BugTraq Mode:
(Page 8 of 1654)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[SECURITY] [DSA 3446-1] openssh security update 2016-01-14
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3446-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
January 14, 2016

[ more ]  [ reply ]
Commentator Wordpress Plugin 2.5.2 XSS Vulnerability 2016-01-13
Rahul Pratap Singh (techno rps gmail com)
## Full Disclosure

#Product : Commentator Wordpress Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 2.5.2
#Home page Link :
http://codecanyon.net/item/commentator-wordpress-plugin/6425752
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Dat

[ more ]  [ reply ]
[SECURITY] [DSA 3442-1] isc-dhcp security update 2016-01-13
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3442-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
January 13, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3431-2] ganeti regression update 2016-01-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3431-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 14, 2016

[ more ]  [ reply ]
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems 2016-01-12
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab released a new whitepaper titled:

"Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems"
- the dinosaurs want their vuln back

Link to blog overview:
----------------------
Including slides from presentations on this topic (with details & demos

[ more ]  [ reply ]
[SECURITY] [DSA 3441-1] perl security update 2016-01-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3441-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3440-1] sudo security update 2016-01-11
Ben Hutchings (benh debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3440-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
January 11, 2016

[ more ]  [ reply ]
Exploiting XXE vulnerabilities in AMF libraries 2016-01-11
Nicolas Grégoire (nicolas gregoire agarri fr)
Hello,

AMF (aka "Action Message Format") is a binary format used by Flash
applications communicating with server-side components. A few data types
supported by AMF deal with XML content (for example the "XML Document"
type in AMF0).

In 2015, several AMF libraries (including BlazeDS and PyAMF) were

[ more ]  [ reply ]
Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
Reed Loden (reed reedloden com)
Again, how is that any different from you saving the contents of that
<script> call to foo.html and opening that in Firefox? It's not even a
self-XSS where you're impacting some other domain, as the null
principal is loaded (as per
https://bugzilla.mozilla.org/show_bug.cgi?id=656433), so it doesn't

[ more ]  [ reply ]
Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10
fgghy dodo com
#!/usr/bin/python
# Buffer Overflow (Long transporting mode) Vulnerability Exploit
# This is just a DoS exploiting code
# Tested on Windows xp SP2
#
# Requires python and impacket
#
# Coded by Liu Qixu Of NCNIPC

import socket
import sys

host = '192.168.1.11'
port = 69

try:
s = socke

[ more ]  [ reply ]
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com
Mozilla Firefox 44.0b2 7 and Old Version Local Cross-site Scripting Vulnerability

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11
iedb team gmail com
Mozilla Firefox 44.0b2 7 and Old Version Local Cross-site Scripting Vulnerability

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
OpenBravo Hibernate HQL Injection 2016-01-11
Ng, Sam \(Fortify\) (samn hpe com)
Title: OpenBravo Hibernate HQL Injection
Vulnerability Author: Sam Ng, HPE Software Security Research Team
Vendor Patch: 3.0PR15Q3.4 and 3.0PR15Q4.1
Vendor Reference: https://issues.openbravo.com/view.php?id=31577, http://wiki.openbravo.com/wiki/Release_Notes/3.0PR15Q3.4, http://wiki.openbravo.com/w

[ more ]  [ reply ]
[SECURITY] [DSA 3439-1] prosody security update 2016-01-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3439-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 10, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3437-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 09, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3438-1] xscreensaver security update 2016-01-10
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3438-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
January 09, 2016

[ more ]  [ reply ]
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer 2016-01-11
Stelios Tsampas (stelios census-labs com)
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical
images.
It provides routines to view and manipulate a wide range of image formats
and can be accessed through many popular programming languages like Python,
C#, Java and PHP.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous

[ more ]  [ reply ]
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent 2016-01-11
Stelios Tsampas (stelios census-labs com)
Grassroots DICOM (GDCM) is a C++ library for processing DICOM medical
images.
It provides routines to view and manipulate a wide range of image formats
and can be accessed through many popular programming languages like Python,
C#, Java and PHP.

GDCM versions 2.6.0 and 2.6.1 (and possibly previous

[ more ]  [ reply ]
[SECURITY] [DSA 3436-1] openssl security update 2016-01-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3436-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 08, 2016

[ more ]  [ reply ]
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926789

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926789
Version: 1

HPSBUX03435 S

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege 2016-01-08
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Hi @ll,

the executable installers "TrueCrypt Setup 7.1a.exe" and
TrueCrypt-7.2.exe load and execute USP10.dll, RichEd20.dll,
NTMarta.dll and SRClient.dll from their "application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" dir

[ more ]  [ reply ]
MobaXTerm before version 8.5 vulnerability in "jump host" functionality 2016-01-08
Thomas Bleier (thomas bleier at)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

== Description ==

MobaXTerm (http://www.mobatek.net/), a Windows SSH/RDP/VNC/etc. client, includes
a functionality to open remote sessions via a so-called "jump host" or "SSH
gateway". In the end this creates a "SSH Port Forward" by binding a local

[ more ]  [ reply ]
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials 2016-01-08
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials

The o2 Auto Configuration Server (ACS) discloses VoIP/SIP credentials of
arbitrary customers when receiving manipulated CWMP packets. These
credentials can then be used by an attacker to register any VoIP number
of the victim. This

[ more ]  [ reply ]
WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability 2016-01-08
Rahul Pratap Singh (techno rps gmail com)
#Product : WP Symposium Pro Social Network Plugin
#Exploit Author : Rahul Pratap Singh
#Home page Link : https://wordpress.org/plugins/wp-symposium-pro
#Version : 15.12
#Website : 0x62626262.wordpress.com
#Twitter : @0x62626262
#Linkedin : https://in.linkedin.com/in

[ more ]  [ reply ]
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) 2016-01-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926789

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926789
Version: 1

HPSBUX03435 S

[ more ]  [ reply ]
Symantec EP DOS 2016-01-08
hyp3rphp gmail com
#include <windows.h>
#include <Tlhelp32.h>
#define SMC_EXE "Smc.exe"
#define SMC_GUI "SmcGui.exe"
#define CC_SVC_HST "ccSvcHst.exe"

/*
By Gerardo Sanchez (hyp3rphp) - Dc 2014 - hyp3rphp.altervista.org
Symantec Endpoint Protection version 12.1.4013
First reported to Symantec - Jan 20, 2015

Goal:
Ki

[ more ]  [ reply ]
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-07-1 QuickTime 7.7.9

QuickTime 7.7.9 is now available and addresses the following:

QuickTime
Available for: Windows 7 and Windows Vista
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termin

[ more ]  [ reply ]
APPLE-SA-2016-01-07-1 QuickTime 7.7.9 2016-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-01-07-1 QuickTime 7.7.9

[Re-sending with a valid signature]

QuickTime 7.7.9 is now available and addresses the following:

QuickTime
Available for: Windows 7 and Windows Vista
Impact: Viewing a maliciously crafted movie file may lead

[ more ]  [ reply ]
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through 2016-01-07
Eitan Caspi (eitanc yahoo com)
Initial note: The vendor has graded this issue as a vulnerability graded as "High" in my email exchange with it, but eventually posted the issue as a "Know Issue", so some of this issue's characteristic that follows can be treated as initial ones, as I ask the IS community to look into this issue an

[ more ]  [ reply ]
(Page 8 of 1654)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus