BugTraq Mode:
(Page 6 of 1617)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Elasticsearch vulnerability CVE-2015-4165 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to crea

[ more ]  [ reply ]
Kibana vulnerability CVE-2015-4093 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting (XSS) attack. The attack allows execution of arbitrary JavaScript in the context of the userâ??s browser.

We have been assigned CVE-2015-4093 for this issue.

Fixed versions:
Versions 4.0.3 and 4.1.0 have ad

[ more ]  [ reply ]
Logstash vulnerability CVE-2015-4152 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin

[ more ]  [ reply ]
[SECURITY] [DSA 3283-1] cups security update 2015-06-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3283-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04706564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04706564
Version: 1

HPSBMU03349 re

[ more ]  [ reply ]
[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04703199

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04703199
Version: 1

HPSBST03346 re

[ more ]  [ reply ]
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues 2015-06-09
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2015-0004
Synopsis: VMware Workstation, Fusion and Horizon View Client updates
address critical sec

[ more ]  [ reply ]
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 2015-06-09
icissp secretariat insticc org
Conference name:
The 2nd International Conference on Information Systems Security and Privacy ? ICISSP 2016

Venue:
Rome, Italy

Event date:
19 - 21 February, 2016

Regular Papers
Paper Submission: September 8, 2015
Authors Notification: November 26, 2015
Camera Ready and Registration: December 14,

[ more ]  [ reply ]
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Frame

[ more ]  [ reply ]
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Frame

[ more ]  [ reply ]
Symphony CMS XSS Vulnerability [Corrected Post] 2015-06-09
apparitionsec gmail com
[Correction] of Vendor Info for Symphony CMS XSS Vulnerability POST on (Jun 08)
=============================================

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt

Vendor:
=========

[ more ]  [ reply ]
[SECURITY] [DSA 3282-1] strongswan security update 2015-06-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3282-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
June 08, 2015

[ more ]  [ reply ]
Symphony CMS XSS Vulnerability 2015-06-08
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Framework v3

[ more ]  [ reply ]
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability 2015-06-08
d4rkr0id gmail com
# Exploit Title: AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
# Date: 2015/06/07
# Vendor Homepage: http://dg.no.sapo.pt/
# Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip
# Version: 2.6
# Tested on: Centos 6.5,php 5.3.2,magic_quotes_gpc=off # Categor

[ more ]  [ reply ]
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice 2015-06-07
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3281-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
June 7, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3280-1] php5 security update 2015-06-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3280-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 07, 2015

[ more ]  [ reply ]
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App 2015-06-06
Payatu Research (research payatu com)
Hi List,

Vulnerability
=============
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App

Vulnerability Description
==========================
The kankun smart socket device and the mobile app use a hardcoded AES
256 bit key to encrypt the commands and responses between the

[ more ]  [ reply ]
[SECURITY] [DSA 3279-1] redis security update 2015-06-06
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3279-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
June 06, 2015

[ more ]  [ reply ]
Symphony CMS 2.6.2 2015-06-06
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt

Vendor:
================================
www.getsymphony.com/download/

Product:
================================
Symphony CMS 2.6.2

Advisory

[ more ]  [ reply ]
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 2015-06-06
venkatesh nitin gmail com
# Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted
Contact Form Wordpress Plugin v1.0.4
# Submitter: Nitin Venkatesh
# Product: Encrypted Contact Form Wordpress Plugin
# Product URL: https://wordpress.org/plugins/encrypted-contact-form/
# Vulnerability Type: Cros

[ more ]  [ reply ]
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS 2015-06-05
Larry W. Cashdollar (larry0 me com)

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs
assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110.

Title: Xloner v3.1.

[ more ]  [ reply ]
Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure 2015-06-05
Mike Sheward (msheward expedia com)
Expedia Product Security Advisory on 6/5/2015
Product: Expedia CruiseShipCenters (CruiseShipCenters.com)

Vulnerability Type: Insecure Direct Object Reference
Impact: Unauthorized Information Disclosure

Credit: Paul O¹Neil, IDT911 Consulting (http://idt911.com/)

Background:

During the booking fin

[ more ]  [ reply ]
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] 2015-06-05
pan vagenas gmail com
# Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
# Date: 2015/05/30
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://usersultra.com
# Software Link: https://wordpress.org/plugins/users-ultra/
# Version: 1.5.15
# Tes

[ more ]  [ reply ]
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1506

Video: http://www.vulnerability-lab.com/get_content.php?id=1507

Release Date:
=============
2015-06-05

Vuln

[ more ]  [ reply ]
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlH

[ more ]  [ reply ]
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlH

[ more ]  [ reply ]
Wing FTP Server Remote Code Execution vulnerability 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Remote Code Execution vulnerability
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Improper Control of Generation of Code [CWE-94]
CVE Re

[ more ]  [ reply ]
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities 2015-06-05
alex_haynes outlook com
Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities
Product: Wing FTP Server
Vulnerable Versions: 4.4.6 and all previous versions
Tested Version: 4.4.6
Advisory Publication: 05/06/2015
Latest Update: 05/06/2015
Vulnerability Type: Cross-site Request Forgery [CWE-352]
CVE Refere

[ more ]  [ reply ]
CA20150604-01: Security Notice for CA Common Services 2015-06-04
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----

CA20150604-01: Security Notice for CA Common Services

Issued: June 4, 2015

CA Technologies Support is alerting customers to multiple potential
risks with products that bundle CA Common Services on Unix/Linux
platforms. A local attacker may exploit these vulnerab

[ more ]  [ reply ]
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access 2015-06-04
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04695307

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04695307
Version: 1

HPSBGN03343 re

[ more ]  [ reply ]
(Page 6 of 1617)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus