BugTraq Mode:
(Page 11 of 1654)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
FreeBSD Security Advisory FreeBSD-SA-15:27.bind 2015-12-16
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:27.bind Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
SQL Injection in orion.extfeedbackform Bitrix Module 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23280
Product: orion.extfeedbackform Bitrix module
Vendor: www.orion-soft.ru
Vulnerable Version(s): 2.1.2 and probably prior
Tested Version: 2.1.2
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Vendor Patch: December 11,

[ more ]  [ reply ]
RCE in Zen Cart via Arbitrary File Inclusion 2015-12-16
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23282
Product: Zen Cart
Vendor: Zen Ventures, LLC
Vulnerable Version(s): 1.5.4
Tested Version: 1.5.4
Advisory Publication: November 25, 2015 [without technical details]
Vendor Notification: November 25, 2015
Vendor Patch: November 26, 2015
Public Disclosure: December 16, 2015
Vu

[ more ]  [ reply ]
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506) 2015-12-16
Hans Jerry Illikainen (hji dyntopia com)

Overview
========

Libnsgif[1] is a decoding library for GIF images. It is primarily
developed and used as part of the NetSurf project.

As of version 0.1.2, libnsgif is vulnerable to a stack overflow
(CVE-2015-7505) and an out-of-bounds read (CVE-2015-7506) due to the way
LZW-compressed GIF data

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2015-349-04) 2015-12-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2015-349-04)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[slackware-security] bind (SSA:2015-349-01) 2015-12-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2015-349-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
[slackware-security] libpng (SSA:2015-349-02) 2015-12-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2015-349-02)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3420-1] bind9 security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3420-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3419-1] cups-filters security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3419-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) 2015-12-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several McAfee "security" products, most notably their Security Scan
Plus (see <http://seclists.org/fulldisclosure/2014/Apr/226> for a
previous advisory) which Adobe pushes to unsuspecting users of Adobe
Reader and Flash Player, are offered as executable installers built
with the vulnerable

[ more ]  [ reply ]
[SECURITY] [DSA 3418-1] chromium-browser security update 2015-12-15
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3418-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
December 14, 2015

[ more ]  [ reply ]
[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) 2015-12-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04858589

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04858589
Version: 1

HPSBST03517 r

[ more ]  [ reply ]
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] 2015-12-15
Hector Marco-Gisbert (hecmargi upv es)
Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be
exploited under certain circumstances, allowing local attackers to bypass any
kind of authentication (plain or hashed passwords).

[ more ]  [ reply ]
phpback v1.1 XSS vulnerability 2015-12-15
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-XSS.txt

Vendor:
====================
www.phpback.org

Product:
===============
phpback v1.1

The open source feedback system, PHPBack is feedback a web application that

[ more ]  [ reply ]
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015

[ more ]  [ reply ]
[SECURITY] [DSA 3417-1] bouncycastle security update 2015-12-14
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3417-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 14, 2015

[ more ]  [ reply ]
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: SQL injection
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015
Date of Pub

[ more ]  [ reply ]
ECommerceMajor SQL Injection Vulnerability 2015-12-13
Rahul Pratap Singh (techno rps gmail com)
#Exploit Title : ECommerceMajor SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 13/Dec/2015
#Home page Link : https://github.com/xlinkerz/ecommerceMajor
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3416-1] libphp-phpmailer security update 2015-12-13
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3416-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 13, 2015

[ more ]  [ reply ]
COM+ Services DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

COM+ Services DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
Windows Authentication UI DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Windows Authentication UI DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

---------------------------------------------------------------------

[ more ]  [ reply ]
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 2015-12-12
Aravind (altoarun gmail com)
Information

=================================

#Vulnerability type: Cross Site Scripting (XSS)

#Vendor: http://www.synnefoims.com/

#Product: Synnefo Client for Synnefo Internet Management Software

(IMS) 2015 (http://www.synnefoims.com/products.html)

CVE Reference:

=========================

[ more ]  [ reply ]
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2015-12-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 1

HPSBHF03431 r

[ more ]  [ reply ]
APPLE-SA-2015-12-11-1 iTunes 12.3.2 2015-12-11
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-11-1 iTunes 12.3.2

iTunes 12.3.2 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple me

[ more ]  [ reply ]
ORGIN STUDIOS Cms Multiple Vulnerability 2015-12-11
iedb team gmail com
sql and Xss Vulnerability in ORGIN STUDIOS Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege 2015-12-08
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of 7-Zip (see <http://www.7-zip.org/>)
and ALL self-extracting archives created with 7-Zip are vulnerable:

1. They load and execute a rogue/bogus/malicious UXTheme.dll [']
eventually found in the directory they are started from (the
"application director

[ more ]  [ reply ]
WordPress <=v4.4 Username Exists Information Disclosure 2015-12-10
John SECURELI.com (john secureli com)
Information security research credited to John Martinelli @
SECURELI.com. (john (at) secureli (dot) com [email concealed])

-----

Affects: WordPress <=v4.4
Vulnerability: Information Disclosure
CVE-ID: Pending
Impact: Username exists disclosure on /wp-login.php

-----

By default, WordPress <=4.4 discloses whether a username

[ more ]  [ reply ]
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-003 10-December-2015
________________________________________________________________________
________

Vendor: Microso

[ more ]  [ reply ]
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <=7.0.611

[ more ]  [ reply ]
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

Advisory ID: cisco-sa-20151209-java-deserialization

Revision 1.0

For Public Release: 2015 December 9 16:00 GMT
+-----------------------------------------------

[ more ]  [ reply ]
(Page 11 of 1654)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus