BugTraq Mode:
(Page 9 of 1671)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23293
Product: iTop
Vendor: Combodo
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Advisory Publication: February 10, 2016 [without technical details]
Vendor Notification: February 10, 2016
Vendor Patch: February 11, 2016
Public Disclosure: March 18, 2016

[ more ]  [ reply ]
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315) 2016-03-18
Laël Cellier (lael cellier laposte net)
Oh?????????? Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version
(which was 2.7.1) would be the one which will include the fix.
But as pointed out on
https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions
including the fixes

[ more ]  [ reply ]
Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===========================
Directo

[ more ]  [ reply ]
Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===================================
CSRF - Arbitra

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-077-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3519-1] xen security update 2016-03-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3519-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2016

[ more ]  [ reply ]
[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17
contact securifera com
Document Title:
===============
Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability

References (Source):
====================
http://www.kb.cert.org/vuls/id/897144
https://www.securifera.com/advisories/cve-2016-2345
http://www.dameware.com/products/mini-remote-control/produc

[ more ]  [ reply ]
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)
The security advisory announcement claims that ActiveMQ 5.13.1 and
older versions are affected and that ActiveMQ 5.13.2 fixes the issues.

On 10 March 2016 at 07:45, Christopher Shannon
<christopher.l.shannon (at) gmail (dot) com [email concealed]> wrote:
> There following security vulnerability was reported against Apache
> Ac

[ more ]  [ reply ]
CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1520: GrandStream Android VoIP App Update Redirection
==============================================================

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably earlier)

Classification:

* [CWE-300 Channel Accessible by Non-Endpoint][CWE300]
* [CWE-319 Cleart

[ more ]  [ reply ]
CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability
==================================================================

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably
earlier)

Classification: [CWE-295 Improper Certificate Validation][CWE295]

## Summary

The

[ more ]  [ reply ]
CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning
Vulnerability
========================================================================
====
==

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably
earlier)

Affected device: [Grandstream GXV3275][GXV3275] Android de

[ more ]  [ reply ]
Multiple (persistent) XSS in ProjectSend 2016-03-17
mail michaelhelwig de

* Exploit Title: Multiple (persistent) XSS in ProjectSend
* Discovery Date: 2016/02/19
* Public Disclosure Date: 2016/03/17
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x
* Project Homepage: http://www.projectsend.org/
* Software Link: http://www.projectsend.org/download/1

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:15.sysarch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:14.openssh 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:14.openssh Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
CORE Advisories Team (advisories coresecurity com) (1 replies)
1. Advisory Information

Title: FreeBSD Kernel amd64_set_ldt Heap Overflow
Advisory ID: CORE-2016-0005
Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64_set_ldt-heap-ov
erflow
Date published: 2016-03-16
Date of last update: 2016-03-14
Vendors contacted: FreeBSD
Release mode: Coor

[ more ]  [ reply ]
Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
jungle Boogie (jungleboogie0 gmail com)
[security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information 2016-03-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05048753

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05048753
Version: 1

HPSBGN03558 r

[ more ]  [ reply ]
[SECURITY] [DSA 3518-1] spip security update 2016-03-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3518-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 16, 2016

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS 2016-03-16
rsrathoreravi gmail com
Product: Litecart CMS
Vendor: Litecart
Vendor Homepage: https://www.litecart.net/
Vulnerable Versions: 1.3.4 and probably prior
Tested Version: 1.3.4
Issue Reported: Feb 24, 2016
Vendor Fix: Feb 28, 2016
Public Disclosure: June 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: M

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2016-075-02) 2016-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2016-075-02)

New seamonkey packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
[slackware-security] git (SSA:2016-075-01) 2016-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] git (SSA:2016-075-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases 2016-03-15
Romain Manni-Bucau (rmannibucau apache org)
The Apache Team Team is pleased to announce the availability of:

Apache TomEE 7.0.0-M3 and 1.7.4

When downloading, please verify signatures using the KEYS file available at:
http://www.apache.org/dist/tomee

Maven artifacts are also available in the central Maven repository.

The releases are prim

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing 2016-03-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

this multipart post does not require a MIME-compliant MUA.-)

Part 0:
~~~~~~~

On Windows 7 (other versions of Windows not tested for this
vulnerability, but are likely vulnerable too) all executable
installers/self-extractors based on Microsoft's SFXCAB [*]
load and execute a rogue CryptDl

[ more ]  [ reply ]
[security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05048452

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05048452
Version: 1

HPSBGN03556 r

[ more ]  [ reply ]
Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15
vdronov redhat com
CVE-2016-2188 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15
vdronov redhat com
CVE-2016-2186 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-15
vdronov redhat com
CVE-2016-2185 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-15
vdronov redhat com
CVE-2016-2184 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-15
vdronov redhat com
CVE-2016-3139 was assigned to this flaw, please, use it in the related communications,
http://seclists.org/oss-sec/2016/q1/623

This security flaw is specific for Red Hat Enterprise Linux 7 (RHEL7).

[ more ]  [ reply ]
Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-15
vdronov redhat com
CVE-2016-3140 was assigned to this flaw, please, use it in the related communications,
http://seclists.org/oss-sec/2016/q1/624

[ more ]  [ reply ]
(Page 9 of 1671)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus