BugTraq Mode:
(Page 5 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3701-2] nginx regression update 2016-10-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 28, 2016

[ more ]  [ reply ]
APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows 2016-10-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows

iTunes 12.5.2 for Windows is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of use

[ more ]  [ reply ]
[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information 2016-10-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053201
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05320149

Version: 1

HPSBMU03653 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege 2016-10-27
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0523964
6

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05239646
Version: 1

HPSBHF3549 ThinkPwn UEFI BI

[ more ]  [ reply ]
CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-26
Dawid Golunski (dawid legalhackers com)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-

[ more ]  [ reply ]
[SECURITY] [DSA 3700-1] asterisk security update 2016-10-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3700-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 25, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3701-1] nginx security update 2016-10-25
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3701-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 25, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED] 2016-10-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path 2016-10-25
Dennis E. Hamilton (orcmid apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-6804
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6804.html>

Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Version

[ more ]  [ reply ]
wincvs-2.0.2.4 Privilege Escalation 2016-10-25
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.t
xt

[+] ISR: ApparitionSec

Vendor:
======================
cvsgui.sourceforge.net
www.wincvs.org

Product:
===========
WinCvs v2.1.1.1

[ more ]  [ reply ]
APPLE-SA-2016-10-24-3 Safari 10.0.1 2016-10-24
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-10-24-3 Safari 10.0.1

Safari 10.0.1 is now available and addresses the following:

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may le

[ more ]  [ reply ]
[SECURITY] [DSA 3698-1] php5 security update 2016-10-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3698-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2016

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-22
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Puppet Enterprise Web Interface User Enumeration 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
===============================
Puppet Enterprise Web Interfa

[ more ]  [ reply ]
Puppet Enterprise Web Interface Authentication Redirect 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIREC
T.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web

[ more ]  [ reply ]
Oracle Netbeans IDE v8.1 Import Directory Traversal 2016-10-21
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY
-TRAVERSAL.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.oracle.com

Product:
=================
Netbeans IDE v8.1

Vulne

[ more ]  [ reply ]
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2016-10-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-111

CVE Identifier: CVE-2016-0909

Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affe

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!

One of the many possible causes: Windows Update Client runs out of
(virtual) memory dur

[ more ]  [ reply ]
[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability 2016-10-20
dirtycow dirtcow ninja
Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195

Redhat: https://access.redhat.com/security/cve/cve-2016-5195

FAQ: https://dirtycow.ninja/

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory 2016-10-20
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

on x64 editions of Windows, RegEdit.exe exists both as
%windir%\regedit.exe and %windir%\SysWOW64\regedit.exe.

<https://msdn.microsoft.com/en-us/library/aa384187.aspx> states

| [...] whenever a 32-bit application attempts to access [...]
| %windir%\regedit.exe is redirected to %windir%\Sy

[ more ]  [ reply ]
[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution 2016-10-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053137
43

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05313743
Version: 1

HPSBGN03663 rev.1 - HPE ArcS

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability 2016-10-19
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20161019-asa-idfw

Revision: 1.0

For Public Release 2016 October 19 16:00 GMT

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
[SECURITY] [DSA 3695-1] quagga security update 2016-10-18
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3695-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
October 18, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3694-1] tor security update 2016-10-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3694-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 18, 2016

[ more ]  [ reply ]
[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability 2016-10-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver KERNEL

Versions Affected: SAP NetWeaver KERNEL 7.0-7.5

Vendor URL: http://SAP.com

Bugs: Denial of Service

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 12.07.2016

Reference: SAP Security Note 2295238

Author: Dmitry

[ more ]  [ reply ]
[SECURITY] [DSA 3693-1] libgd2 security update 2016-10-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3693-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 14, 2016

[ more ]  [ reply ]
Evernote for Windows DLL Loading Remote Code Execution Vulnerability 2016-10-14
mehta himanshu21 gmail com
Aloha,

Summary
Evernote contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'Evernote_6.1.2.2292.exe' improperly. And it allows an attacker to load th

[ more ]  [ reply ]
[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information 2016-10-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053075
89

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05307589
Version: 1

HPSBNS03661 rev.1 - NonStop

[ more ]  [ reply ]
Snort v2.9.7.0-WIN32 DLL Hijack 2016-10-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.snort.org

Product:
===================
Snort v2.9.7.0-WIN32

Snort is an open-source, fre

[ more ]  [ reply ]
ZendStudio IDE v13.5.1 Privilege Escalation 2016-10-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALAT
ION.txt

[+] ISR: ApparitionSec

Vendor:
============
www.zend.com

Product:
======================
ZendStudio IDE v13.5.1

Zend Stud

[ more ]  [ reply ]
(Page 5 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus