BugTraq Mode:
(Page 6 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service 2017-04-04
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#############################################################
#
# Product: Mongoose OS
# Vendor: Cesanta
# CVE ID: CVE-2017-7185
# CSNC ID: CSNC-20

[ more ]  [ reply ]
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection
-reflected-xss.html

Date:
04-Apr-2017

Product:
LanternCMS

Versions affected:
Unknown

Vulnerabilities:

1) Path disclosure
By requesting a site with an invalid intSiteI or numRedirectCount:
http://[target]/www/default.asp?int

[ more ]  [ reply ]
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workpl
ace-management-system-xml-external-entity-xxe-injection-file-disclosure.
html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML Ext

[ more ]  [ reply ]
AirWatch Self Service Portal Username Parameter LDAP Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/airwatch-self-service-portal-username-par
ameter-ldap-injection.html

Date:
04-Apr-2017

Product:
AirWatch Self Service MDM

Versions affected:
v6.1.x
v6.4.x

Vulnerability:
LDAP injection

Example:
https://[target]/DeviceManagement/ URL accepts the following
POST param

[ more ]  [ reply ]
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_logino
wneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL in

[ more ]  [ reply ]
Lotus Protector for Mail Security remote code execution 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-
code-execution.html

Date:
09-Nov-2012

Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)

Vulnerability:
Local File Inclusion to Remote Code Execution

Details:
There is local file inclusion vulnerability in
th

[ more ]  [ reply ]
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeratio
n-and-bruteforce-weakness.html

Date:
04-Apr-2017

Software:
Kaseya

Affected version:
Kaseya VSA v6.5.0.0.

Vulnerability details:

1. The "forgot password" function at https://[target]/access/logon.asp
reveals whether a userna

[ more ]  [ reply ]
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) 2017-04-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03721en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03721en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function 2017-04-03
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170403-0 >
=======================================================================
title: Misbehavior of the "fsockopen" function
product: PHP
vulnerable version: 7.1.2
fixed version:
CVE number: CVE-2017-7

[ more ]  [ reply ]
Splunk Enterprise Information Theft CVE-2017-5607 2017-04-01
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION
-THEFT.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.splunk.com

Product:
==================
Splunk Enterprise

[ more ]  [ reply ]
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege 2017-03-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03722en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03722en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution 2017-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03723en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03723en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities 2017-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux
03725en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbux03725en_us

Version: 1

HP

[ more ]  [ reply ]
ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability 2017-03-29
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability

CVE Identifier: CVE-2017-4977

Severity Rating: CVSS v3 Base Score: 5.0 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)

Affecte

[ more ]  [ reply ]
ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability 2017-03-29
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

EMC Identifier: ESA-2017-028

CVE Identifier:

CVE-2017-4980

Severity Rating: CVSS v3 Base Score: 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected products:

? EMC Is

[ more ]  [ reply ]
[SECURITY] [DSA 3824-1] firebird2.5 security update 2017-03-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3824-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3798-2] tnef regression update 2017-03-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3798-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2017-087-01) 2017-03-28
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2017-087-01)

New mariadb packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-

[ more ]  [ reply ]
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 2017-03-28
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Descri

[ more ]  [ reply ]
[SECURITY] [DSA 3823-1] eject security update 2017-03-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3823-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-27-7 macOS Server 5.3 2017-03-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-27-7 macOS Server 5.3

macOS Server 5.3 is now available and addresses the following:

Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted reque

[ more ]  [ reply ]
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update 2017-03-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3821-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS 2017-03-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:

Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The conten

[ more ]  [ reply ]
[SECURITY] [DSA 3817-1] jbig2dec security update 2017-03-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3817-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3816-1] samba security update 2017-03-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3816-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 2017-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These is

[ more ]  [ reply ]
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices 2017-03-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" 2017-03-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsof

[ more ]  [ reply ]
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM 2017-03-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Descr

[ more ]  [ reply ]
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability 2017-03-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

EMC Identifier: ESA-2017-010

CVE Identifier: CVE-2016-6650

Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Affected products:

[ more ]  [ reply ]
(Page 6 of 1715)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus