BugTraq Mode:
(Page 6 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3647-1] icedove security update 2016-08-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3647-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2016

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].

* C

[ more ]  [ reply ]
[SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3646-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2016

[ more ]  [ reply ]
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory

[ more ]  [ reply ]
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1895

Release Date:
=============
2016-08-11

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Education - Stored Cross Site Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1897

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: SAP CAR Multiple Vulnerabilities
Advisory ID: CORE-2016-0006
Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Date published: 2016-08-09
Date of last update: 2016-08-09
Vendors contacted: SAP
Release mode: Coordinated release

2. V

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160810-iosxr

Revision 1.0

For Public Release 2016 August 10 16:00 GMT

+------

[ more ]  [ reply ]
Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Internet Explorer iframe sandbox local file name disclosure
vulnerability
------------------------------------------------------------------------

Yorick Koster, March 2016

-----------------------------------------------------

[ more ]  [ reply ]
Nagios NA v2.2.1 XSS 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v2.2.1

Net

[ more ]  [ reply ]
Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com
Aloha,

Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by ?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this DLL

[ more ]  [ reply ]
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1894

Release Date:
=============
2016-08-09

Vulnerability Laboratory ID (VL-ID):
====

[ more ]  [ reply ]
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1842

Fortinet PSIRT ID: 1737213

Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVo

[ more ]  [ reply ]
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1896

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com
[+] Credits: Hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS
.txt

[+] ISR: ApparitionSec

Vendor:
==================================
sourceforge.net/projects/airsnort/

Product:
===============
AirSnort v0.2.

[ more ]  [ reply ]
Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJAC
K.txt

[+] ISR: ApparitionSec

Vendor:
===========================
www.any-video-converter.com

Product:
====================================
AVCS

[ more ]  [ reply ]
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery vulnerability in Add From Server WordPress
Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

--------------------------------------------------

[ more ]  [ reply ]
Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSR
F.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v

[ more ]  [ reply ]
[SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3645-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
August 09, 2016

[ more ]  [ reply ]
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08
Pedro Ribeiro (pedrib gmail com)
tl;dr

RCE, file download, weak encryption and user impersonation, all of which
can be exploited by an unauthenticated attacker in WebNMS Framework 5.2
and 5.2 SP1.

A special thanks to Beyond Security and their SSD program, which helped
disclose the vulnerabilities. See their advisory at
https://bl

[ more ]  [ reply ]
ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability

EMC Identifier: ESA-2016-070

CVE Identifier: CVE-2016-0915

Severity Rating: CVSS v3 Base Score: 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

[ more ]  [ reply ]
[SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3644-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2016

[ more ]  [ reply ]
phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
phpCollab v2.5 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1898

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ]  [ reply ]
vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08
Dawid Golunski (dawid legalhackers com)
vBulletin
CVE-2016-6483

vBulletin software is affected by a SSRF vulnerability that allows
unauthenticated remote attackers to access internal services (such as mail
servers, memcached, couchDB, zabbix etc.) running on the server
hosting vBulletin as well as services on other servers on the local
n

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-219-03) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-219-03)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-219-01) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-219-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[slackware-security] stunnel (SSA:2016-219-04) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] stunnel (SSA:2016-219-04)

New stunnel packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-219-02) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-219-02)

New mozilla-firefox packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packa

[ more ]  [ reply ]
[SECURITY] [DSA 3643-1] kde4libs security update 2016-08-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3643-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3642-1] lighttpd security update 2016-08-06
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3642-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 05, 2016

[ more ]  [ reply ]
(Page 6 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus