BugTraq Mode:
(Page 1 of 1709)  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3816-1] samba security update 2017-03-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3816-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 2017-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These is

[ more ]  [ reply ]
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices 2017-03-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" 2017-03-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsof

[ more ]  [ reply ]
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM 2017-03-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Descr

[ more ]  [ reply ]
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability 2017-03-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

EMC Identifier: ESA-2017-010

CVE Identifier: CVE-2016-6650

Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Affected products:

[ more ]  [ reply ]
[SECURITY] [DSA 3796-2] sitesummary regression update 2017-03-20
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3796-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 20, 2017

[ more ]  [ reply ]
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2017-03-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c051218
42

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121842

Version: 2

HPSBUX03596 rev.2

[ more ]  [ reply ]
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service 2017-03-20
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SER
VICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY

[ more ]  [ reply ]
[SECURITY] [DSA 3813-1] r-base security update 2017-03-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3813-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3812-1] ioquake3 security update 2017-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3812-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3811-1] wireshark security update 2017-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3811-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017

[ more ]  [ reply ]
MS Internet Information Services XSS / HTML Injection vulnerability 2017-03-16
David FM (david fdmv gmail com)
Cross Site Scripting / HTML injection vulnerability in Microsoft
Internet Information Services web server

==================================

Versions Affected:

MS Internet Information services (All platforms and versions)

==================================

CVE Reference:

CVE-2017-0055

[ more ]  [ reply ]
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL

-REMOTE-FILE-ACCESS.txt
[+] ISR: ApparitionSec

Vendor:
=====================
mobaxterm.mobatek.net

Product:
===============================

[ more ]  [ reply ]
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products 2017-03-16
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170316-0 >
=======================================================================
title: Authenticated Command Injection
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE, TS-

[ more ]  [ reply ]
CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability 2017-03-16
wsachin092 gmail com
Vulnerability Title: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
Affected Product: USB Pratirodh
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : CVE-2017-6911
Severity: Medium

Description:

USB Pratirodh is prone to sensitive information disc

[ more ]  [ reply ]
[slackware-security] pidgin (SSA:2017-074-01) 2017-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pidgin (SSA:2017-074-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
Path Traversal Remote File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL
-REMOTE-FILE-ACCESS.txt
[+] ISR: ApparitionSec

Vendor:
=====================
mobaxterm.mobatek.net

Product:
============

[ more ]  [ reply ]
CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTER
NAL-ENTITY-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
=================
Windows

[ more ]  [ reply ]
Microsoft Edge Fetch API allows setting of arbitrary request headers 2017-03-14
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Edge Fetch API allows setting of arbitrary request headers
------------------------------------------------------------------------

Yorick Koster, January 2017

--------------------------------------------------------

[ more ]  [ reply ]
Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_virtuemart component version 1.6 suffers from a remote SQL injection vulnerability.
tested on 1.6
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@

[ more ]  [ reply ]
Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.2
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@

[ more ]  [ reply ]
Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.5
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@

[ more ]  [ reply ]
Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_fidecalendar component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.5
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@

[ more ]  [ reply ]
Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_registrationpro component version 1.x suffers from a remote SQL injection vulnerability.
tested on 1.2 and all version
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@

[ more ]  [ reply ]
Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_easyblog component version 1.4 suffers from a remote SQL injection vulnerability.
tested on 1.* and all version
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@

[ more ]  [ reply ]
Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory 2017-03-14
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the following advisory pages:

* Bamboo - https://confluence.atlassian.com/x/_slDN
* Crowd - https://confluence.atlassian.com/x/PMpDN
* HipChat Server - https://confluence.atlassian.com/x/lj1LN

CVE ID:

* CVE-2017-5638.

Produc

[ more ]  [ reply ]
[SECURITY] [DSA 3808-1] imagemagick security update 2017-03-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3808-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 13, 2017

[ more ]  [ reply ]
Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability 2017-03-12
iedb team gmail com
Joomla com_carocci component version 1.4 suffers from a remote SQL injection vulnerability.
tested on 1.4
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @

[ more ]  [ reply ]
Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability 2017-03-12
iedb team gmail com
Joomla com_kide component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.x
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@

[ more ]  [ reply ]
(Page 1 of 1709)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus