BugTraq Mode:
(Page 9 of 1620)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability 2015-06-11
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20150611-iosxr

Revision 1.0

For Public Release 2015 June 11 16:00 UTC (GMT)

+--------------------------------------------------

[ more ]  [ reply ]
D-Link DSP-W110 - multiple vulnerabilities 2015-06-11
Peter Adkins (peter adkins kernelpicnic net)
>> D-Link DSP-W110 - multiple vulnerabilities

----
Discovered by:
----
Peter Adkins <peter.adkins (at) kernelpicnic (dot) net [email concealed]>

----
Access:
----
Local network; unauthenticated access.

----
Tracking and identifiers:
----
CVE - None allocated.

----
Platforms / Firmware confirmed affected:
----
D-Link DSP-W11

[ more ]  [ reply ]
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-11
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04686230

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04686230
Version: 1

HPSBUX03337 SS

[ more ]  [ reply ]
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 2015-06-10
Larry W. Cashdollar (larry0 me com)
Title: Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
Author: Larry W. Cashdollar, @_larry0
Date: 2015-06-06
Advisory: http://www.vapid.dhs.org/advisory.php?v=124
Download Site: https://wordpress.org/plugins/se-html5-album-audio-player/
Vendor: https://profiles.w

[ more ]  [ reply ]
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) 2015-06-11
stasvolfus gmail com
Advisory: Adobe Connect Reflected XSS
Author: Stas Volfus (Bugsec Information Security LTD)
Vendor URL: http://www.adobe.com/
Status: Vendor Notified

==========================
Vulnerability Description
==========================

Adobe Connect (Central) version: 9.3 is vulnerable to Reflec

[ more ]  [ reply ]
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability 2015-06-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1323

Video: http://www.vulnerability-lab.com/get_content.php?id=1336

Vulnerability Magazine: http://maga

[ more ]  [ reply ]
Use-After-Free in PHP 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23262
Product: PHP
Vendor: PHP Group
Vulnerable Version(s): 5.6.9 and probably prior
Tested Version: 5.6.9
Advisory Publication: May 20, 2015 [without technical details]
Vendor Notification: May 20, 2015
Vendor Patch: June 2, 2015
Public Disclosure: June 10, 2015
Vulnerability

[ more ]  [ reply ]
Multiple Vulnerabilities in ISPConfig 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23260
Product: ISPConfig
Vendor: http://www.ispconfig.org
Vulnerable Version(s): 3.0.5.4p6 and probably prior
Tested Version: 3.0.5.4p6
Advisory Publication: May 20, 2015 [without technical details]
Vendor Notification: May 20, 2015
Vendor Patch: June 4, 2015
Public Disclosure:

[ more ]  [ reply ]
Arbitrary File Disclosure and Open Redirect in Bonita BPM 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23259
Product: Bonita BPM
Vendor: Bonitasoft
Vulnerable Version(s): 6.5.1 and probably prior
Tested Version: 6.5.1 (Windows and Mac OS packages)
Advisory Publication: May 7, 2015 [without technical details]
Vendor Notification: May 7, 2015
Vendor Patch: June 9, 2015
Public Di

[ more ]  [ reply ]
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forge

[ more ]  [ reply ]
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate a

[ more ]  [ reply ]
[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04693706

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04693706
Version: 1

HPSBUX03341 SS

[ more ]  [ reply ]
Elasticsearch vulnerability CVE-2015-4165 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to crea

[ more ]  [ reply ]
Kibana vulnerability CVE-2015-4093 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting (XSS) attack. The attack allows execution of arbitrary JavaScript in the context of the userâ??s browser.

We have been assigned CVE-2015-4093 for this issue.

Fixed versions:
Versions 4.0.3 and 4.1.0 have ad

[ more ]  [ reply ]
Logstash vulnerability CVE-2015-4152 2015-06-09
Kevin Kluge (kevin elastic co)
Summary:
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin

[ more ]  [ reply ]
[SECURITY] [DSA 3283-1] cups security update 2015-06-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3283-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2015

[ more ]  [ reply ]
[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04706564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04706564
Version: 1

HPSBMU03349 re

[ more ]  [ reply ]
[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) 2015-06-09
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04703199

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04703199
Version: 1

HPSBST03346 re

[ more ]  [ reply ]
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues 2015-06-09
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2015-0004
Synopsis: VMware Workstation, Fusion and Horizon View Client updates
address critical sec

[ more ]  [ reply ]
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 2015-06-09
icissp secretariat insticc org
Conference name:
The 2nd International Conference on Information Systems Security and Privacy ? ICISSP 2016

Venue:
Rome, Italy

Event date:
19 - 21 February, 2016

Regular Papers
Paper Submission: September 8, 2015
Authors Notification: November 26, 2015
Camera Ready and Registration: December 14,

[ more ]  [ reply ]
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Frame

[ more ]  [ reply ]
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Frame

[ more ]  [ reply ]
Symphony CMS XSS Vulnerability [Corrected Post] 2015-06-09
apparitionsec gmail com
[Correction] of Vendor Info for Symphony CMS XSS Vulnerability POST on (Jun 08)
=============================================

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt

Vendor:
=========

[ more ]  [ reply ]
[SECURITY] [DSA 3282-1] strongswan security update 2015-06-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3282-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
June 08, 2015

[ more ]  [ reply ]
Symphony CMS XSS Vulnerability 2015-06-08
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Framework v3

[ more ]  [ reply ]
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability 2015-06-08
d4rkr0id gmail com
# Exploit Title: AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
# Date: 2015/06/07
# Vendor Homepage: http://dg.no.sapo.pt/
# Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip
# Version: 2.6
# Tested on: Centos 6.5,php 5.3.2,magic_quotes_gpc=off # Categor

[ more ]  [ reply ]
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice 2015-06-07
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3281-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
June 7, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3280-1] php5 security update 2015-06-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3280-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 07, 2015

[ more ]  [ reply ]
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App 2015-06-06
Payatu Research (research payatu com)
Hi List,

Vulnerability
=============
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App

Vulnerability Description
==========================
The kankun smart socket device and the mobile app use a hardcoded AES
256 bit key to encrypt the commands and responses between the

[ more ]  [ reply ]
[SECURITY] [DSA 3279-1] redis security update 2015-06-06
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3279-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
June 06, 2015

[ more ]  [ reply ]
(Page 9 of 1620)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus