BugTraq Mode:
(Page 2 of 1653)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-02-02
Phil Pearl (ppearl zimbra com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Following up inline...

On Sat, 30 Jan 2016 12:13:46 +0100, <t.schughart () prosec-networks
com> wrote:

> Hi@all,
>
> VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior
> versions with DKIM implementation are vulnerable to longterm Mail
>

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------

Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Adviso

[ more ]  [ reply ]
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1695

Release Date:
=============
2016-02-01

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
[SECURITY] [DSA 3461-1] freetype security update 2016-01-31
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3461-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3462-1] radicale security update 2016-01-30
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3462-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
January 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3463-1] prosody security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3463-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3464-1] rails security update 2016-01-31
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3464-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2016

[ more ]  [ reply ]
eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31
jerold v00d00sec com
# Title: eClinicalWorks (CCMR) - Multiple Vulnerabilities
# Vendor: https://www.eclinicalworks.com
# Product: eClinicalWorks Population Health (CCMR) Client Portal Software
# URL: https://www.eclinicalworks.com/products-services/population-health-ccmr/

# Credit: Jerold Hoong

----------------------

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-01-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer winima90.exe and previous versions
available from <http://www.winimage.com> loads and executes
CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll
from its "application directory".

Self-extracting executables created with WinImage load and
execute CRTdll.dl

[ more ]  [ reply ]
WP-Comment-Rating XSS Vulnerability 2016-01-30
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : wp-comment-rating
#Exploit Author : Rahul Pratap Singh
#Version : 1.5.0
#Home page Link :
http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 30/Jan/201

[ more ]  [ reply ]
OpenXchange | Information Disclosure 2016-01-30
t schughart prosec-networks com
Hi@all,

there is an information disclosure in OpenXchange (prior 7.8).
An authenticated user can enumerate all imap user folders. If you browse
the PoC you get an permission denied error, but the folderâ??s name is
reflected into the page in json format.

About Open Xchange:
Open-Xchange[2] devel

[ more ]  [ reply ]
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-01-30
t schughart prosec-networks com
Hi@all,

VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.

If the expiration header is not set, the signature never expires. This
means, that the e-mail, perhaps catched while performing a man in the
mi

[ more ]  [ reply ]
[SECURITY] [DSA 3460-1] privoxy security update 2016-01-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3460-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 30, 2016

[ more ]  [ reply ]
CVE-2015-5344 - Apache Camel medium disclosure vulnerability 2016-01-30
Claus Ibsen (claus ibsen gmail com)
Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks

Apache Camel's camel-xstream component is vulnerable to Java object
de-serialisation vulnerability.
Such as de-serializing untrusted data can lead to security flaws as
demonstrated in various similar reports about Java de-s

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:11.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 3

HPSBHF03419 r

[ more ]  [ reply ]
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network 2016-01-29
kingkaustubh me com
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

About the Product:
==

[ more ]  [ reply ]
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953655
Version: 1

HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote
Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon a

[ more ]  [ reply ]
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation 2016-01-29
graphx sigaint org
# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10

1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagemen

[ more ]  [ reply ]
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952488

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952488
Version: 1

HPSBOV03540 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952480

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952480
Version: 1

HPSBHF03539 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04949778
Version: 1

HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible

[ more ]  [ reply ]
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04953244

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953244
Version: 1

HPSBGN03542 r

[ more ]  [ reply ]
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-01-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
ProjectSend multiple vulnerabilities 2016-01-29
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA-16001
Title: ProjectSend multiple vulnerabilities
Product: ProjectSend (previously cFTP)
Version: r582 and probably prior
Vendor: www.projectsend.org
Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference
Risk level: 4 / 5
Credit: f

[ more ]  [ reply ]
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) 2016-01-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952467

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952467
Version: 1

HPSBHF03538 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04939841

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04939841
Version: 3

HPSBHF03535 r

[ more ]  [ reply ]
CVE-2015-7521: Apache Hive authorization bug disclosure 2016-01-28
khorgath apache org (Sushanth Sowmyan)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2015-7521: Apache Hive authorization bug disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Hive 1.0.0 - 1.0.1
Apache Hive 1.1.0 - 1.1.1
Apache Hive 1.2.0 - 1.2.1

Description:

Some partition-level op

[ more ]  [ reply ]
[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3459-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 28, 2016

[ more ]  [ reply ]
(Page 2 of 1653)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus