BugTraq Mode:
(Page 8 of 1676)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
[SECURITY] [DSA 3550-1] openssh security update 2016-04-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3550-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 15, 2016

[ more ]  [ reply ]
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability 2016-04-15
Sandro Poppi (spoppi sec gmail com)
Abstract
--------
Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting
Vulnerability
Affected Version: MSHTML.DLL 11.0.9600.18231 and probably below on
Windows 7 SP1
Vendor Homepage: http://www.microsoft.com
Severity: high
Status: fixed
CVE-ID: CVE-2016-0160

Description
-----------
Micr

[ more ]  [ reply ]
[ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: cryptographic issues
Sent: 01.09.2015
Reported: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2191290
Author: Vahagn Varda

[ more ]  [ reply ]
[ERPSCAN-16-002] SAP HANA - log injection and no size restriction 2016-04-15
ERPScan inc (erpscan online gmail com)
Application: SAP HANA
Versions Affected: SAP HANA
Vendor URL: http://SAP.com
Bugs: Log injection
Sent: 28.09.2015
Reported: 28.09.2015
Vendor response: 29.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2241978
Author: Mathieu Geli (ERPScan)

Description

1.

[ more ]  [ reply ]
[ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability 2016-04-15
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Sent: 01.09.2015
Vendor response: 02.09.2015
Date of Public Advisory: 12.01.2016
Reference: SAP Security Note 2206793
Author: Vahagn Vardanyan (ERPScan)

Description

[ more ]  [ reply ]
[SECURITY] [DSA 3549-1] chromium-browser security update 2016-04-15
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3549-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
April 15, 2016

[ more ]  [ reply ]
AST-2016-005: TCP denial of service in PJProject 2016-04-14
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-005

Product Asterisk
Summary TCP denial of service in PJProject
Nature of Advisory Crash/Denial of Service

[ more ]  [ reply ]
AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk 2016-04-14
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-004

Product Asterisk
Summary Long Contact URIs in REGISTER requests can crash
Asterisk

[ more ]  [ reply ]
NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin 2016-04-14
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2016-0004
Synopsis: VMware product updates address a critical security issue in
the VMware Client I

[ more ]  [ reply ]
ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability 2016-04-14
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability

EMC Identifier: ESA-2016-036

CVE Identifier: CVE-2016-0889

Severity Rating: CVSS v3 Base Score: 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)

Affected pr

[ more ]  [ reply ]
Securing Android Applications from Screen Capture 2016-04-14
research nightwatchcybersecurity com
Original here:
https://blog.nightwatchcybersecurity.com/research-securing-android-appli
cations-from-screen-capture-8dce2c8e21d#.bw2qwe213

Research: Securing Android Applications from Screen Capture

Summary ? TL, DR
Apps on Android and some platform services are able to capture other ap

[ more ]  [ reply ]
Mybb Cms (private.php Page) Denial Of Service Vulnerability 2016-04-14
iedb team gmail com
Denial Of Service Vulnerability in Mybb All version in private.php Page
Tested On 1.6* and 1.8.*

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
#

[ more ]  [ reply ]
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability 2016-04-14
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1821

Release Date:
=============
2016-04-14

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
[SECURITY] [DSA 3548-2] samba regression update 2016-04-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3548-1] samba security update 2016-04-13
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 13, 2016

[ more ]  [ reply ]
Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability 2016-04-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

Advisory ID: cisco-sa-20160413-ucs

Revision 1.0

Published: 2016 April 13 16:00 GMT
+------------------------------------------------

[ more ]  [ reply ]
Mybb Cms (create forum and edit) Cross-Site Script Vulnerability 2016-04-13
iedb team gmail com
xss vulnerability in mybb All version
test on 1.6.18 and 1.8.7
pic of bug : http://kkli.ir/tZa6l

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
#

[ more ]  [ reply ]
Webline CMS (2016Q2) - SQL Injection Vulnerability 2016-04-13
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Webline CMS (2016Q2) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1823

Release Date:
=============
2016-04-13

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Vbulletin Cms (Sendmessage.php Page) 0Day Exploit 2016-04-13
iedb team gmail com
Csrf & Dos Vulnerability in Vbulletin 4.* Version
tested on 4.2 Vbulletin Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@

[ more ]  [ reply ]
[SE-2012-01] Yet another broken security fix in IBM Java 7/8 2016-04-12
Security Explorations (contact security-explorations com)

Hello All,

We discovered that yet another fix for a security vulnerability in IBM
Java (Issue 70 [1] assigned CVE-2013-5456) we reported to the company
in 2013 hasn't been fixed properly.

Again, the actual root cause of the issue hasn't been addressed at all.
There were no security checks introdu

[ more ]  [ reply ]
CAM UnZip v5.1 Archive Directory Traversal 2016-04-12
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/CAMUNZIP-ARCHIVE-PATH-TRAVERS
AL.txt

Vendor:
=================
www.camunzip.com

Product:
==============
CAM UnZip v5.1

Vulnerability Type:
======================
Archive Pa

[ more ]  [ reply ]
.NET Framework 4.6 allows side loading of Windows API Set DLL 2016-04-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

.NET Framework 4.6 allows side loading of Windows API Set DLL
------------------------------------------------------------------------

Yorick Koster, February 2016

--------------------------------------------------------------

[ more ]  [ reply ]
Open redirect on Google.com 2016-04-12
research nightwatchcybersecurity com
Overview
An open redirect is operating at www.google.com

Details
Google?s main website provides a subsite for displaying mobile-optimized pages published using a special subset of HTML called AMP. While this works for mobile devices, for non-mobile devices, this redirects to the original site, thus

[ more ]  [ reply ]
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability 2016-04-12
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1822

Release Date:
=============
2016-04-12

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
[SECURITY] [DSA 3485-2] didiwiki security update 2016-04-12
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3485-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 12, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3547-1] imagemagick security update 2016-04-11
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3547-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
April 11, 2016

[ more ]  [ reply ]
ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability 2016-04-11
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability

EMC Identifier: ESA-2016-013

CVE Identifier: CVE-2016-0887

Severity Rating: CVSS v3 Base Score: 5.9 (AV:N/AC:H/P

[ more ]  [ reply ]
Blind SQL injections in CivicRM 2016-04-11
Simon Waters \(Surevine\) (simon waters surevine com)
CivicRM extends common CMS platforms (WordPress, Drupal) with a module to manage Civic campaigns, tracking donors, amounts, and campaign CRM type activity.

I tested the WordPress integration of CivicRM 4.7b3 which was found to have blind SQL Injections that allow authenticated users to download arb

[ more ]  [ reply ]
[Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0 2016-04-10
Pedro Ribeiro (pedrib gmail com)
Hi,

Novell Service Desk (now rebranded as Micro Focus Service Desk) 7.1.0
and below has a number of critical vulnerabilities that allow remote
code execution, information disclosure, etc, by authenticated users.
Check the full advisory below for details. Novell / Micro Focus have
documented these v

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.0 Version Xss Vulnerability 2016-04-10
iedb team gmail com
Xss Vulnerability In Directadmin ControlPanel 1.50.0 and Old Version 1.4*

Pic : http://kkli.ir/VPFl5

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@

[ more ]  [ reply ]
(Page 8 of 1676)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus