BugTraq Mode:
(Page 14 of 1672)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
[SECURITY] [DSA 3500-1] openssl security update 2016-03-01
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3500-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
March 01, 2016

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege 2016-03-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi,

putty-0.66-installer.exe loads and executes DWMAPI.dll or
UXTheme.dll from its "application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory: see
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directo

[ more ]  [ reply ]
[SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in 2016-03-01
adrian vollmer syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2016-009
Product: Sophos UTM 525 Full Guard
Vendor: Sophos
Affected Version(s): 9.352-6, 94988
Tested Version(s): 9.352-6, 94988
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Vendor N

[ more ]  [ reply ]
WordPress plugin GravityForms Cross-site Scripting vulnerability 2016-03-01
Henri Salo (henri salo nixu com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: WordPress plugin GravityForms
Product URL: http://www.gravityforms.com/
Vendor: Rocketgenius

Vulnerability Type: Reflected Cross-site Scripting (CWE-79)
Vulnerable Versions: 1.9.15.11 (other versions not tested)
Fixed Version: 1.9.16
Solution

[ more ]  [ reply ]
Microsoft PowerPointViewer Code Execution 2016-03-01
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-PPT-VIEWER-CODE-EXE
C.txt

Vendor:
===================
www.microsoft.com

Product:
============================
Microsoft PowerPoint Viewer
version: 12.0.6600.1000

V

[ more ]  [ reply ]
[security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS) 2016-02-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05019901

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05019901
Version: 1

HPSBUX03552 S

[ more ]  [ reply ]
[SYSS-2015-069] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-069
Product: perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vulne

[ more ]  [ reply ]
[SYSS-2015-067] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-067
Product: perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vulne

[ more ]  [ reply ]
[SYSS-2015-066] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-066
Product: perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vulne

[ more ]  [ reply ]
[SYSS-2015-070] perfact::mpa - Cross-Site Scripting 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-070
Product: perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vulne

[ more ]  [ reply ]
[SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-071
Product(s): perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vu

[ more ]  [ reply ]
[SYSS-2015-072] perfact::mpa - Insecure Direct Object References 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-072
Product(s): perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vu

[ more ]  [ reply ]
[SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site 2016-02-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-073
Product(s): perfact::mpa
Manufacturer: PerFact Innovation GmbH & Co. KG
Affected Version(s): Custom versions using PerFact DB_Utils (Toolkit) < v3.2
Tested Version(s): Custom version with PerFact DB_Utils (Toolkit) < v3.2
Vu

[ more ]  [ reply ]
Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability 2016-02-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1772

Release Date:
=============
2016-02-29

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability 2016-02-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1771

Release Date:
=============
2016-02-29

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
[SECURITY] [DSA 3495-1] xymon security update 2016-02-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3495-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 29, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3498-1] drupal7 security advisory 2016-02-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3498-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3499-1] pillow security update 2016-02-28
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3499-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 28, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3496-1] php-horde-core security update 2016-02-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3496-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 28, 2016

[ more ]  [ reply ]
Call For Papers - CISTI 2016 Workshops - Deadline March 15 2016-02-28
Maria Lemos (marialemos72 gmail com)
------------------------------------------------------------------------
-----
CISTI'2016 Workshops
Gran Canaria, Canary Islands, Spain
June 15 - 18, 2016
http://www.aisti.eu/cisti2016/index.php/es/xpto
------------------------------------------------------------------------
-----

Introduction
-----

[ more ]  [ reply ]
[SECURITY] [DSA 3497-1] php-horde security update 2016-02-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3497-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 28, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3494-1] cacti security update 2016-02-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3494-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 27, 2016

[ more ]  [ reply ]
Re: Symantec EP DOS 2016-02-27
hyp3rlinx lycos com
*** Be aware "Gerado Sanchez" is re-posting and stealing vulnerability reports work/credits as his own, he is also using similar nicknames, emails etc.

ORIGINAL Symantec EP DOS POST from "hyp3rlinx" is found here dated Jul 08 2015.
http://www.securityfocus.com/archive/1/535958

[ more ]  [ reply ]
[slackware-security] libssh (SSA:2016-057-01) 2016-02-26
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libssh (SSA:2016-057-01)

New libssh packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/li

[ more ]  [ reply ]
[security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-02-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05008367

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05008367
Version: 1

HPSBGN03549 r

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege 2016-02-26
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Cygwin's setup-x86.exe loads and executes UXTheme.dll
(on Windows XP also ClbCatQ.dll) and some more DLLs from its
"application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory: see
<https://insights.sei.cmu.edu/

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege 2016-02-26
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Google's software_removal_tool.exe alias Chrome Cleanup Tool loads
and executes several DLLs from its "application directory" during
runtime:

* Windows XP:
SetupAPI.dll, NTMarta.dll, ClbCatQ.dll, SRClient.dll, UXTheme.dll,
RASAPI32.dll, HNetCfg.dll, IPHlpAPI.dll, RASAdHlp.dll, XPSP2Res

[ more ]  [ reply ]
Zimbra Cross-Site Scripting vulnerabilities 2016-02-25
pxli fortinet com
Recently Zimbra Collaboration 8.6 Patch 5 was released. It fixed two Cross-Site Scripting vulnerabilities discovered by Fortinet's FortiGuard Labs.

More details can be found at
https://community.zimbra.com/collaboration/f/1884/t/1140919
http://www.fortiguard.com/advisory/fortinet-discovers-zimbra-c

[ more ]  [ reply ]
WordPress plugin wp-ultimate-exporter SQL injection vulnerability 2016-02-25
Henri Salo (henri nerv fi)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

After reading bugtraq post[1] I noticed additional vulnerability from WordPress
plugin wp-ultimate-exporter[2]. Versions 1.0 and 1.1 are affected of SQL
injection vulnerability without authentication.

1: http://seclists.org/bugtraq/2016/Feb/172
2: http

[ more ]  [ reply ]
(Page 14 of 1672)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus