BugTraq Mode:
(Page 1 of 1655)  1 2 3 4 5 6 7 8 9 10 11  Next >
[slackware-security] mozilla-firefox (SSA:2016-042-01) 2016-02-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-042-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3473-1] nginx security update 2016-02-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3473-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 11, 2016

[ more ]  [ reply ]
Re: [oss-security] HTTPS Only (Open Source, Python) 2016-02-11
P J P (ppandit redhat com)
+-- On Thu, 11 Feb 2016, David Leo wrote --+
| If browser tries to access HTTP address,
| you will have three options:
| try HTTPS,
| Google Cache,
| or copy-and-paste the address.
|
| There is no option to "temporarily bypass HTTPS Only".
| You can always do that in another browser.
|
| Project H

[ more ]  [ reply ]
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-11
Securify B.V. (lists securify nl)

On 11-02-16 14:14, Stefan Kanthak wrote:
> "Securify B.V." <lists (at) securify (dot) nl [email concealed]> wrote:
>> Microsoft released MS16-014 that fixes this vulnerability.
> Such vulnerabilities can be exploited without Office or OLE
> (see "Example 7" of <http://seclists.org/fulldisclosure/2013/Jun/123>):
>
> [snip]
>
>

[ more ]  [ reply ]
Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10
Ratio Sec (ratiosec gmail com)
------------------------------------------------------------------------
-----------------------
RatioSec Research Security Advisory RS-2016-002
------------------------------------------------------------------------
-----------------------

Duplicator Wordpress Plugin Code And Database Dump Via CSRF

[ more ]  [ reply ]
Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Microsoft released MS16-014 that fixes this vulnerability.

On 16-12-15 19:27, Securify B.V. wrote:
> -----------------------------------------------

[ more ]  [ reply ]
MapsUpdateTask Task DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

MapsUpdateTask Task DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, November 2015

------------------------------------------------------------------------

[ more ]  [ reply ]
BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

BDA MPEG2 Transport Information Filter DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

-----------------------------------------------------

[ more ]  [ reply ]
NPS Datastore server DLL side loading vulnerability 2016-02-10
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

NPS Datastore server DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

-----------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20160210-asa-ike

Revision 1.0

For Public Release 2016 February 10 16:00 GMT (UTC)

+---------------------------------------------------

[ more ]  [ reply ]
Remote Code Execution in Exponent 2016-02-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23290
Product: Exponent
Vendor: http://www.exponentcms.org/
Vulnerable Version(s): 2.3.7 and probably prior
Tested Version: 2.3.7
Advisory Publication: January 13, 2016 [without technical details]
Vendor Notification: January 13, 2016
Vendor Patch: January 23, 2016
Public Disclos

[ more ]  [ reply ]
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1536

Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.h
tml

http

[ more ]  [ reply ]
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1706

Release Date:
=============
2016-02-10

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1715

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Getdpd Bug Bounty #6 - (Import) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1718

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10
Vantage Point Security (lists vantagepoint sg)
Vantage Point Security Advisory 2016-001
================================

Title: File Replication Pro Remote Command Execution
Vendor: File Replication Pro
Vendor URL: http://www.filereplicationpro.com/
Versions affected: =< 7.2.0
Severity: High
Vendor notified: Yes
Reported: 29 October 2015
Public

[ more ]  [ reply ]
SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SEC Consult Vulnerability Lab Security Advisory < 20160210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Yeager CMS
vulnerable version: 1.2.1
fixed

[ more ]  [ reply ]
ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10
graphx sigaint org
# ManageEngine EventLog Analyzer v10.8
# Date: 2/9/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://www.manageengine.com
# Version: 10.8

1 Description:
It is possible for a remote authenticated attacker using an unprivileged
account to gain access to the admin account via parameter manipula

[ more ]  [ reply ]
dotDefender Firewall CSRF 2016-02-10
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt


Vendor:
==================
www.applicure.com


Product:
=====================
dotDefender Firewall
Versions: 5.00.12865 / 5.13-13282


dotDefender is

[ more ]  [ reply ]
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216) 2016-02-09
Amit Klein (aksecurity gmail com)
Dear list

Safebreach just published an advisory on HTTP Response Splitting
vulnerability in Node.js:
http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf

The advisory is accompanied by a blog post:
http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js
-root-cause-analy

[ more ]  [ reply ]
ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities 2016-02-09
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities

EMC Identifier: ESA-2016-010

CVE Identifier: CVE-2016-0881, CVE-2016-0882

Severity Rating: CVSS v3 Base Score: Please refer the Details section for individual scores

[ more ]  [ reply ]
Privilege escalation Vulnerability in ManageEngine Network Configuration Management 2016-02-09
kingkaustubh me com
========================================================================
===========
Privilege escalation Vulnerability in ManageEngine Network Configuration Management
========================================================================
===========

. contents:: Table Of Content

Overview
=======

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-039-01) 2016-02-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-039-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[slackware-security] libsndfile (SSA:2016-039-02) 2016-02-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libsndfile (SSA:2016-039-02)

New libsndfile packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
[SECURITY] [DSA 3472-1] wordpress security update 2016-02-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3472-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 08, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3470-1] qemu-kvm security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3470-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3469-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3469-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3471-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3471-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: WordPress WP User Frontend Plugin [Unrestricted File
Upload]
* Discovery Date: 2016-02-04
* Public Disclosure: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://wedevs.com
* Software Link: https://wordpress.org/plugi

[ more ]  [ reply ]
(Page 1 of 1655)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus