BugTraq Mode:
(Page 7 of 1620)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16
- DoS

Application: SYBASE SQL Anywhere 12 and 16
Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.20

[ more ]  [ reply ]
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener -
Missing authorization check

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent:

[ more ]  [ reply ]
[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console
ReadProfile Parameters - Information disclosure

Application: SAP Management Console
Versions Affected: SAP NW 7.4 Management Console, probably others
Vendor URL: http://SAP.com
Bugs: Info

[ more ]  [ reply ]
[ERPSCAN-15-005] SAP Mobile Platform - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.14
Repor

[ more ]  [ reply ]
[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal
ReportXmlViewer - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XXE
Sent: 09.12.20

[ more ]  [ reply ]
[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal
XMLValidationComponent - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent:

[ more ]  [ reply ]
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)
ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow - RCE, DoS

Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent:

[ more ]  [ reply ]
[SECURITY] [DSA 3295-1] cacti security update 2015-06-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3295-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 24, 2015

[ more ]  [ reply ]
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders 2015-06-24
Federick Joe P Fajardo (fjpfajardo ph ibm com)
CVEID: CVE-2015-4464

SUBJECT: Insufficient Authorization Checks Request Handling Remote
Authentication Bypass for Kguard Digital Video Recorders

DESCRIPTION: A deficiency in handling authentication and authorization
has been found with Kguard 104/108/v2 models. While password-based
authenticat

[ more ]  [ reply ]
CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 2015-06-24
Marco Delai (Marco Delai csnc ch)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# CVE ID : CVE-2015-3443
# Product: Secret Server [1]
# Vendor: Thycotic
# Subject: Stor

[ more ]  [ reply ]
[SECURITY] [DSA 3294-1] wireshark security update 2015-06-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3294-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 23, 2015

[ more ]  [ reply ]
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-06-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability

EMC Identifier: ESA-2015-110

CVE Identifier: CVE-2015-0550

Severity Rating: CVSS v2 Base Score: 8.5 (AV:N/AC:L/Au:N/C:C/I:N/A:P)

Affected products:

? EMC D

[ more ]  [ reply ]
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting 2015-06-23
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2015-109

CVE Identifier: CVE-2015-0549

Severity Rating: CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Affected products:

EMC Documentum D2 ver

[ more ]  [ reply ]
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) 2015-06-23
n4ser farhadi gmail com
#!/usr/bin/python
#
# KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass)
#
# Author: Naser Farhadi
#
# Date: 21 June 2015 # Version: 3.9.1.136 # Tested on: Windows 7 SP1 (32 bit)
#
# Usage:
# chmod +x KMPlayer.py
# python KMPlayer.py
# Alt+c | Video Capture | Alt+a |

[ more ]  [ reply ]
The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address 2015-06-22
Amit Klein (aksecurity gmail com)
Dear list

Please check out the extended advisory available from this page:
http://www.securitygalore.com/site3/localhosed

Late last week Microsoft informed me that they don't plan to fix this
vulnerability. So enjoy...

Thanks,
-Amit
http://www.securitygalore.com/

[ more ]  [ reply ]
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability 2015-06-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1488

Release Date:
=============
2015-06-22

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
[oCERT-2015-008] FreeRADIUS insufficent CRL application 2015-06-22
Andrea Barisani (lcars ocert org)

#2015-008 FreeRADIUS insufficent CRL application

Description:

The FreeRADIUS server is an open source project that provides a RADIUS
implementation.

The FreeRADIUS server relies on OpenSSL to perform certificate validation,
including Certificate Revocation List (CRL) checks. The FreeRADIUS usage

[ more ]  [ reply ]
mysql-lite-administrator XSS vulnerabilities 2015-06-21
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621
.txt

Vendor:
=============================================
code.google.com/p/mysql-lite-administrator

Product:
==================================

[ more ]  [ reply ]
mysql-lite-administrator XSS vulnerabilities 2015-06-21
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621
.txt

Vendor:
=============================================
code.google.com/p/mysql-lite-administrator

Product:
==================================

[ more ]  [ reply ]
[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information 2015-06-22
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718196

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718196
Version: 1

HPSBMU03356 re

[ more ]  [ reply ]
GeniXCMS XSS Vulnerabilities 2015-06-22
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt

Vendor:
=============================================
genixcms.org

Product:
=====================================================
GeniXCMS v0

[ more ]  [ reply ]
[SECURITY] [DSA 3293-1] pyjwt security update 2015-06-20
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3293-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 20, 2015

[ more ]  [ reply ]
[CVE-2015-3188] Apache Storm remote code execution vulnerability 2015-06-20
P. Taylor Goetz (ptgoetz apache org)
CVE-2015-3188: Apache Storm remote code execution vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Storm 0.10.0-beta

Description:
The UI daemon in Apache Storm 0.10.0-beta allows remote users to run
arbitrary code as the user running the web ser

[ more ]  [ reply ]
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1473

EIBBP-31541

Release Date:
=============
2015-06-15

Vulnerability Laboratory ID (V

[ more ]  [ reply ]
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1457

eBay Inc. Bug Bounty Program ID: EIBBP-31603

Video: https://www.youtube.com/watch?v=WffsHd8pibE

Re

[ more ]  [ reply ]
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1460

Video: http://www.vulnerability-lab.com/get_content.php?id=1526

View Video: https://www.yo

[ more ]  [ reply ]
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1522

Release Date:
=============
2015-06-16

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities 2015-06-19
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1501

Release Date:
=============
2015-06-19

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
[SECURITY] [DSA 3292-1] cinder security update 2015-06-19
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3292-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
June 19, 2015

[ more ]  [ reply ]
DUO Security push Timing Attack 2015-06-18
jpierini paysw com
DUO ?push? Timing Attack

PSC Risk Assessment
CVSS 7.3, (AV:N/AC:L/Au:M/C:C/I:N/A:C/E:F/RL:ND/RC:ND)

Description
Duo ?push? authentications are susceptible to a low-profile timing-based attack that permits an intruder to steal an authenticated session from an end-user accessing Duo-protected resour

[ more ]  [ reply ]
(Page 7 of 1620)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus