

download linx:
sourceforge.net/projects/ajax-explorer/files/

Product:
=

[ more ]  [ reply ]
[SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3590-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 01, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:20.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:22.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:23.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:21.43bsd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
(Page 4 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus