BugTraq Mode:
(Page 7 of 1671)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
CVE-2016-2385 Kamailio SEAS module heap buffer overflow 2016-03-30
Stelios Tsampas (stelios census-labs com)
Kamailio (successor of former OpenSER and SER) is an Open Source SIP
Server released under GPL. It can be used to build large platforms for
VoIP and realtime communications, presence, WebRTC, Instant messaging
and other applications.

A heap overflow was found in Kamailio version 4.3.4 (possibly aff

[ more ]  [ reply ]
Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities 2016-03-30
kyle Lovett (krlovett gmail com)
EHCP Easy Hosting Control Panel
Multiple Vulnerabilities -
Clear Text MySQL Root Password
Insufficiently Protected Sensitive Data
Authentication Bypass
Unauthenticated Arbitrary File Upload

Software Links:
https://launchpad.net/ehcp
http://www.ehcp.net
https://sourceforge.net/p/ehcp/wiki/
---------

[ more ]  [ reply ]
[SECURITY] [DSA 3535-1] kamailio security update 2016-03-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3535-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 29, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information 2016-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05030906

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05030906
Version: 2

HPSBGN03444 r

[ more ]  [ reply ]
[SECURITY] [DSA 3534-1] dhcpcd security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3534-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2016

[ more ]  [ reply ]
Fireware XTM Web UI - Open Redirect 2016-03-29
Manuel Mancera (mmancera a2secure com)
================================================================
Fireware XTM Web UI - Open Redirect
================================================================

Information
--------------------
Name: Fireware XTM Web UI - Open Redirect
Affected Software : Fireware XTM Web UI
Affected Versions:

[ more ]  [ reply ]
[SECURITY] [DSA 3533-1] openvswitch security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3533-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2016

[ more ]  [ reply ]
BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543) 2016-03-28
appsec (appsec bmc com)
------------------------------------------------------------------------

Unauthorized password reset vulnerability in BMC Server Automation (BSA)
Unix/Linux RSCD Agent

BMC Identifier: BMC-2015-0011
CVE Identifier: CVE-2016-1543
---------------------------------------------------------------------

[ more ]  [ reply ]
BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542) 2016-03-28
appsec (appsec bmc com)
------------------------------------------------------------------------

User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux
RSCD Agent

BMC Identifier: BMC-2015-0010
CVE Identifier: CVE-2016-1542
------------------------------------------------------------------------

By BMC A

[ more ]  [ reply ]
Validation Bypass in C2Box application : CVE - 2015-4626 2016-03-28
harish ramadoss helpag com
#####################################
Title: Validation Bypass in C2Box application allows user to input negative value
Author: Harish Ramadoss
Vendor: boxautomation(B.A.S)
Product: C2Box
Version: All versions below 4.0.0(r19171)
Tested Version: Version 4.0.0(r19171)
Severity: Medium
CVE Reference:

[ more ]  [ reply ]
[SECURITY] [DSA 3532-1] quagga security update 2016-03-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3532-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 27, 2016

[ more ]  [ reply ]
TrendMicro DDI Cross Site Request Forgerys 2016-03-26
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt

Vendor:
====================
www.trendmicro.com

Product:
=========================================
Trend Micro Deep Discovery Inspector

[ more ]  [ reply ]
[SECURITY] [DSA 3531-1] chromum-browser security update 2016-03-26
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3531-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
March 25, 2016

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-085-02) 2016-03-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-085-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] libevent (SSA:2016-085-01) 2016-03-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libevent (SSA:2016-085-01)

New libevent packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libeve

[ more ]  [ reply ]
[SECURITY] [DSA 3530-1] tomcat6 security update 2016-03-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3530-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 25, 2016

[ more ]  [ reply ]
[CVE-2016-2163] Stored Cross Site Scripting in Event description 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When creating an event, it is possible to create clickable URL links in
the event description. These links will be present inside the event details
once a participant enters

[ more ]  [ reply ]
[CVE-2016-2164] Arbitrary file read via SOAP API 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When attempting to upload a file via the API using the
importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary
files from the s

[ more ]  [ reply ]
[CVE-2016-0783] Predictable password reset token 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0

Description:
The hash generated by the external password reset function is
generated by concatenating the user name and the current system time,
and then hashing it using MD5. This is hi

[ more ]  [ reply ]
[security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information 2016-03-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05052990

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05052990
Version: 1

HPSBGN03563 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 2

HPSBMU03562 r

[ more ]  [ reply ]
[SYSS-2016-016] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-016
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: High
Solution Status: Fixed
Manufacturer No

[ more ]  [ reply ]
[SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-018
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Restriction of Excessive Authentication
Attempts (CWE-307)
R

[ more ]  [ reply ]
[SYSS-2016-017] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-017
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: High
Solution Status: Fixed
Manufacturer No

[ more ]  [ reply ]
[SECURITY] [DSA 3527-1] inspircd security update 2016-03-24
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3527-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 24, 2016

[ more ]  [ reply ]
XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section 2016-03-24
netizen01k gmail com
* Exploit Title: XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section
* Discovery Date: 2016/02/19
* Public Disclosure Date: 2016/03/24
* Exploit Author: Imran Khan
* Contact: netizen01k [at] gmail.com
* Vendor link: http://www.lithium.com/
* Te

[ more ]  [ reply ]
[SECURITY] [DSA 3529-1] redmine security update 2016-03-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3529-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3528-1] pidgin-otr security update 2016-03-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3528-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 23, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-l4f

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+---------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-lisp

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+-----------------------------

[ more ]  [ reply ]
(Page 7 of 1671)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus