BugTraq Mode:
(Page 13 of 1655)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability 2015-12-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability

Advisory ID: cisco-sa-20151209-pca

Revision 1.0

For Public Release 2015 December 9 16:00 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference 2015-12-09
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: Microsoft Windows Media Center link file incorrectly resolved reference
Advisory ID: CORE-2015-0014
Advisory URL: http://www.coresecurity.com/advisories/microsoft-windows-media-center-li
nk-file-incorrectly-resolved-reference
Date published: 2015-12-08
Date of last upd

[ more ]  [ reply ]
[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information 2015-12-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04918839

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04918839
Version: 1

HPSBHF03433 S

[ more ]  [ reply ]
APPLE-SA-2015-12-08-5 Safari 9.0.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-5 Safari 9.0.2

Safari 9.0.2 is now available and addresses the following:

WebKit
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website

[ more ]  [ reply ]
APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-09
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-4 watchOS 2.1

watchOS 2.1 is now available and addresses the following:

AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access t

[ more ]  [ reply ]
APPLE-SA-2015-12-08-1 iOS 9.2 2015-12-08
Apple Product Security (product-security-noreply lists apple com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-1 iOS 9.2

iOS 9.2 is now available and addresses the following:

AppleMobileFileIntegrity
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious application may be able t

[ more ]  [ reply ]
[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information 2015-12-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04918653

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04918653
Version: 1

HPSBMU03520

[ more ]  [ reply ]
Path Traversal via CSRF in bitrix.xscan Bitrix Module 2015-12-09
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23278
Product: bitrix.xscan Bitrix module
Vendor: Bitrix
Vulnerable Version(s): 1.0.3 and probably prior
Tested Version: 1.0.3
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Vendor Patch: November 24, 2015
Public Disclos

[ more ]  [ reply ]
APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2015-12-08-4 watchOS 2.1

watchOS 2.1 is now available and addresses the following:

AppSandbox
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may maintain access t

[ more ]  [ reply ]
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) 2015-12-08
securityresearch shaftek biz
Original:
http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailin
g-apps-did-not-use-ssl.html

CERT Advisory:
https://www.kb.cert.org/vuls/id/439016

Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge)

Overview
Arro and possibly over 100 other Andro

[ more ]  [ reply ]
[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 2015-12-09
Vogt, Thomas (Thomas Vogt secunet com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

secunet Security Networks AG Security Advisory

Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities

1. DETAILS

- ----------

Product: SECURE DATA SPACE

Vendor URL: www.ssp-europe.eu

Type: Cross-site

[ more ]  [ reply ]
XSS vulnerability in Intellect Core banking software - Polaris 2015-12-09
msahu controlcase com
[+] Credits: Mayank Sahu
[+] Email: msahu (at) controlcase (dot) com [email concealed]

Vendor:
====================
Intellect Design Arena (Polaris)

Product:
===================
Intellect Core banking software (Armar module)

Vulnerability Type:
==========================
Cross site scripting - XSS

CVE Reference:
==========

[ more ]  [ reply ]
PHP File Inclusion in bitrix.mpbuilder Bitrix Module 2015-12-09
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23281
Product: bitrix.mpbuilder Bitrix module
Vendor: www.1c-bitrix.ru
Vulnerable Version(s): 1.0.10 and probably prior
Tested Version: 1.0.10
Advisory Publication: November 18, 2015 [without technical details]
Vendor Notification: November 18, 2015
Vendor Patch: November 25, 2015

[ more ]  [ reply ]
WordPress Users Ultra Plugin [Blind SQL injection] - Update 2015-12-08
Panagiotis Vagenas (pan vagenas gmail com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* Exploit Title: WordPress Users Ultra Plugin [Blind SQL injection]
* Discovery Date: 2015/10/19
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://usersultra.co

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege 2015-12-09
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of Google Chrome are vulnerable:

1. ChromeStandaloneSetup.exe and ChromeSetup.exe load and execute
a rogue/bogus/malicious CryptBase.dll (under Windows NT6.x)
from their "application directory" ['].

For software downloaded with a web browser this is

[ more ]  [ reply ]
MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow 2015-12-08
submit cxsec org
Hi @ll,

Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039).

Patch available for:
- OS X El Capitan v10.11 and v10.11.1
- iPhone 4s and later,
- Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- Apple TV (4th generation)

Impact: Processing a malicious

[ more ]  [ reply ]
[SECURITY] [DSA 3415-1] chromium-browser security update 2015-12-10
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3415-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
December 09, 2015

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

executable installers [°] created with JRSoft InnoSetup
(see <http://jrsoftware.org/isinfo.php>; this includes of course
InnoSetup itself too) are vulnerable:

1. They load and execute a rogue/bogus/malicious UXTheme.dll [']
eventually found in the directory they are started from (the

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of the videolan client (VLC, see
<http://www.videolan.org/>) are vulnerable:

1. They load and execute a rogue/bogus/malicious ShFolder.dll ['][²]
(and other DLLs like SetupAPI.dll or UXTheme.dll too) eventually
found in the directory they are started fro

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

executable (un)installers [°] created with Nullsoft Scriptable Install
System (NSIS, see <http://nsis.sourceforge.net/>; for some of its
victims see <http://nsis.sourceforge.net/users>) are vulnerable:

1. They load and execute a rogue/bogus/malicious ShFolder.dll ['][²]
(and other DLLs

[ more ]  [ reply ]
iScripts Multicart Cms Multiple Vulnerability 2015-12-07
iedb team gmail com
Sql And Xss Vulnerability In iScripts Multicart Cms All Version

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@

[ more ]  [ reply ]
WebBoutiques Cms Cross-Site Scripting Vulnerability 2015-12-07
iedb team gmail com


#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege 2015-12-07
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers [°] of all versions of SumatraPDF (see
<http://www.sumatrapdfreader.org/free-pdf-reader-de.html>) are
vulnerable:

1. On Windows Embedded POSReady 2009 (alias Windows XP SP3) the
installer of the current version 3.1.1 loads and executes a
rogue/bogus/maliciou

[ more ]  [ reply ]
Command Injection in cool-video-gallery v1.9 Wordpress plugin 2015-12-07
Larry Cashdollar (larry0 me com)
Title: Command Injection in cool-video-gallery v1.9 Wordpress plugin
Author: Larry W. Cashdollar, @_larry0
Date: 2015-11-29
Download Site: https://wordpress.org/plugins/cool-video-gallery/
Vendor: https://profiles.wordpress.org/praveen-rajan/
Vendor Notified: 2015-11-30
Vendor Contact:
https://word

[ more ]  [ reply ]
[SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79) 2015-12-07
disclosure syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-047
Product: sysPass
Vendor: http://cygnux.org/
Affected Version(s): 1.1.2.23 and below
Tested Version(s): 1.1.2.23
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification:

[ more ]  [ reply ]
[SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932) 2015-12-07
disclosure syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-046
Product: sysPass
Manufacturer: http://cygnux.org/
Affected Version(s): 1.0.9 and below
Tested Version(s): 1.0.9
Vulnerability Type: Insecure Direct Object References (CWE-932)
Exposure of Backup File to a

[ more ]  [ reply ]
Edimax BR-6478AC & Others Multiple Vulnerabilites 2015-12-07
mwinstead3790 gmail com
* Exploit Title: Edimax BR-6478AC & Others Mutiple root-level execution vulnerabilities
* Discovery Date: 2015/06
* Public Disclosure Date: 2015/12/06
* Vulnerability Author: Michael Winstead
* Vendor Homepage: http://www.edimax.com/edimax/global/
* Category: embedded routers

Description
==========

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:26.openssl 2015-12-05
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:26.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass 2015-12-04
KoreLogic Disclosures (disclosures korelogic com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass

Title: Linksys EA6100 Wireless Router Authentication Bypass
Advisory ID: KL-001-2015-006
Publication Date: 2015.12.04
Publication URL: https://www.korelogic.com/Resources/Advisori

[ more ]  [ reply ]
[SECURITY] [DSA 3413-1] openssl security update 2015-12-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3413-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2015

[ more ]  [ reply ]
(Page 13 of 1655)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus