BugTraq Mode:
(Page 12 of 1655)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
[slackware-security] libpng (SSA:2015-349-02) 2015-12-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2015-349-02)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[SECURITY] [DSA 3420-1] bind9 security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3420-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3419-1] cups-filters security update 2015-12-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3419-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 15, 2015

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta) 2015-12-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several McAfee "security" products, most notably their Security Scan
Plus (see <http://seclists.org/fulldisclosure/2014/Apr/226> for a
previous advisory) which Adobe pushes to unsuspecting users of Adobe
Reader and Flash Player, are offered as executable installers built
with the vulnerable

[ more ]  [ reply ]
[SECURITY] [DSA 3418-1] chromium-browser security update 2015-12-15
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3418-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
December 14, 2015

[ more ]  [ reply ]
[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS) 2015-12-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04858589

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04858589
Version: 1

HPSBST03517 r

[ more ]  [ reply ]
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370] 2015-12-15
Hector Marco-Gisbert (hecmargi upv es)
Hi everyone,

A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98
(December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be
exploited under certain circumstances, allowing local attackers to bypass any
kind of authentication (plain or hashed passwords).

[ more ]  [ reply ]
phpback v1.1 XSS vulnerability 2015-12-15
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-XSS.txt

Vendor:
====================
www.phpback.org

Product:
===============
phpback v1.1

The open source feedback system, PHPBack is feedback a web application that

[ more ]  [ reply ]
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: Cross-Site Scripting
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015

[ more ]  [ reply ]
[SECURITY] [DSA 3417-1] bouncycastle security update 2015-12-14
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3417-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 14, 2015

[ more ]  [ reply ]
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability 2015-12-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver J2EE Engine 7.40
Vendor URL: http://SAP.com
Bugs: SQL injection
Send: 13.07.2015
Reported: 13.07.2015
Vendor response: 14.07.2015
Date of Pub

[ more ]  [ reply ]
ECommerceMajor SQL Injection Vulnerability 2015-12-13
Rahul Pratap Singh (techno rps gmail com)
#Exploit Title : ECommerceMajor SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 13/Dec/2015
#Home page Link : https://github.com/xlinkerz/ecommerceMajor
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Descrip

[ more ]  [ reply ]
[SECURITY] [DSA 3416-1] libphp-phpmailer security update 2015-12-13
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3416-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 13, 2015

[ more ]  [ reply ]
COM+ Services DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

COM+ Services DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

------------------------------------------------------------------------

Abstract

[ more ]  [ reply ]
Windows Authentication UI DLL side loading vulnerability 2015-12-12
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Windows Authentication UI DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, August 2015

---------------------------------------------------------------------

[ more ]  [ reply ]
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247 2015-12-12
Aravind (altoarun gmail com)
Information

=================================

#Vulnerability type: Cross Site Scripting (XSS)

#Vendor: http://www.synnefoims.com/

#Product: Synnefo Client for Synnefo Internet Management Software

(IMS) 2015 (http://www.synnefoims.com/products.html)

CVE Reference:

=========================

[ more ]  [ reply ]
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2015-12-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 1

HPSBHF03431 r

[ more ]  [ reply ]
APPLE-SA-2015-12-11-1 iTunes 12.3.2 2015-12-11
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-11-1 iTunes 12.3.2

iTunes 12.3.2 is now available and addresses the following:

WebKit
Available for: Windows 7 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple me

[ more ]  [ reply ]
ORGIN STUDIOS Cms Multiple Vulnerability 2015-12-11
iedb team gmail com
sql and Xss Vulnerability in ORGIN STUDIOS Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege 2015-12-08
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of 7-Zip (see <http://www.7-zip.org/>)
and ALL self-extracting archives created with 7-Zip are vulnerable:

1. They load and execute a rogue/bogus/malicious UXTheme.dll [']
eventually found in the directory they are started from (the
"application director

[ more ]  [ reply ]
WordPress <=v4.4 Username Exists Information Disclosure 2015-12-10
John SECURELI.com (john secureli com)
Information security research credited to John Martinelli @
SECURELI.com. (john (at) secureli (dot) com [email concealed])

-----

Affects: WordPress <=v4.4
Vulnerability: Information Disclosure
CVE-ID: Pending
Impact: Username exists disclosure on /wp-login.php

-----

By default, WordPress <=4.4 discloses whether a username

[ more ]  [ reply ]
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability 2015-12-10
Blue Frost Security Research Lab (research bluefrostsecurity de)
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-003 10-December-2015
________________________________________________________________________
________

Vendor: Microso

[ more ]  [ reply ]
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10
SEC Consult Vulnerability Lab (research sec-consult com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <=7.0.611

[ more ]  [ reply ]
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products

Advisory ID: cisco-sa-20151209-java-deserialization

Revision 1.0

For Public Release: 2015 December 9 16:00 GMT
+-----------------------------------------------

[ more ]  [ reply ]
APPLE-SA-2015-12-08-6 Xcode 7.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-6 Xcode 7.2

Xcode 7.2 is now available and addresses the following:

Git
Available for: OS X Yosemite v10.10.5 or later
Impact: Multiple vulnerabilities existed in Git
Description: Multiple vulnerabilities existed in Git versi

[ more ]  [ reply ]
Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability 2015-12-08
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 08/12/2015

Microsoft Windows usp10.dll "GetFontDesc()"

Integer Underflow Vulnerability

================================================

[ more ]  [ reply ]
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 2015-12-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008

OS X El Capitan 10.11.2 and Security Update 2015-008 is now available
and addresses the following:

apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact:

[ more ]  [ reply ]
[SECURITY] [DSA 3414-1] xen security update 2015-12-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3414-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2015

[ more ]  [ reply ]
[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution 2015-12-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04916783

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04916783
Version: 1

HPSBHF03432 r

[ more ]  [ reply ]
APPLE-SA-2015-12-08-2 tvOS 9.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-2 tvOS 9.1

tvOS 9.1 is now available and addresses the following:

AppleMobileFileIntegrity
Available for: Apple TV (4th generation)
Impact: A malicious application may be able to execute arbitrary
code with system privileges
De

[ more ]  [ reply ]
(Page 12 of 1655)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus