BugTraq Mode:
(Page 10 of 1679)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >
[SECURITY] [DSA 3556-1] libgd2 security update 2016-04-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3556-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 24, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3555-1] imlib2 security update 2016-04-23
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3555-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
April 23, 2016

[ more ]  [ reply ]
Unlimited Pop-Ups WordPress Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Unlimited Pop-Ups WordPress Plugin
#Exploit Author : Rahul Pratap Singh
#Version : 1.4.3
#Home page Link :
http://codecanyon.net/item/unlimited-popups-wordpress-plugin/8575498
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

[ more ]  [ reply ]
Easy Social Share Buttons for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product :Easy Social Share Buttons for WordPress
#Exploit Author : Rahul Pratap Singh
#Version :3.2.5
#Home page Link :
http://codecanyon.net/item/easy-social-share-buttons-for-wordpress/63944
76
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulprat

[ more ]  [ reply ]
Google SEO Pressor Snippet Plugin XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Google SEO Pressor Snippet Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.2.6
#Home page Link : https://wordpress.org/plugins/google-seo-author-snippets/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4

[ more ]  [ reply ]
Echosign Plugin for WordPress XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Echosign Plugin
#Exploit Author : Rahul Pratap Singh
#Version :1.1
#Home page Link : https://wordpress.org/plugins/echosign/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

-----------

[ more ]  [ reply ]
Tweet-wheel XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product :Tweet-wheel
#Exploit Author : Rahul Pratap Singh
#Version :1.0.3.2
#Home page Link : https://wordpress.org/plugins/tweet-wheel/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

---------

[ more ]  [ reply ]
CM-AD-Changer XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : cm-ad-changer
#Exploit Author : Rahul Pratap Singh
#Version :1.7.2
#Home page Link : https://wordpress.org/plugins/cm-ad-changer/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vulnerability:

------

[ more ]  [ reply ]
Persian-woocommerce-sms XSS Vulnerability 2016-04-23
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product :Persian-woocommerce-sms
#Exploit Author : Rahul Pratap Singh
#Version :3.3.2
#Home page Link : https://wordpress.org/plugins/persian-woocommerce-sms/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 21/4/2016

XSS Vul

[ more ]  [ reply ]
Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109) 2016-04-23
david vieira-kurz immobilienscout24 de
CREDITS
========
This issue has been identified by David Vieira-Kurz of Immobilien Scout GmbH.

CVE
====
CVE-2016-3109

AFFECTED PRODUCT
==================
Shopware < 5.1.5 : https://en.shopware.com/

IMPACT
=======
This issue has been triaged with the highest severity (CRITICAL) by the Shopware mai

[ more ]  [ reply ]
[security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information 2016-04-22
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05096953

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05096953
Version: 1

HPSBMU03573

[ more ]  [ reply ]
[security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information 2016-04-22
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05085988

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05085988
Version: 1

HPSBGN03580

[ more ]  [ reply ]
SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator 2016-04-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < publishing date 20160422-1 >
=======================================================================
title: Multiple vulnerabilities in Digitalstrom Konfigurator
product: Digitalstrom Konfigurator
vulnerable version: 1.10.0

[ more ]  [ reply ]
SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app 2016-04-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160422-0 >
=======================================================================
title: Insecure data storage
product: my devolo - android application - air.de.devolo.my.devolo
vulnerable version: 1.2.8
fixed vers

[ more ]  [ reply ]
[SECURITY] [DSA 3553-1] varnish security update 2016-04-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3553-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 22, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3554-1] xen security update 2016-04-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3554-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 21, 2016

[ more ]  [ reply ]
CVE-2016-3074: libgd: signedness vulnerability 2016-04-21
Hans Jerry Illikainen (hji dyntopia com)
Overview
========

libgd [1] is an open-source image library. It is perhaps primarily used
by the PHP project. It has been bundled with the default installation
of PHP since version 4.3 [2].

A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which
may result in a heap overflow when p

[ more ]  [ reply ]
exploit CVE-2016-2203 2016-04-21
karim reda Fakhir (karim fakhir gmail com)
# Exploit Title: Symantec Brightmail ldap credential Grabber
# Date: 18/04/2016
# Exploit Author: Fakhir Karim Reda
# Vendor Homepage:
https://www.symantec.com/security_response/securityupdates/detail.jsp?fi
d=security_advisory&pvid=security_advisory&year&suid=20160418_00
# Version: 10.6.0-7 and earl

[ more ]  [ reply ]
OpenTSDB RCE 2016-04-21
gsoc gsoc se

The paramenter wxh needs some sanitation before being used by opentsdb.

See example url:

http://opentsdb.com:4242/q?start=2016/04/13-10:21:00&ignore=2&m=sum:jmxd
ata.cpu&o=&yrange=[0:]&key=out%20right%20top&wxh=1900x770%60id%60&style=
linespoint&png

Results in RCE unfortunately

More parameters:

[ more ]  [ reply ]
Webutler CMS 3.2 - Cross-Site Request Forgery 2016-04-21
displaymyname gmail com
*# Exploit Title: Webutler CMS Cross-Site Request Forgery*
*# Date: 18 April 2016*
*# Exploit Author: Keerati T. (Post)*
*# Vendor Homepage: http://webutler.de/en <http://webutler.de/en>*
*# Software Link: http://webutler.de/download/webutler_v3.2.zip
<http://webutler.de/download/webutler_v3.2.zip>*

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Cisco Products libSRTP Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-libsrtp

Revision 1.0

For Public Release 2016 April 20 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
====

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-asa-dhcpv6

Revision 1.0

For Public Release 2016 April 20 16:00 GMT (UTC)

+----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-htrd

Revision 1.0

For Public Release 2016 April 20 16:00 GMT (UTC)

+-----------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-bdos

Revision 1.0

For Public Release 2016 April 20 16:00 GMT (UTC)

+------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability 2016-04-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability

Advisory ID: cisco-sa-20160420-wlc

Revision 1.0

For Public Release 2016 April 20 16:00 GMT (UTC)

+----------------------------------------

[ more ]  [ reply ]
RCE via CSRF in phpMyFAQ 2016-04-20
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23300
Product: phpMyFAQ
Vendor: http://www.phpmyfaq.de
Vulnerable Version(s): 2.8.26, 2.9.0-RC2 and probably prior
Tested Version: 2.8.26, 2.9.0-RC2
Advisory Publication: March 30, 2016 [without technical details]
Vendor Notification: March 30, 2016
Vendor Patch: April 11, 2016

[ more ]  [ reply ]
shell.com vulnerable TLS 2016-04-20
shell shell com
Decrypting RSA using Obsolete and Weakened eNcryption

107.21.222.4:443

23.21.217.254:443

107.20.182.27:443

95.138.155.170:443

54.229.231.88:443

54.229.137.226:443

50.19.91.245:443

50.19.92.226:443

50.16.219.106:443

23.23.114.55:443

[ more ]  [ reply ]
*.Shell.com Port 443 DROWN decryption attack 2016-04-20
shell shell com
Login:

https://prom3.shell.com/(S(qxq1noy1f4gl4g45kbggia45))/Common/Login.aspx

Vulnerability

An attacker can decrypt traffic and get login and passwords

Signatures

584e3a64196dc662286922fc82fa915f1ee0cc46ab5400c347f529ab4eb46c67
prom3.shell.com
d50be93e35266af753e288af8f4f3eb96986187264a44c6c

[ more ]  [ reply ]
PHPBack v1.3.0 SQL Injection 2016-04-20
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.
txt

Vendor:
================
www.phpback.org

Product:
================
PHPBack v1.3.0

Vulnerability Type:
===================
SQL Injection

[ more ]  [ reply ]
[security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information 2016-04-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05086877

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05086877
Version: 1

HPSBMU03575 r

[ more ]  [ reply ]
(Page 10 of 1679)  < Prev  5 6 7 8 9 10 11 12 13 14 15  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus