BugTraq Mode:
(Page 3 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ER

[ more ]  [ reply ]
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability 2016-07-14
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in WP No External Links WordPress
Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for
WordPress
------------------------------------------------------------------------

Yorick Koster, July 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin 2016-07-13
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability 2016-07-13
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability

Advisory ID: cisco-sa-20160713-ncs6k

Revision 1.0

For Public Release 2016 July 13 16:00 UTC (GMT)

+-------------------------------------------------

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-07-13 2016-07-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45796 / 45811 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev44,

[ more ]  [ reply ]
missing input validation in pmount: arbitrary mount as non-root 2016-07-13
Imre RAD (imre rad search-lab hu)
Summary:
--------
pmount is a wrapper around the standard mount program which permits
normal users to mount removable devices without a matching /etc/fstab entry.
Due to a missing input validation check local users could mount devices
to arbitrary destinations and thus taking over the targeted syste

[ more ]  [ reply ]
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers 2016-07-12
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of Flash Player released 2016-06-15
fixed CVE-2016-1014 in the second attempt, but another vulnerability
remained: they create(d) and use(d) UNSAFE temporary subdirectories
into which they copy/ied themselves and extract(ed) a file "fpb.tmp"
which they load(ed) and

[ more ]  [ reply ]
Easy Forms for MailChimp Local File Inclusion vulnerability 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Easy Forms for MailChimp Local File Inclusion vulnerability
------------------------------------------------------------------------

Yorick Koster, July 2016

--------------------------------------------------------------------

[ more ]  [ reply ]
WP Fastest Cache Member Local File Inclusion vulnerability 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

WP Fastest Cache Member Local File Inclusion vulnerability
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Email Users WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin 2016-07-12
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code 2016-07-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05200601

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05200601
Version: 1

HPSBHF03608 r

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WordPress Activity Log plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WordPress Activity Log plugin
------------------------------------------------------------------------

Han Sahin, July 2016

-------------------------------------------------------------------

[ more ]  [ reply ]
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Scripting [CWE-79]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.5 (CVSS:

[ more ]  [ reply ]
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries 2016-07-11
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Apache Archiva
Vendor URL: https://archiva.apache.org
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-05-31
Date published: 2016-07-11
CVSSv3 Score: 5.4

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WP Live Chat Support plugin 2016-07-11
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WP Live Chat Support plugin
------------------------------------------------------------------------

Han Sahin, July 2016

---------------------------------------------------------------------

[ more ]  [ reply ]
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin 2016-07-10
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
------------------------------------------------------------------------

David Vaartjes, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
BMW - (Token) Client Side Cross Site Scripting Vulnerability 2016-07-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BMW - (Token) Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1737

Release Date:
=============
2016-07-06

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
BMW ConnectedDrive - (Update) VIN Session Vulnerability 2016-07-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
BMW ConnectedDrive - (Update) VIN Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1736

Release Date:
=============
2016-07-07

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Microsoft Process Kill Utility "kill.exe" Buffer Overflow 2016-07-08
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFL
OW.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
=========================================
Microsoft Process K

[ more ]  [ reply ]
Microsoft WinDbg logviewer.exe Buffer Overflow DOS 2016-07-08
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDBG-LOGVIEWER-BUFFER-OV
ERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
====================
WinDbg logviewer.exe

LogViewer (log

[ more ]  [ reply ]
[slackware-security] samba (SSA:2016-189-01) 2016-07-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] samba (SSA:2016-189-01)

New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information 2016-07-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05194709

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05194709
Version: 1

HPSBGN03628 r

[ more ]  [ reply ]
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability 2016-07-07
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
---
IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
------------------------------------------------------------------------
---

[-] Software Link:

https://invisionpower.com/

[-] Affected Versions

[ more ]  [ reply ]
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) 2016-07-06
David Coomber (davidcoomber infosec gmail com)
Acer Portal Android Application - MITM SSL Certificate Vulnerability
(CVE-2016-5648)
--
http://www.info-sec.ca/advisories/Acer-Portal.html

Overview

"Acer BYOCâ??s suite of Apps allows you to start building your own cloud
to connect and share everything in your life between your smart
devices and y

[ more ]  [ reply ]
[SECURITY] [DSA 3617-1] horizon security update 2016-07-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3617-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 06, 2016

[ more ]  [ reply ]
(Page 3 of 1684)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus