BugTraq Mode:
(Page 10 of 1685)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router 2016-05-28
mohitreload gmail com
Intex Wireless N150 Easy Setup Router
Vulnerabilities
1. Overview
Intex Wireless N150 Easy Setup Router, firmware version: V5.07.51_en_INX01, uses default credentials, vulnerable to cross-site request forgery, clear text Transmission of Sensitive Information and other attacks.
2. Vulnerabilities
1

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-148-03) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-148-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3588-1] symfony security update 2016-05-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3588-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
May 29, 2016

[ more ]  [ reply ]
[slackware-security] libxslt (SSA:2016-148-02) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxslt (SSA:2016-148-02)

New libxslt packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] libxml2 (SSA:2016-148-01) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2016-148-01)

New libxml2 packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway 2016-05-27
Daniel Schliebner (DSchliebner persicon com)
PERSICON Security Advisory
=======================================================================
Title: Login Form Hijacking vulnerability
Product: Citrix Netscaler
Vulnerable Version: 11.0 Build 64.35
Fixed Version: 11.0 Build 66.11

[ more ]  [ reply ]
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass 2016-05-27
Keith W (keith wall gmail com)
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.2 and earlier

Description:

The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and
0-10 connections contains a

[ more ]  [ reply ]
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability 2016-05-27
Lorenz Quack (quack lorenz gmail com)
CVE-2016-3094: Apache Qpid Java Broker denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2

Description: A malformed authentication attempt may cause the broker to
terminate. The Qpid Java

[ more ]  [ reply ]
[SECURITY] [DSA 3587-1] libgd2 security update 2016-05-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3587-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 27, 2016

[ more ]  [ reply ]
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability 2016-05-27
Andreas Lehmkuehler (lehmi apache org)
CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.11
Apache PDFBox 2.0.0
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
Apache PDFBox parses di

[ more ]  [ reply ]
[CVE-2016-4434] Apache Tika XML External Entity vulnerability 2016-05-26
Tim Allison (tallison apache org)
CVE-2016-4434: Apache Tika XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Tika 0.10 to 1.12

Description:
Apache Tika parses XML within numerous file formats. In some instances[1], the initialization ofthe XML parser or

[ more ]  [ reply ]
ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability 2016-05-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

EMC Identifier: ESA-2016-061

CVE Identifier: CVE-2016-0907

Severity Rating: CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected products:

EMC IsilonSD Edge One

[ more ]  [ reply ]
[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05149345

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149345
Version: 1

HPSBGN03610 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150888

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150888
Version: 1

HPSBMU03611

[ more ]  [ reply ]
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS) 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150736

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150736
Version: 1

HPSBMU03600

[ more ]  [ reply ]
[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150442

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150442
Version: 1

HPSBUX03606 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150800

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150800
Version: 1

HPSBMU03601

[ more ]  [ reply ]
VMWare vSphere Web Client Flash XSS 2016-05-25
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt

[+] ISR: apparitionsec

Vendor:
===============
www.vmware.com

Product:
====================================
VMWare vSphere Web Cli

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability 2016-05-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160525-ipv6

Revision 1.0

For Public Release 2016 May 25 16:00 UTC (GMT)

+----------------------------------------------------------------

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-05-25 2016-05-25
Martin Heiland (martin heiland lists open-xchange com)
Product: OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 44542 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.0 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versions: 7.6.2-rev40, 7.6.3-r

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2016-145-01) 2016-05-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2016-145-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05149290

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149290
Version: 1

HPSBGN03605 r

[ more ]  [ reply ]
AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection 2016-05-23
mehmet ince invictuseurope com
1. ADVISORY INFORMATION
========================================
Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection
Application: AfterLogic WebMail Pro ASP.NET
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: AfterLogic WebMail

[ more ]  [ reply ]
[SECURITY] [DSA 3586-1] atheme-services security update 2016-05-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3586-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2016

[ more ]  [ reply ]
[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections 2016-05-23
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/

[ more ]  [ reply ]
[SECURITY] [DSA 3585-1] wireshark security update 2016-05-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3585-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2016

[ more ]  [ reply ]
[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries 2016-05-21
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Postfix Admin
Vendor URL: sourceforge.net/projects/postfixadmin/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-04-23
Date published: 2016-05-21
CVSSv3 S

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-141-01) 2016-05-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-141-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-05-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05063986

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05063986
Version: 1

HPSBGN03564

[ more ]  [ reply ]
(Page 10 of 1685)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus