BugTraq Mode:
(Page 5 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3301-1] haproxy security update 2015-07-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3301-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 05, 2015

[ more ]  [ reply ]
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request 2015-07-06
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 127 ipTIME router models vulnerable to an unauthenticated RCE
by sending a crafted DHCP request
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt
Blog URL: https://pierrekim.github.io/blog/2015-

[ more ]  [ reply ]
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1472

Ebay Inc Security ID: EIBBP-31808

Release Date:
=============
2015-07-02

Vulnerability Laboratory ID (VL-

[ more ]  [ reply ]
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability 2015-07-03
Federico Fazzi (federico fazzi gmail com)
--------------------------------------------------------
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
--------------------------------------------------------

Vendor
------

https://www.snorby.org/

Version
-------

2.6.2

Description
-----------

During my research and testing of new

[ more ]  [ reply ]
Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled 2015-07-03
Kevin Beaumont (kevin beaumont gmail com)
SCOPE

Every version of Microsoft Office on every Windows OS includes a
feature called OLE Packager, allowing content to be embedded in
documents. This includes executable content (.exe, .js, .vbe etc) -
there is no restriction of embeddable content. There is no way to
disable or restrict this fun

[ more ]  [ reply ]
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Document Title:
===============
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1541

Release Date:
=============
2015-07-02

Vulnerability Laboratory ID (VL-ID):
==

[ more ]  [ reply ]
[SECURITY] [DSA 3300-1] iceweasel security update 2015-07-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3300-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 04, 2015

[ more ]  [ reply ]
WK UDID v1.0.1 iOS - Command Inject Vulnerability 2015-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WK UDID v1.0.1 iOS - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1539

Release Date:
=============
2015-07-01

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Ruxcon 2015 Final Call For Presentations 2015-07-06
cfp ruxcon org au
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th

[ more ]  [ reply ]
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0 2015-07-03
Alessandro Zala (Alessandro Zala csnc ch)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: Xpert.Line
# Vendor: Soreco AG [1]
# CVE ID: CVE-2015-3442
# Sub

[ more ]  [ reply ]
SQL Injection in easy2map wordpress plugin v1.24 2015-07-02
Larry W. Cashdollar (larry0 me com)
Title: SQL Injection in easy2map wordpress plugin v1.24
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-08
Download Site: https://wordpress.org/plugins/easy2map
Vendor: Steven Ellis
Vendor Notified: 2015-06-08, fixed in v1.25
Vendor Contact: https://profiles.wordpress.org/stevenellis/
Advisory:

[ more ]  [ reply ]
ipTIME n104r3 vulnerable to CSRF and XSS attacks 2015-07-02
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: iptime n104r3 vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x01.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-03-iptime-n104r3-vulnerable-to-
CSRF-and-XSS

[ more ]  [ reply ]
[SECURITY] [DSA 3299-1] stunnel4 security update 2015-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3299-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2015

[ more ]  [ reply ]
ToorCon 17 Call For Papers! 2015-07-01
h1kari (h1kari toorcon org)
TOORCON 17 CALL FOR PAPERS

It's that time of year again! ToorCon 17 is coming so get your code
finished and submit a talk this time around. We're letting you decide
if you want to be a part of our 50-minute talks on Saturday, 20-minute
talks on Sunday, and 75-minute talks for our Deep Knowledge Sem

[ more ]  [ reply ]
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... 2015-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.

QuickTime 7.7.7, QuickTime.msi

unquoted pathname of executables in command line

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell

[ more ]  [ reply ]
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models) 2015-07-01
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please find a text-only version below sent to security mailing-lists.

The complete version on exploits about my last advisory of ipTIME
products is posted here:

https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-ipt
ime-router-

[ more ]  [ reply ]
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

? EMC Isilon OneFS 7.2.0

[ more ]  [ reply ]
Path Traversal in BlackCat CMS 2015-07-01
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1

[ more ]  [ reply ]
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

[ more ]  [ reply ]
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected pro

[ more ]  [ reply ]
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities 2015-07-01
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

CVE Identifier: CVE-2015-0551, CVE-2015-4524

Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs

Affected products:

? EMC Documentu

[ more ]  [ reply ]
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1538

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1463

EIBBP-31602

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
=======

[ more ]  [ reply ]
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability 2015-07-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1431

Release Date:
=============
2015-06-30

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects 2015-07-01
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On April 2014 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to elevate privileges, hijack Content Server
filesystem or execute arbitrary command

[ more ]  [ reply ]
APPLE-SA-2015-06-30-6 iTunes 12.2 2015-07-01
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-6 iTunes 12.2

iTunes 12.2 is now available and addresses the following:

WebKit
Available for: Windows 8 and Windows 7
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected appli

[ more ]  [ reply ]
[SECURITY] [DSA 3298-1] jackrabbit security update 2015-06-30
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3298-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Markus Koschany
July 01, 2015

[ more ]  [ reply ]
APPLE-SA-2015-06-30-5 QuickTime 7.7.7 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-5 QuickTime 7.7.7

QuickTime 7.7.7 is now available and addresses the following:

QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application

[ more ]  [ reply ]
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 2015-06-30
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001

Mac EFI Security Update 2015-001 is now available and addresses the
following:

EFI
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application with root p

[ more ]  [ reply ]
(Page 5 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus