BugTraq Mode:
(Page 2 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 3471-1] qemu security update 2016-02-08
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3471-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016

[ more ]  [ reply ]
WordPress WP User Frontend Plugin [Unrestricted File Upload] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: WordPress WP User Frontend Plugin [Unrestricted File
Upload]
* Discovery Date: 2016-02-04
* Public Disclosure: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://wedevs.com
* Software Link: https://wordpress.org/plugi

[ more ]  [ reply ]
WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: WordPress WooCommerce - Store Toolkit Plugin [Privilege
Escalation]
* Discovery Date: 2016-02-06
* Public Disclosure Date: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://www.visser.com.au/
* Software Link: https://

[ more ]  [ reply ]
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1676

Vulnerability Magazine: http://magazine.vulnerability-db.com/?q=articles/2016/02/08/researcher-u
ncovers-mult

[ more ]  [ reply ]
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1626

Release Date:
=============
2016-02-07

Vulnerability Laboratory ID (VL-ID):
===================

[ more ]  [ reply ]
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1714

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Getdpd BB #4 - (name) Persistent Validation Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Getdpd BB #4 - (name) Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1568

ID: #14772

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
Getdpd BB #5 - Persistent Filename Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Getdpd BB #5 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1569

ID: #14773

Release Date:
=============
2016-02-05

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability 2016-02-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1709

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys) 2016-02-08
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016â??02-08
Prolific Ser2co64.sys Stack Buffer Overflow

Date: December 23th, 2015
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: Not assigned yet
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Title: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Pa

[ more ]  [ reply ]
Symphony CMS multiple vulnerabilities 2016-02-08
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA-16002
Title: Symphony CMS multiple vulnerabilities
Product: Symphony CMS
Version: 2.6.5 and probably prior
Vendor: www.getsymphony.com
Vulnerability type: SQL-injection, Unrestriced File Upload
Risk level: 4 / 5
Credit: filippo.cavallarin (at) wearesegment (dot) com [email concealed]
CVE: N/A
Vendor notificati

[ more ]  [ reply ]
WordPress User Meta Manager Plugin [Information Disclosure] 2016-02-08
Panagiotis Vagenas (pan vagenas gmail com)
* Exploit Title: WordPress User Meta Manager Plugin [Information Disclosure]
* Discovery Date: 2015-12-28
* Public Disclosure Date: 2016-02-01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpres

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-02-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of WinRAR 5.30 and earlier versions
as well as ALL self-extracting archives created with them
load and execute UXTheme.dll, RichEd32.dll and RichEd20.dll
from their "application directory".

For software downloaded with a web browser the application
directory is ty

[ more ]  [ reply ]
CFP: SIN 2016 - 9th International Conference on Security of Information and Networks 2016-02-07
Hossain Shahriar (hshahria kennesaw edu)
========================================================================
=
Please accept our apologies if you receive multiple copies of this CFP
========================================================================
=

CALL FOR CONTRIBUTIONS
======================
9th International Conference on Se

[ more ]  [ reply ]
[SECURITY] [DSA 3468-1] polarssl security update 2016-02-06
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3468-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 06, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3467-1] tiff security update 2016-02-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3467-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Laszlo Boszormenyi (GCS)
February 06, 2016

[ more ]  [ reply ]
Multiple vulnerabilities in Open Real Estate v 1.15.1 2016-02-05
Simon Waters \(Surevine\) (simon waters surevine com)
Introduction: Open Real Estate is an open source CMS for managing estate agent websites.

It is written in PHP and uses the YII CMF. It supports multiple languages.

It is supported by MonoRay.net

The product has a number of commercial support offerings available and an internal market for extensi

[ more ]  [ reply ]
[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege 2016-02-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04872416

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04872416
Version: 3

HPSBGN03430 r

[ more ]  [ reply ]
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox 2016-02-05
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for
Windows load and execute several DLLs from their "application directory".

* The online installer jxpiinstall.exe:
UXTheme.dll and RASAdHlp.dll plus
(on Windows XP) SetupAPI.dll, HNetCfg.dll and XPSP2Res.dll
(on Wind

[ more ]  [ reply ]
[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution 2016-02-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04958567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04958567
Version: 1

HPSBGN03434 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2016-02-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 2

HPSBHF03431 r

[ more ]  [ reply ]
CVE-2015-3252: Apache CloudStack VNC authentication issue 2016-02-05
John Kinsella (jlk thrashyour com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2015-3252: Apache CloudStack VNC authentication issue

CVSS v2:
4.3 (AV:N/AC:H/Au:M/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1

Description:
Apache CloudStack sets a VNC p

[ more ]  [ reply ]
CVE-2015-3251: Apache CloudStack VM Credential Exposure 2016-02-05
John Kinsella (jlk thrashyour com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2015-3251: Apache CloudStack VM Credential Exposure

CVSS v2:
6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Citrix, Inc.

Versions Afffected:
Apache CloudStack 4.4.4, 4.5.1

Description:
Apache CloudStack provides an AP

[ more ]  [ reply ]
[SECURITY] [DSA 3466-1] krb5 security update 2016-02-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3466-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2016

[ more ]  [ reply ]
WordPress User Meta Manager Plugin [Blind SQLI] 2016-02-04
pan vagenas gmail com

* Exploit Title: WordPress User Meta Manager Plugin [Blind SQLI]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugi

[ more ]  [ reply ]
WordPress User Meta Manager Plugin [Privilege Escalation] 2016-02-04
pan vagenas gmail com

* Exploit Title: WordPress User Meta Manager Plugin [Privilege Escalation]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress

[ more ]  [ reply ]
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass 2016-02-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1710

Apple Follow-up ID: 631627909

Video: http://www.vulnerability-lab.com/get_content.php?id=1711

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-034-01) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-034-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2016-034-03) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2016-034-03)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-034-04) 2016-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-034-04)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.1

[ more ]  [ reply ]
(Page 2 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus