BugTraq Mode:
(Page 2 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS) 2015-07-20
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04745746

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04745746
Version: 1

HPSBUX03379 SS

[ more ]  [ reply ]
[SECURITY] [DSA 3311-1] mariadb-10.0 security update 2015-07-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3311-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3310-1] freexl security update 2015-07-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3310-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 19, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3309-1] tidy security update 2015-07-18
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3309-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 18, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3308-1] mysql-5.5 security update 2015-07-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3308-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2015

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2015-198-01) 2015-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2015-198-01)

New httpd packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/httpd

[ more ]  [ reply ]
[slackware-security] php (SSA:2015-198-02) 2015-07-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2015-198-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.4

[ more ]  [ reply ]
AirDroid ID - Client Side JSONP Callback Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
AirDroid ID - Client Side JSONP Callback Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1544

Release Date:
=============
2015-07-10

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1451

098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0

Release Date:
=============
2015-

[ more ]  [ reply ]
UDID+ v2.5 iOS - Mail Command Inject Vulnerability 2015-07-17
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
UDID+ v2.5 iOS - Mail Command Inject Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1542

Release Date:
=============
2015-07-06

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Oracle E-Business Suite Servlet URL Redirection Vulnerability 2015-07-17
owais md khan gmail com
Oracle E-Business Suite Servlet URL Redirection vulnerability (CVE-2015-2630)

Versions Affected: 11.5.10.2, 12.0.6, 12.1.3

Discussion:
Oracle E-Business Suite is prone to a remote URL-redirection vulnerability. This vulnerability may allow a malicious user to perform a phishing attack by sending a

[ more ]  [ reply ]
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks 2015-07-17
adrian vollmer syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-021
Product: GroupWise
Vendor: Novell
Affected Version(s): 2014
Tested Version(s): 2014
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2015-05-04
Solution Date: 20

[ more ]  [ reply ]
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express 2015-07-16
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SEC Consult Vulnerability Lab Security Advisory < 20150716-0 >
=======================================================================
title: Permanent Cross-Site Scripting
product: Oracle Application Express
vulnerable versio

[ more ]  [ reply ]
Elasticsearch CVE-2015-5531 2015-07-16
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable to a directory traversal attack that allows an attacker to retrieve files that are readable by the Elasticsearch JVM process.

We have been assigned CVE-2015-5531 for this issue.

Fixed versions:
Versions 1.6.1 and 1.7.0 address t

[ more ]  [ reply ]
Elasticsearch CVE-2015-5377 2015-07-16
Kevin Kluge (kevin elastic co)
Summary:
Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253.

Deployments are vulnerable even when Groovy dynamic scripting is disabled.

We

[ more ]  [ reply ]
ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability

ESA Identifier: ESA-2015-123

CVE Identifier: CVE-2015-4529

Severity Rating: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Affected products:

? EMC Documentum WebTop v

[ more ]  [ reply ]
ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability

EMC Identifier: ESA-2015-122

CVE Identifier: CVE-2015-4528

Severity Rating: CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Affected products:

? EMC Documen

[ more ]  [ reply ]
[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure 2015-07-16
Cédric Champeau (cedric champeau gmail com)
Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

All unsupported versions ranging from 1.7.0 to 2.4.3.

Impact

Remote execution of untrusted code, DoS

Description

When an application has Groovy on classpath and that it uses standard
Java serialization mechanims to

[ more ]  [ reply ]
Backdoor and RCE found in 8 TOTOLINK router models 2015-07-15
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing-lists.

The complete version on analysing the backdoor in TOTOLINK products is
posted here:

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-
TOTOLINK-products.html

=== text-version of the advisory wi

[ more ]  [ reply ]
Backdoor credentials found in 4 TOTOLINK router models 2015-07-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: Backdoor credentials found in 4 TOTOLINK router models
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-backdoor-credentials-found-i
n-4-TO

[ more ]  [ reply ]
4 TOTOLINK router models vulnerable to CSRF and XSS attacks 2015-07-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt
Blog URL: http://pierrekim.github.io/blog/2015-07-16-4-TOTOLINK-products-vulnerabl
e

[ more ]  [ reply ]
15 TOTOLINK router models vulnerable to multiple RCEs 2015-07-15
Pierre Kim (pierre kim sec gmail com) (1 replies)
Hash: SHA512

## Advisory Information

Title: 15 TOTOLINK router models vulnerable to multiple RCEs
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnera
ble-to-multiple-RCEs.html
Date published:

[ more ]  [ reply ]
Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs 2015-07-16
Joshua Wright (jwright hasborg com)
Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability 2015-07-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability

Advisory ID: cisco-sa-20150715-vds

Revision 1.0

For Public Release 2015 July 15 16:00 UTC (GMT)

+-----------------------------------------------------------

[ more ]  [ reply ]
XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 2015-07-15
Tim Coen (tc coen gmail com)
Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication
Affected Software: GetSimpleCMS (http://get-simple.info/)
Affected Version: 3.3.5 (probably also prior versions)
Patched Version: 3.3.6 (partial fix)
Risk: Medium-High
Vendor Contacted: 2015-06-14
Vendor Partial Fix: 2015-07

[ more ]  [ reply ]
XSS vulnerability in OFBiz forms 2015-07-15
lilian_iatco yahoo com
https://issues.apache.org/jira/browse/OFBIZ-6506

In Ofbiz form need to escape characters from description column in a display-entity tag to avoid XSS attacks.

<display-entity entity-name="Table" description="${description}" >

I tried to use bsh, as following:
<display-entity entity-name="Table" d

[ more ]  [ reply ]
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect 2015-07-13
Pedro Ribeiro (pedrib gmail com)
tl;dr
Two vulns in Kaseya Virtual System Administrator - an authenticated
arbitrary file download and two lame open redirects.

Full advisory text below and at [1]. Thanks to CERT for helping me to
disclose these vulnerabilities [2].

>> Multiple vulnerabilities in Kaseya Virtual System Administrato

[ more ]  [ reply ]
CFP: Passwords 2015, Dec 7-9, Cambridge, UK 2015-07-10
Per Thorsheim (per thorsheim net)
========================================================================
=
Passwords 2015
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
http://www.cl.cam.ac.uk/events/passwords2015/
https://passwordscon.org/
===============================

[ more ]  [ reply ]
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal 2015-07-13
Brian Cardinale (brian cardinaleconsulting com)
The AjaxControlToolkit prior to version 15.1 has a file upload directory
traversal vulnerability which on a poorly configured web server can lead to
remote code execution.

The issue affects any application using the AjaxFileUpload control. The
vulnerability arises because the =E2=80=9CfileId=E2=80=

[ more ]  [ reply ]
[SYSS-2015-031] sysPass - SQL Injection 2015-07-13
disclosure syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-031
Product: sysPass
Vendor: http://cygnux.org/
Affected Version(s): 1.0.9 and below
Tested Version(s): 1.0.9
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-07-27
S

[ more ]  [ reply ]
(Page 2 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus