BugTraq Mode:
(Page 13 of 1694)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >
Cross-Site Scripting vulnerability in Email Users WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code 2016-07-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05200601

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05200601
Version: 1

HPSBHF03608 r

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WordPress Activity Log plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WordPress Activity Log plugin
------------------------------------------------------------------------

Han Sahin, July 2016

-------------------------------------------------------------------

[ more ]  [ reply ]
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.5 (CVSS:

[ more ]  [ reply ]
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.4

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WP Live Chat Support plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WP Live Chat Support plugin
------------------------------------------------------------------------

Han Sahin, July 2016

---------------------------------------------------------------------

[ more ]  [ reply ]
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin 2016-07-10
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
------------------------------------------------------------------------

David Vaartjes, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
BMW - (Token) Client Side Cross Site Scripting Vulnerability 2016-07-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BMW - (Token) Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1737

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
BMW ConnectedDrive - (Update) VIN Session Vulnerability 2016-07-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BMW ConnectedDrive - (Update) VIN Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1736

Release Date:
=============
2016-07-07

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Microsoft Process Kill Utility "kill.exe" Buffer Overflow 2016-07-08
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFL
OW.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
=========================================
Microsoft Process K

[ more ]  [ reply ]
Microsoft WinDbg logviewer.exe Buffer Overflow DOS 2016-07-08
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDBG-LOGVIEWER-BUFFER-OV
ERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
====================
WinDbg logviewer.exe

LogViewer (log

[ more ]  [ reply ]
[slackware-security] samba (SSA:2016-189-01) 2016-07-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2016-189-01)

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information 2016-07-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05194709

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05194709
Version: 1

HPSBGN03628 r

[ more ]  [ reply ]
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability 2016-07-07
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
---
IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
------------------------------------------------------------------------
---

[-] Software Link:

https://invisionpower.com/

[-] Affected Versions

[ more ]  [ reply ]
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) 2016-07-06
David Coomber (davidcoomber infosec gmail com)
Acer Portal Android Application - MITM SSL Certificate Vulnerability
(CVE-2016-5648)
--
http://www.info-sec.ca/advisories/Acer-Portal.html

Overview

"Acer BYOCâ??s suite of Apps allows you to start building your own cloud
to connect and share everything in your life between your smart
devices and y

[ more ]  [ reply ]
[SECURITY] [DSA 3617-1] horizon security update 2016-07-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3617-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 06, 2016

[ more ]  [ reply ]
Re: Putty (beta 0.67) DLL Hijacking Vulnerability 2016-07-06
wsachin092 gmail com
Can you please assign the CVE for http://seclists.org/bugtraq/2016/Jul/26

1. Create malicious dll file and save it as UxTheme.dll or ntmarta.dll in your "Downloads" directory.

2. Download https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe and save it in your "Downloads"
directory.

3. Ex

[ more ]  [ reply ]
ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability 2016-07-06
Security Alert (Security_Alert emc com)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability

EMC Identifier: ESA-2016-054

CVE Identifier: CVE-2016-0906

Severity Rating: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected products:

[ more ]  [ reply ]
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability 2016-07-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1872

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Teampass 2.1.26 - Authenticated File Upload Vulnerability 2016-07-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Teampass 2.1.26 - Authenticated File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1866

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
IBM BlueMix Cloud - (API) Persistent Web Vulnerability 2016-07-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
IBM BlueMix Cloud - (API) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1846

IBM Security Tracking ID: 5377-12593283

Release Date:
=============
2016-07-04

Vulnerability Laboratory ID

[ more ]  [ reply ]
[security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access 2016-07-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05184351

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05184351
Version: 1

HPSBHF03613 r

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-187-01) 2016-07-05
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-187-01)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and
- -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
Putty (beta 0.67) DLL Hijacking Vulnerability 2016-07-05
wsachin092 gmail com
/*
Exploit Title: Putty DLL Hijacking Exploit ( UxTheme.dll or ntmarta.dll )
Vendor Homepage:https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
Author: Sachin Wagh (@tiger_tigerboy)
Linkedin: https://in.linkedin.com/in/sachin-wagh-95b17555
Affected Version: beta 0.67
Tested on: Windows 7 Ulti

[ more ]  [ reply ]
Apple Safari for Mac OS X SVG local XXE 2016-07-05
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA16-003
Title: Apple Safari for Mac OS X SVG local XXE
Product: Apple Safari for Mac OS X
Version: 9.1.1 and probably prior
Vendor: apple.com
Vulnerability type: XXE
Risk level: Medium
Credit: Filippo Cavallarin - wearesegment.com
CVE: N/A
Vendor notification: 2015-04-08
Vendor fix:

[ more ]  [ reply ]
Syslog Server "npriority" field remote Denial of Service vulnerability 2016-07-04
chaoyi huang connect polyu hk
Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server

Software Version : Syslog Server 1.2.3

Vendor: https://sourceforge.net/p/syslog-server/

Vulnerability Published : 2016-07-02

Vulnerability Update Time :

Status :

Impact : Medium(CVSS2 Base :

[ more ]  [ reply ]
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c 2016-07-04
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.6/kernel/auditsc.c, and crafted user space data change under race condition will make control strings processe

[ more ]  [ reply ]
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability 2016-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1868

Release Date:
=============
2016-07-04

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability 2016-07-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1867

Release Date:
=============
2016-07-01

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
(Page 13 of 1694)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus