BugTraq Mode:
(Page 5 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU
TION.txt

[+] ISR: apparitionsec

Vendor:
==========
sourceforge.net
smsid

download linx:
sourceforge.net/projects/ajax-explorer/files/

Product:
=

[ more ]  [ reply ]
[SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3590-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 01, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:20.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:22.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:23.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:21.43bsd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution

A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.

De

[ more ]  [ reply ]
[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Websockify: Remote Code Execution via Buffer Overflow

RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.

Details
=======

Product: Websockify C implementation
Affected Versions: all versi

[ more ]  [ reply ]
[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monit

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-152-02) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-152-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] imagemagick (SSA:2016-152-01) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] imagemagick (SSA:2016-152-01)

New imagemagick packages are available for Slackware 14.0, 14.1, and -current
to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] Lorex ECO DVR Hard coded password 2016-05-30
andrew hofmans gmail com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1. ADVISORY INFORMATION
=======================
Product: Lorex ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard coded password [CWE-259]
Date found: 2016-05-04
Date published: 2016-05-30
CVE: -

2. CREDITS
==========
This vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3589-1] gdk-pixbuf security update 2016-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3589-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2016

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0004 2016-05-30
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory UR

[ more ]  [ reply ]
[oCERT 2016-001] Jetty path sanitization issues 2016-05-30
Daniele Bianco (danbia ocert org)

Description:

Jetty is a Java HTTP (Web) server and Servlet container.

The Jetty path normalization mechanism suffers of an implementation issue
when parsing the request URLs.

The path normalization logic implemented in the PathResource class and
introduced in Jetty versions 9.3.x can be defeate

[ more ]  [ reply ]
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router 2016-05-28
mohitreload gmail com
Intex Wireless N150 Easy Setup Router
Vulnerabilities
1. Overview
Intex Wireless N150 Easy Setup Router, firmware version: V5.07.51_en_INX01, uses default credentials, vulnerable to cross-site request forgery, clear text Transmission of Sensitive Information and other attacks.
2. Vulnerabilities
1

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-148-03) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-148-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3588-1] symfony security update 2016-05-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3588-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
May 29, 2016

[ more ]  [ reply ]
[slackware-security] libxslt (SSA:2016-148-02) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxslt (SSA:2016-148-02)

New libxslt packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] libxml2 (SSA:2016-148-01) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2016-148-01)

New libxml2 packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway 2016-05-27
Daniel Schliebner (DSchliebner persicon com)
PERSICON Security Advisory
=======================================================================
Title: Login Form Hijacking vulnerability
Product: Citrix Netscaler
Vulnerable Version: 11.0 Build 64.35
Fixed Version: 11.0 Build 66.11

[ more ]  [ reply ]
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass 2016-05-27
Keith W (keith wall gmail com)
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.2 and earlier

Description:

The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and
0-10 connections contains a

[ more ]  [ reply ]
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability 2016-05-27
Lorenz Quack (quack lorenz gmail com)
CVE-2016-3094: Apache Qpid Java Broker denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2

Description: A malformed authentication attempt may cause the broker to
terminate. The Qpid Java

[ more ]  [ reply ]
[SECURITY] [DSA 3587-1] libgd2 security update 2016-05-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3587-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 27, 2016

[ more ]  [ reply ]
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability 2016-05-27
Andreas Lehmkuehler (lehmi apache org)
CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.11
Apache PDFBox 2.0.0
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
Apache PDFBox parses di

[ more ]  [ reply ]
[CVE-2016-4434] Apache Tika XML External Entity vulnerability 2016-05-26
Tim Allison (tallison apache org)
CVE-2016-4434: Apache Tika XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Tika 0.10 to 1.12

Description:
Apache Tika parses XML within numerous file formats. In some instances[1], the initialization ofthe XML parser or

[ more ]  [ reply ]
ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability 2016-05-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

EMC Identifier: ESA-2016-061

CVE Identifier: CVE-2016-0907

Severity Rating: CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected products:

EMC IsilonSD Edge One

[ more ]  [ reply ]
[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05149345

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149345
Version: 1

HPSBGN03610 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150888

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150888
Version: 1

HPSBMU03611

[ more ]  [ reply ]
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS) 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150736

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150736
Version: 1

HPSBMU03600

[ more ]  [ reply ]
(Page 5 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus