BugTraq Mode:
(Page 9 of 1654)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders 2016-01-01
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-01

Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking
systems using 125 kHz EM4450 trans

[ more ]  [ reply ]
[SECURITY] [DSA 3432-1] icedove security update 2016-01-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3432-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2016

[ more ]  [ reply ]
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) 2015-12-31
irancrash gmail com
package main

/*
************************************************************************
**
* Exploit Title: Joomla 1.5.x to 3.4.5 Object Injection Exploit
* Exploit Author: Khashayar Fereidani ( http://fereidani.com )
* Version: 1.5.x to 3.4.5
* CVE : CVE-2015-8562
*********************************

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution 2015-12-31
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

TrendMicro_MAX_10.0_US-en_Downloader.exe (available from
<http://trial.trendmicro.com/US/TM/2016/TrendMicro_MAX_10.0_US-en_Downlo
ader.exe>)
loads and executes ProfAPI.dll and UXTheme.dll (and other DLLs
too) eventually found in the directory it is started from
(the "application directory").

[ more ]  [ reply ]
FTPShell Client v5.24 Buffer Overflow 2015-12-30
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/FTPSHELL-v5.24-BUFFER-OVERFLO
W.txt

Vendor:
================================
www.ftpshell.com

Product:
================================
FTPShell Client version 5.24

FTPShell c

[ more ]  [ reply ]
[oCERT 2015-012] Ganeti multiple issues 2015-12-30
Daniele Bianco (danbia ocert org)
#2015-012 Ganeti multiple issues

Description:

Ganeti, an open source virtualization manager, suffers from multiple issues in
its RESTful control interface (RAPI).

The distributed replicated storage (DRBD) secret is leaked by the RAPI
interface when job results are requested. Leveraging on the kno

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2015-0002 2015-12-28
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2015-0002
------------------------------------------------------------------------

Date reported : December 28, 2015
Advisory ID : WSA-2015-0002
Adviso

[ more ]  [ reply ]
libtiff bmp file Heap Overflow (CVE-2015-8668) 2015-12-28
riusksk qq com
Details
=======

Product: libtiff
Affected Versions: <= 4.0.6
Vulnerability Type: Heap Overflow
Security Risk: High
Vendor URL: http://www.libtiff.org/
CVE ID: CVE-2015-8668
Credit: riusksk of Tencent Security Platform Department

Introduction
============

libtiff v4.0.6 bmp2tiff function PackBit

[ more ]  [ reply ]
libtiff: invalid write (CVE-2015-7554) 2015-12-26
Hans Jerry Illikainen (hji dyntopia com)

`_TIFFVGetField()' in libtiff-4.0.6 may write field data for certain
extension tags to invalid or possibly arbitrary memory.

Each tag has a `field_passcount' variable in their TIFFField struct:

tiff-4.0.6/libtiff/tif_dir.h #276..289:
,----
| struct _TIFFField {
| uint32 field_tag;

[ more ]  [ reply ]
AccessDiver V4.301 Buffer Overflow 2015-12-26
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ACCESSDIVER-BUFFER-OVERFLOW.t
xt

Vendor:
==============
M. Jean Fages
www.accessdiver.com
circa 1998-2006

Product:
=============================
AccessDiver V4.301 build 5888

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2015-357-01) 2015-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2015-357-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3430-1] libxml2 security update 2015-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3430-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2015

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege 2015-12-23
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

F-Secure's online virus scanner F-SecureOnlineScanner.exe, available
via <https://www.f-secure.com/en/web/home_global/online-scanner>,
loads and executes several rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll,
RASAdHlp.dll, SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll,
OLEAcc.dll etc.)

[ more ]  [ reply ]
[slackware-security] blueman (SSA:2015-356-01) 2015-12-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] blueman (SSA:2015-356-01)

New blueman packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16 2015-12-22
LpSolit gmail com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:

* Unfiltered HTML injected into a dependency graph could be used to
create a cross-site scripting attack.

* Some web browsers

[ more ]  [ reply ]
ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability

EMC Identifier: ESA-2015-179

CVE Identifier: CVE-2015-6852

Severity Rating: CVSS v2 Base Score: 5.5 (AV:A/AC:L/Au:S/C:C/I:N/A:N)

Affected products:

EMC

[ more ]  [ reply ]
ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability 2015-12-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability

EMC Identifier: ESA-2015-174

CVE Identifier: CVE-2015-6850

Severity Rating: CVSS Base Score 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected Products

EMC Software: EMC VPLEX GeoSynchrony

[ more ]  [ reply ]
Aeris Calandar v2.1 - Buffer Overflow Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Aeris Calandar v2.1 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1656

Release Date:
=============
2015-12-01

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1657

Release Date:
=============
2015-11-26

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Switch v4.68 - Code Execution Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Switch v4.68 - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1649

Release Date:
=============
2015-11-23

Vulnerability Laboratory ID (VL-ID):
====================================
1649

[ more ]  [ reply ]
Lithium Forum - (previewImages) Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Lithium Forum - (previewImages) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1520

Release Date:
=============
2015-12-18

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1655

Release Date:
=============
2015-12-07

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1657

Release Date:
=============
2015-12-14

Vulnerability Laboratory ID (VL-ID):
===

[ more ]  [ reply ]
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability 2015-12-22
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1360

Tracking ID: 15943

Release Date:
=============
2015-12-18

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality 2015-12-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login
Functionality

A session fixation vulnerability within the Symfony web application
framework's "Remember Me" login functionality allows an attacker to
impersonate the victim towards the web application if the session

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution 2015-12-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer [°]['] (rather: the 7-Zip based executable
self-extractor [²]) of Rapid7's (better known for their flagship
Metasploit) ScanNowUPnP.exe loads and executes several rogue/bogus
DLLs eventually found in the directory it is started from (the
"application directory"), co

[ more ]  [ reply ]
[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access. 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 1

HPSBHF03419 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926463

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926463
Version: 1

HPSBGN03526 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass 2015-12-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04926482

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04926482
Version: 1

HPSBGN03527 r

[ more ]  [ reply ]
[SECURITY] [DSA 3429-1] foomatic-filters security update 2015-12-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3429-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 21, 2015

[ more ]  [ reply ]
(Page 9 of 1654)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus