BugTraq Mode:
(Page 1 of 1700)  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2013-1306: MSIE 9 MSHTML CDisp­Node::Insert­Sibling­Node use-after-free details 2016-12-08
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the twenty-eighth entry
in the series. This information is available in more detail on my blog
at http://blog.skylined.nl/20161208001.html. There you can find a repro
that triggered t

[ more ]  [ reply ]
[security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information 2016-12-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053494
99

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05349499

Version: 1

HPSBHF03674 rev.1

[ more ]  [ reply ]
Microsoft Remote Desktop Client for Mac Remote Code Execution 2016-12-07
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Vulnerability type: Undisclosed
Risk level: 4 / 5
Credit: filippo.cavallarin (at) wearesegment (dot) com [email concealed]
CV

[ more ]  [ reply ]
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security 2016-12-07
ESNC Security (secure esnc de)
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for
SAP Security

Please refer to https://www.esnc.de for the original security
advisory, updates, and additional information.

----------------------------------------------------------------------
1. Business Impact
---------------

[ more ]  [ reply ]
CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC 2016-12-06
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful,

[ more ]  [ reply ]
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption 2016-12-06
Berend-Jan Wever (berendj nwever nl)
FYI: this link to my blog was 404 until early this morning. It is now up
if you are still interested in reading it.

On 05-12-2016 11:55, Berend-Jan Wever wrote:
> Since November I have been releasing details on all vulnerabilities I
> found in web-browsers that I had not released before. I will try

[ more ]  [ reply ]
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used 2016-12-05
Eissing Stefan (stefan eissing gmail com)
Security Advisory - Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org

Server memory can be exhausted and service denied when HTTP/2 is used

CVE-2016-8740

The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on

[ more ]  [ reply ]
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity 2016-12-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-E
XFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
==========================
Windows Sys

[ more ]  [ reply ]
Microsoft Windows Media Center "ehshell.exe" XML External Entity 2016-12-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTE
R-XXE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
===========================

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-336-01) 2016-12-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-336-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 3

HPSBUX03665 rev.3

[ more ]  [ reply ]
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053475
41

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05347541

Version: 1

HPSBGN03680 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053448
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05344849

Version: 1

HPSBGN03677 rev.1

[ more ]  [ reply ]
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues 2016-11-30
FOXMOLE Advisories (advisories foxmole com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=== FOXMOLE - Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) - Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============

[ more ]  [ reply ]
[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053414
63

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05341463

Version: 1

HPSBHF03682 rev.1

[ more ]  [ reply ]
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler 2016-11-30
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code
Execution through the JavaScript Less Compiler

RedTeam Pentesting discovered behaviour in the Less.js compiler,
which allows execution of arbitrary code if an untrusted LESS file is
compiled.

Details
=======

Produc

[ more ]  [ reply ]
XSS in tooltip plugin of Zurb Foundation 5 2016-11-29
Winni Neessen (winni insecure so)
XSS vulnerabilty in the tooltip plugin of Zurb Foundation 5.x
=============================================================

URL to this advisory: https://nop.li/foundation5tooltipxss

Vendor
======
http://zurb.com/

Product
=======
(Taken from http://foundation.zurb.com/sites/docs/v/5.5.3/)
Foundat

[ more ]  [ reply ]
Google Chrome Accessibility blink::Node corruption details 2016-11-29
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-first entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these throug

[ more ]  [ reply ]
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic 2016-11-28
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161128-0 >
=======================================================================
title: Denial of service & heap-based buffer overflow
product: Guidance Software EnCase Forensic Imager & EnCase Forensic
vulnerable versi

[ more ]  [ reply ]
[SECURITY] [DSA 3725-1] icu security update 2016-11-27
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3725-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
November 27, 2016

[ more ]  [ reply ]
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow 2016-11-27
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFF
ER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.coreftp.com

Product:
========================
Core FTP LE (clie

[ more ]  [ reply ]
WorldCIST'2017 - Submission deadline: November 30 2016-11-26
ML (marialemos72 gmail com)
* Best papers published in several SCI/SSCI-indexed journals
** Proceedings by Springer, indexed by ISI, Scopus, DBLP, EI-Compendex, etc.

------------------------------------------------------------------------
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Po

[ more ]  [ reply ]
CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability 2016-11-25
Apache OpenOffice Security (orcmid apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-6803
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6803>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6803.html>

Title: Windows Installer Can Enable Privileged Trojan Execution

Version 1.0
Announced O

[ more ]  [ reply ]
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic 2016-11-25
Jackie Blanco (jackie sdiwc info)
*********************************************************************
Call for Participation

CyberSec2017: The Fifth International Conference on Cyber Security,
Cyber Welfare and Digital Forensic

22-24 April 2017, St. Mary's University, Addis Ababa, Ethiopia

https://goo.gl/mbDr7F

**************

[ more ]  [ reply ]
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update 2016-11-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3724-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 24, 2016

[ more ]  [ reply ]
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic 2016-11-25
Jackie Blanco (jackie sdiwc info)
*********************************************************************
Call for Participation

CyberSec2017: The Fifth International Conference on Cyber Security,
Cyber Welfare and Digital Forensic

22-24 April 2017, St. Mary's University, Addis Ababa, Ethiopia

https://goo.gl/mbDr7F

**************

[ more ]  [ reply ]
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update 2016-11-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3723-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 24, 2016

[ more ]  [ reply ]
WorldCIST'17 - Submission deadline: November 27 2016-11-24
ML (marialemos72 gmail com)
* Best papers published in SCI/SSCI-indexed journals
** Proceedings by Springer, indexed in ISI, Scopus, DBLP, EI-Compendex, etc.

------------------------------------------------------------------------
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto Sant

[ more ]  [ reply ]
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-107
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Low
Solution St

[ more ]  [ reply ]
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks 2016-11-24
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-071
Product: Smart GSM Alarm SA 2500 Kit
Manufacturer: Blaupunkt
Affected Version(s): v1.0
Tested Version(s): v1.0
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufactur

[ more ]  [ reply ]
(Page 1 of 1700)  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus