BugTraq Mode:
(Page 5 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure 2015-08-12
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04751893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04751893
Version: 1

HPSBGN03386 r

[ more ]  [ reply ]
Update: Backdoor and RCE found in 8 TOTOLINK router models 2015-08-13
Pierre Kim (pierre kim sec gmail com)
Hello,

This is an update to:
- Backdoor and RCE found in 8 TOTOLINK router models
(http://seclists.org/fulldisclosure/2015/Jul/80 )
- Backdoor credentials found in 4 TOTOLINK router models
(http://seclists.org/fulldisclosure/2015/Jul/79 )
- 4 TOTOLINK router models vulnerable to CSRF and XSS

[ more ]  [ reply ]
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001) 2015-08-13
Bernhard Mueller (bernhard vantagepoint sg)
Vantage Point Security Advisory 2015-001
========================================

Title: Cisco Unified Communications Manager Multiple Vulnerabilities
Vendor: Cisco
Vendor URL: http://www.cisco.com/
Versions affected: <9.2, <10.5.2, <11.0.1.
Severity: Low to medium
Vendor notified: Yes
Reported: O

[ more ]  [ reply ]
[SECURITY] [DSA 3335-1] request-tracker4 security update 2015-08-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3335-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 13, 2015

[ more ]  [ reply ]
phpipam-1.1.010 XSS Vulnerability 2015-08-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt

Vendor:
================================
phpipam.net

Product:
======================================
phpipam-1.1.010

Vulnerability Type:
==

[ more ]  [ reply ]
PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users 2015-08-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt

Vendor:
================================
pfn.sourceforge.net

Product:
===================================
PHPfileNavigator v2.3.3 (p

[ more ]  [ reply ]
phpipam-1.1.010 XSS Vulnerability 2015-08-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt

Vendor:
================================
phpipam.net

Product:
======================================
phpipam-1.1.010

Vulnerability Type:
==

[ more ]  [ reply ]
BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability 2015-08-12
Blue Frost Security Research Lab (research bluefrostsecurity de)
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-001 12-August-2015
________________________________________________________________________
________

Vendor: Microso

[ more ]  [ reply ]
PHPfileNavigator 2.3.3 Persistent & Reflected XSS 2015-08-12
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt

Vendor:
================================
pfn.sourceforge.net

Product:
===================================
PHPfileNavigator v2.3.3 (p

[ more ]  [ reply ]
[SECURITY] [DSA 3332-1] wordpress security update 2015-08-11
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3332-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
August 11, 2015

[ more ]  [ reply ]
[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0 2015-08-11
Ken (catatonicprime gmail com)
Overview
===============
WiFi Pineapples are a penetration testing tool used in offensive
wireless activities. These devices run on a modified OpenWRT (based on
netBSD) operating system. They include a web-based management
interface.

It has been discovered they have predictable anti-CSRF tokens bas

[ more ]  [ reply ]
[SECURITY] [DSA 3333-1] iceweasel security update 2015-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3333-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2015

[ more ]  [ reply ]
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability 2015-08-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1571

Release Date:
=============
2015-08-12

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Windows Platform Binary Table (WPBT) - BIOS PE backdoor 2015-08-12
Kevin Beaumont (kevin beaumont gmail com) (2 replies)
PRECURSOR

There will be debate about if this is a vulnerability. It affects a
majority of user PCs -- including all Enterprise editions of Windows,
there is no way to disable it, and allows direct code execution into
secure boot sequences. I believe it is worth discussing.

SCOPE

Microsoft docum

[ more ]  [ reply ]
Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor 2015-08-13
Jerome Athias (athiasjerome gmail com)
RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor 2015-08-13
Limanovski, Dimitri (dimitri limanovski blackrock com)
Pdf Shaper Buffer Overflow 2015-08-12
metacom27 gmail com
##
# This module requires Metabuffer: http://metabuffer.com/download
# Current source: https://github.com/rapid7/metabuffer-framework
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
#Rank definition: http://dev.metabuffer.com/redmine/projects/framework/wiki/Exploit_Rankin
g
#Manu

[ more ]  [ reply ]
[SECURITY] [DSA 3334-1] gnutls28 security update 2015-08-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3334-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2015

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault
Predictable encryption passwordsfor Configuration Values

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault
Predictable Encryption Password for Secure Storage

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device

[ more ]  [ reply ]
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery 2015-08-12
Onapsis Research Labs (research onapsis com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault
Keystream Recovery

1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt creden

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2015-219-01) 2015-08-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-219-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3330-1] activemq security update 2015-08-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3330-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 07, 2015

[ more ]  [ reply ]
QNAP crypto keys logged on unencrypted disk partition in world accessible files 2015-08-07
Andreas Steinmetz (ast domdv de)
Affected devices:
=================

Probably all QNAP devices running the QNAP modified 3.12.6 kernel with
firmware older than 4.1.4 Build 0804.

Verified on TS-453S Pro and TVS-471, both with Firmware 4.1.4 Build
0522.

Probably fixed with Firmware 4.1.4 Build 0804 (incriminating message
gone, tho

[ more ]  [ reply ]
[slackware-security] mozilla-nss (SSA:2015-219-02) 2015-08-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-nss (SSA:2015-219-02)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
Device Inspector v1.5 iOS - Command Inject Vulnerabilities 2015-08-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Device Inspector v1.5 iOS - Command Inject Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1558

Release Date:
=============
2015-08-07

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability 2015-08-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1562

Video: http://www.vulnerability-lab.com/get_content.php?id=1561

Vulnerability Magazine: http://magazine.vuln

[ more ]  [ reply ]
Thomson Reuters FATCA - Arbitrary File Upload 2015-08-07
jakub palaczynski ingservicespolska pl
Title: Thomson Reuters FATCA - Arbitrary File Upload
Author: Jakub Pałaczyński
Date: 10. June 2015
CVE: CVE-2015-5951

Affected software:
==================

All versions of Thomson Reuters FATCA below v5.2

Exploit was tested on:
======================

Thomson Reuters FATCA v5.1.0.30

De

[ more ]  [ reply ]
[SECURITY] [DSA 3329-1] linux security update 2015-08-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3329-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 07, 2015

[ more ]  [ reply ]
(Page 5 of 1626)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus