BugTraq Mode:
(Page 14 of 1715)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.1 denial of service Vulnerability 2017-01-10
iedb team gmail com
DirectAdmin Control Panel version 1.50.1 suffers from a denial of service vulnerability.

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2017-01-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability 2017-01-10
iedb team gmail com
DirectAdmin Control Panel version 1.50.1 suffers from a cross site scripting vulnerability.

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@

[ more ]  [ reply ]
QuickBooks 2017 Admin Credentials Disclosure 2017-01-06
info thegrideon com
+ Credits: Maxim Tomashevich
+ Website: https://www.thegrideon.com/quickbooks-forensics.html
+ Details: https://www.thegrideon.com/qb-internals-2017.html

Vendor:
---------------------
www.intuit.com
www.intuit.ca

Product:
---------------------
QuickBooks Desktop
versions: 2017

Vulnerability Ty

[ more ]  [ reply ]
[SECURITY] [DSA 3753-1] libvncserver security update 2017-01-05
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3753-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 05, 2017

[ more ]  [ reply ]
[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure 2017-01-05
Mark Thomas (markt apache org)
CVE-2016-8745 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M13
Apache Tomcat 8.5.0 to 8.5.8
Apache Tomcat 8.0.0.RC1 to 8.0.39 (new)
Apache Tomcat 7.0.0 to 7.0.73 (new)
Apache Tomcat 6.0.16 to 6.0

[ more ]  [ reply ]
ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities 2017-01-05
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities

EMC Identifier: ESA-2016-157

CVE Identifier: CVE-2016-9867, CVE-2016-9868, CVE-2016-9869

Severity Rating: CVSS v3Base Score: See below for individual scores

Affected products:

EMC Scale

[ more ]  [ reply ]
[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-01-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053619
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05361944

Version: 1

HPSBGN03688 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3750-2] libphp-phpmailer regression update 2017-01-03
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
January 3, 2017

[ more ]  [ reply ]
0-day: QNAP NAS Devices suffer of heap overflow 2016-12-31
bashis (mcw noemail eu)
Greetings,

Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting vulnerability, and twice I got mailer-daemon back.

So, Iâ??ll post my vulnerabilities here instead (Was not meant to be 0-dayâ?¦ whatever).

Have a nice day (and happy new ye

[ more ]  [ reply ]
[SECURITY] [DSA 3750-1] libphp-phpmailer security update 2016-12-31
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3750-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
December 31, 2016

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2016-365-03) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2016-365-03)

New seamonkey packages are available for Slackware 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ]  [ reply ]
Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability 2016-12-31
Pedro Santos (pedrosans gmail com)
Forwarding the message em plain text mode to:

- be accepted by securityfocus's mail server ( didn't accepted MIME
Content-Type 'multipart/alternative' )
- add oss-security (at) lists.openwall (dot) com [email concealed] at the open receiver ( openwall
is not accepting emails if in BCC)
- adding missing Apache's security team (

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-365-02) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-365-02)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
[slackware-security] libpng (SSA:2016-365-01) 2016-12-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libpng (SSA:2016-365-01)

New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage 2016-12-28
Oleksandr Rudyy (orudyy gmail com)
[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage

Vendor: The Apache Software Foundation

Versions Affected: Apache Qpid Broker for Java versions 6.0.1,
6.0.2, 6.0.3, 6.0.4, 6.0.5, and 6.1.0

Description:

The Qpid Broker for Java can be configured to use differen

[ more ]  [ reply ]
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) 2016-12-28
Dawid Golunski (dawid legalhackers com)
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit
(CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Desc:

I discovered that the current PHPMailer versions (< 5.2.20) were still
vulnerable to RCE as it is possible t

[ more ]  [ reply ]
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] 2016-12-27
Dawid Golunski (dawid legalhackers com)
PHPMailer < 5.2.18 Remote Code Execution
CVE-2016-10033

Here's an updated version of the advisory with more details + simple PoC.

Still incomplete. There will be more updates/exploits soon at:

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-C
VE-2016-10033-Vuln.html

https:/

[ more ]  [ reply ]
[SECURITY] [DSA 3746-1] graphicsmagick security update 2016-12-24
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3746-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
December 24, 2016

[ more ]  [ reply ]
[slackware-security] expat (SSA:2016-359-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] expat (SSA:2016-359-01)

New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-------------------------

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-358-02) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-358-02)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] httpd (SSA:2016-358-01) 2016-12-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] httpd (SSA:2016-358-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
XAMPP Control Panel Memory Corruption Denial Of Service 2016-12-24
apparitionsec gmail com (HYP3RLINX)
[+] Credits: John Page (hyp3rlinx)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CO
RRUPTION-DOS.txt

[+] ISR: ApparitionSec

Vendor:
=====================
www.apachefriends.org

Product:
===================
XAMPP Cont

[ more ]  [ reply ]
[SECURITY] [DSA 3744-1] libxml2 security update 2016-12-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3744-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp 2016-12-22
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2014-4138: MSIE 11 MSHTML CPaste­Command::Convert­Bitmapto­Png heap-based buffer overflow 2016-12-21
Berend-Jan Wever (berendj nwever nl)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issue

[ more ]  [ reply ]
[SECURITY] [DSA 3732-2] php-ssh2 regression update 2016-12-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3732-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
December 21, 2016

[ more ]  [ reply ]
ASP.NET Core 5-RC1 HTTP Header Injection 2016-12-21
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: ASP.NET Core
# Vendor: Microsoft https://www.microsoft.com
# CSNC ID: CSNC

[ more ]  [ reply ]
(Page 14 of 1715)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus