BugTraq Mode:
(Page 12 of 1691)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to cons

[ more ]  [ reply ]
CA20160627-01: Security Notice for Release Automation 2016-06-30
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow

[ more ]  [ reply ]
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update 2016-06-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3611-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3610-1] xerces-c security update 2016-06-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3610-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016

[ more ]  [ reply ]
BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs 2016-06-29
Blue Frost Security Research Lab (research bluefrostsecurity de)
________________________________________________________________________

Vendor: Huawei, www.huawei.com
Affected Product: HiSuite for Windows
Affected Version: <= 4.0.3.301
CVE ID: CVE-2016-5821
OVE ID: OVE-20160624-0001
Severity: High
Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH
Tit

[ more ]  [ reply ]
[SECURITY] [DSA 3608-1] libreoffice security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3608-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3609-1] tomcat8 security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3609-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+-----------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A

[ more ]  [ reply ]
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD 2016-06-29
Cantor, Scott (cantor 2 osu edu)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fail

[ more ]  [ reply ]
Symantec SEPM v12.1 Multiple Vulnerabilities 2016-06-29
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.
txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manage

[ more ]  [ reply ]
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution 2016-06-28
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1.

[ more ]  [ reply ]
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
------------------------------------------------------------------------
-------

[-] Software Link:

https://www.concrete5.org/

[-] Affec

[ more ]  [ reply ]
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------
-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
--
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
------------------------------------------------------------------------
--

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

[ more ]  [ reply ]
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/

[ more ]  [ reply ]
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3607-1] linux security update 2016-06-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3607-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016

[ more ]  [ reply ]
Craft CMS affected by server side template injection 2016-06-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Craft CMS affected by server side template injection
------------------------------------------------------------------------

Nelson Berg & Jurgen Kloosterman, June 2016

--------------------------------------------------------

[ more ]  [ reply ]
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Dat

[ more ]  [ reply ]
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27
Matt Bush (matt 3xocyte net)
Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary

[ more ]  [ reply ]
MyLittleForum v2.3.5 PHP Command Injection 2016-06-27
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI
ON.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-176-01) 2016-06-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3606-1] libpdfbox security update 2016-06-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3606-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016

[ more ]  [ reply ]
#146416 Ruby:HTTP Header injection in 'net/http' 2016-06-24
redrain root (rootredrain gmail com)
TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.

[ more ]  [ reply ]
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure 2016-06-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version

[ more ]  [ reply ]
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Vers

[ more ]  [ reply ]
(Page 12 of 1691)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus