BugTraq Mode:
(Page 7 of 1684)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
[MWR-2016-0001] DDN Insecure Update Mechanism 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Insecure Update Process]###

An insecure update mechanism on DDN SFA devices allows for privilege escalation

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0001)
* Type: Insecure update mechanism
* Author: J

[ more ]  [ reply ]
Microsoft Visio multiple DLL side loading vulnerabilities 2016-06-15
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Visio multiple DLL side loading vulnerabilities
------------------------------------------------------------------------

Yorick Koster, August 2015

--------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability 2016-06-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
BookingWizz < 5.5 Multiple Vulnerability 2016-06-15
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BookingWizz < 5.5 Multiple Vulnerability
Application: BookingWizz
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: < 5.5
Vendor URL: http://codecanyon.net/item/booking-system/87919
Bugs: Def

[ more ]  [ reply ]
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-06-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fort

[ more ]  [ reply ]
Joomla com_enmasse - SQL Injection 2016-06-15
hamedizadi gmail com
# Exploit Title: Joomla com_enmasse - SQL Injection

# Author: [ Hamed Izadi ]

#IRAN

# Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/
en-masse
# Category: [ Webapps ]
# Tested on: [ Win ]
# Versions: 5.1-6.4
# Date: 2016/06/15
# Google Dork: inurl

[ more ]  [ reply ]
NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue 2016-06-15
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2016-0009
Synopsis: VMware vCenter Server updates address an important
reflective cross-site scripting issue
Issue date

[ more ]  [ reply ]
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers 2016-06-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla's executable installers for
Windows ... but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner's error!) is well-known and well-documented as
<http

[ more ]  [ reply ]
[SECURITY] [DSA 3603-1] libav security update 2016-06-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3603-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 14, 2016

[ more ]  [ reply ]
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability 2016-06-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
[SECURITY] [DSA 3602-1] php5 security update 2016-06-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3602-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3601-1] icedove security update 2016-06-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3601-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2016

[ more ]  [ reply ]
Oracle Orakill.exe Buffer Overflow 2016-06-14
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-ORAKILL.EXE-BUFFER-OVE
RFLOW.txt

[+] ISR: apparitionsec

Vendor:
==============
www.oracle.com

Product:
===================
orakill.exe v11.2.0

The orakill utility is

[ more ]  [ reply ]
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability 2016-06-13
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2016-047

CVE Identifier: CVE-2016-0899

Severity Rating: CVSS v3 Base Score: 6.3 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Produc

[ more ]  [ reply ]
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability 2016-06-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability 2016-06-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
OpenWRT: swconfig infrastructure fails to check permissions 2016-06-10
Elliott Mitchell ehem+bugtraq (at) m5p (dot) com [email concealed] (ehem+bugtraq m5p com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sometimes trying silly things produces interesting results. I thought
this was a silly thing to try, but I tried it and got a result that is
troubling. This is on a device with a heavily modified setup and kernel,
but the kernel is still ultimately

[ more ]  [ reply ]
ESA-2016-062: EMC Data Domain Multiple Vulnerabilities 2016-06-10
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-062: EMC Data Domain Multiple Vulnerabilities

EMC Identifier: ESA-2016-062

CVE Identifier: CVE-2016-0911, CVE-2016-0912

Severity Rating: See below for individual scores for each CVE

Affected products:

EMC Data Domain OS 5.4: All

[ more ]  [ reply ]
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) 2016-06-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157239

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157239
Version: 2

HPSBGN03617 r

[ more ]  [ reply ]
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update 2016-06-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3600-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2016

[ more ]  [ reply ]
SimpleSAMLphp Link Injection 2016-06-10
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION
.txt

[+] ISR: apparitionsec

Vendor:
=================
simplesamlphp.org

Product:
======================
simplesamlphp < 1.14.4

[ more ]  [ reply ]
[SECURITY] [DSA 3599-1] p7zip security update 2016-06-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3599-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2016

[ more ]  [ reply ]
CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability 2016-06-09
John Kinsella (jlk apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

CVSS v2:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Accelerite, Inc

Versions affected:
CloudStack versions 4.5.0 and newer

Description:
Apache Cloud

[ more ]  [ reply ]
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability 2016-06-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability

EMC Identifier: ESA-2016-064

CVE Identifier: CVE-2016-0910

Severity Rating: CVSS v3 Base Score: 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Affected products:

EMC Data Domain

[ more ]  [ reply ]
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability 2016-06-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability

EMC Identifier: ESA-2016-072

CVE Identifier: CVE-2016-0916

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:

EMC NetWorker 8.2

[ more ]  [ reply ]
[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05166182

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05166182
Version: 1

HPSBMU03614

[ more ]  [ reply ]
[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05103564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05103564
Version: 2

HPSBMU03584 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05167176

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05167176
Version: 1

HPSBGN03618 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05167126

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05167126
Version: 1

HPSBGN03624 r

[ more ]  [ reply ]
Cisco EPC 3928 Multiple Vulnerabilities 2016-06-08
patryk bogdan secorda com
# Title: Cisco EPC 3928 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
# CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337
# Author: Patryk Bogdan from Secor

[ more ]  [ reply ]
(Page 7 of 1684)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus