BugTraq Mode:
(Page 2 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability 2016-06-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-06-22 2016-06-22
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-r

[ more ]  [ reply ]
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

A

[ more ]  [ reply ]
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them 2016-06-21
Berend-Jan Wever (berendjanwever gmail com)
(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not al

[ more ]  [ reply ]
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author

[ more ]  [ reply ]
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 29.09.2015

Reported: 30.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238765

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author:

[ more ]  [ reply ]
[slackware-security] pcre (SSA:2016-172-02) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pcre (SSA:2016-172-02)

New pcre packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/pcre-8.39-i486

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2016-172-01) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2016-172-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/li

[ more ]  [ reply ]
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 2016-06-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and
7.7.7

AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available
and addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extr

[ more ]  [ reply ]
Symphony CMS v2.6.7 Session Fixation 2016-06-20
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION
.txt

[+] ISR: APPARITIONSEC

Vendor:
====================
www.getsymphony.com

Product:
==================
Symphony CMS v2.6.7

Downlo

[ more ]  [ reply ]
[SECURITY] [DSA 3605-1] libxslt security update 2016-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3605-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2016

[ more ]  [ reply ]
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS 2016-06-19
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt

[+] ISR: APPARITIONSEC

Vendor:
============
snewscms.com

Product:
================
sNews CMS v1.7.1

Vulnerability Type:
===========================

[ more ]  [ reply ]
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion 2016-06-17
Berend-Jan Wever (berendjanwever gmail com)
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
========================================================================
====
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-

[ more ]  [ reply ]
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author:

[ more ]  [ reply ]
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (

[ more ]  [ reply ]
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player 2016-06-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their "application directory" instead
of Windows' "system directory" %SystemRoot%\Sy

[ more ]  [ reply ]
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense 2016-06-16
Remco Sprooten (remco sprooten org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I. VULNERABILITY
- -------------------------
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
Version 2.3.1-RELEASE-p1

II. BACKGROUND
- -------------------------
The pfSense project is a free network firewall distribution, based on the
F

[ more ]  [ reply ]
User enumeration in Skype for Business 2013 2016-06-17
nyxgeek (nyxgeek rslabs co)
# Exploit Title: Skype for Business 2013 user enumeration timing attack
# Date: 2016-06-08
# Exploit Author: nyxgeek
# Vendor Homepage: https://www.microsoft.com
# Version: Skype for Business 2013
#
#
# Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration
#
#

[ more ]  [ reply ]
[SECURITY] [DSA 3604-1] drupal7 security update 2016-06-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3604-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2016

[ more ]  [ reply ]
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176765

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176765
Version: 1

HPSBNS03625 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176716

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176716
Version: 1

HPSBGN03553 r

[ more ]  [ reply ]
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) 2016-06-15
iancling gmail com
[+] Credits: Ian Ling
[+] Website: iancaling.com

Vendor:
=================
www.ceragon.com

Product:
======================
-FibeAir IP-10

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================
Ceragon FibeAir I

[ more ]  [ reply ]
[MWR-2016-0002] DDN Default SSH Keys 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Default SSH Keys]###

DDN SFA devices have default SSH keys in place

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002
* Type: Default Credentials
* Author: John Fitzpatrick
* Date: 2016-06-15

## Descript

[ more ]  [ reply ]
[MWR-2016-0001] DDN Insecure Update Mechanism 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Insecure Update Process]###

An insecure update mechanism on DDN SFA devices allows for privilege escalation

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0001)
* Type: Insecure update mechanism
* Author: J

[ more ]  [ reply ]
Microsoft Visio multiple DLL side loading vulnerabilities 2016-06-15
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Visio multiple DLL side loading vulnerabilities
------------------------------------------------------------------------

Yorick Koster, August 2015

--------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability 2016-06-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
BookingWizz < 5.5 Multiple Vulnerability 2016-06-15
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BookingWizz < 5.5 Multiple Vulnerability
Application: BookingWizz
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: < 5.5
Vendor URL: http://codecanyon.net/item/booking-system/87919
Bugs: Def

[ more ]  [ reply ]
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-06-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fort

[ more ]  [ reply ]
(Page 2 of 1680)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus