BugTraq Mode:
(Page 3 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability 2015-07-16
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability

EMC Identifier: ESA-2015-122

CVE Identifier: CVE-2015-4528

Severity Rating: CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Affected products:

? EMC Documen

[ more ]  [ reply ]
[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure 2015-07-16
Cédric Champeau (cedric champeau gmail com)
Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

All unsupported versions ranging from 1.7.0 to 2.4.3.

Impact

Remote execution of untrusted code, DoS

Description

When an application has Groovy on classpath and that it uses standard
Java serialization mechanims to

[ more ]  [ reply ]
Backdoor and RCE found in 8 TOTOLINK router models 2015-07-15
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing-lists.

The complete version on analysing the backdoor in TOTOLINK products is
posted here:

https://pierrekim.github.io/blog/2015-07-16-backdoor-and-RCE-found-in-8-
TOTOLINK-products.html

=== text-version of the advisory wi

[ more ]  [ reply ]
Backdoor credentials found in 4 TOTOLINK router models 2015-07-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: Backdoor credentials found in 4 TOTOLINK router models
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x03.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-backdoor-credentials-found-i
n-4-TO

[ more ]  [ reply ]
4 TOTOLINK router models vulnerable to CSRF and XSS attacks 2015-07-15
Pierre Kim (pierre kim sec gmail com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

## Advisory Information

Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt
Blog URL: http://pierrekim.github.io/blog/2015-07-16-4-TOTOLINK-products-vulnerabl
e

[ more ]  [ reply ]
15 TOTOLINK router models vulnerable to multiple RCEs 2015-07-15
Pierre Kim (pierre kim sec gmail com) (1 replies)
Hash: SHA512

## Advisory Information

Title: 15 TOTOLINK router models vulnerable to multiple RCEs
Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnera
ble-to-multiple-RCEs.html
Date published:

[ more ]  [ reply ]
Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs 2015-07-16
Joshua Wright (jwright hasborg com)
Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability 2015-07-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability

Advisory ID: cisco-sa-20150715-vds

Revision 1.0

For Public Release 2015 July 15 16:00 UTC (GMT)

+-----------------------------------------------------------

[ more ]  [ reply ]
XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 2015-07-15
Tim Coen (tc coen gmail com)
Vulnerability: XSS, Code Execution, DOS, Password Leak, Weak Authentication
Affected Software: GetSimpleCMS (http://get-simple.info/)
Affected Version: 3.3.5 (probably also prior versions)
Patched Version: 3.3.6 (partial fix)
Risk: Medium-High
Vendor Contacted: 2015-06-14
Vendor Partial Fix: 2015-07

[ more ]  [ reply ]
XSS vulnerability in OFBiz forms 2015-07-15
lilian_iatco yahoo com
https://issues.apache.org/jira/browse/OFBIZ-6506

In Ofbiz form need to escape characters from description column in a display-entity tag to avoid XSS attacks.

<display-entity entity-name="Table" description="${description}" >

I tried to use bsh, as following:
<display-entity entity-name="Table" d

[ more ]  [ reply ]
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect 2015-07-13
Pedro Ribeiro (pedrib gmail com)
tl;dr
Two vulns in Kaseya Virtual System Administrator - an authenticated
arbitrary file download and two lame open redirects.

Full advisory text below and at [1]. Thanks to CERT for helping me to
disclose these vulnerabilities [2].

>> Multiple vulnerabilities in Kaseya Virtual System Administrato

[ more ]  [ reply ]
CFP: Passwords 2015, Dec 7-9, Cambridge, UK 2015-07-10
Per Thorsheim (per thorsheim net)
========================================================================
=
Passwords 2015
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
http://www.cl.cam.ac.uk/events/passwords2015/
https://passwordscon.org/
===============================

[ more ]  [ reply ]
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal 2015-07-13
Brian Cardinale (brian cardinaleconsulting com)
The AjaxControlToolkit prior to version 15.1 has a file upload directory
traversal vulnerability which on a poorly configured web server can lead to
remote code execution.

The issue affects any application using the AjaxFileUpload control. The
vulnerability arises because the =E2=80=9CfileId=E2=80=

[ more ]  [ reply ]
[SYSS-2015-031] sysPass - SQL Injection 2015-07-13
disclosure syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-031
Product: sysPass
Vendor: http://cygnux.org/
Affected Version(s): 1.0.9 and below
Tested Version(s): 1.0.9
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Vendor Notification: 2014-07-27
S

[ more ]  [ reply ]
phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS 2015-07-13
apparitionsec gmail com
[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSQLITECMS0712.txt

Vendor:
================================
phpsqlitecms.net

Product:
================================
ilosuna-phpsqlitecms-d9b8219

Adviso

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2015-192-01) 2015-07-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2015-192-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8 2015-07-10
Tim Coen (tc coen gmail com)
Vulnerability: SQL Injection, Reflected XSS, Path Traversal
Affected Software: ZenPhoto (http://www.zenphoto.org/)
Affected Version: 1.4.8 (probably also prior versions)
Patched Version: 1.4.9
Risk: Medium
Vendor Contacted: 2015-05-18
Vendor Fix: 2015-07-09
Public Disclosure: 2015-07-10

SQL Injecti

[ more ]  [ reply ]
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04740527

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04740527
Version: 1

HPSBGN03373 re

[ more ]  [ reply ]
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products 2015-07-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products

Advisory ID: cisco-sa-20150710-openssl

Revision 1.0

For Public Release 2015 July 10 16:00 UTC (GMT)

+------------------------

[ more ]  [ reply ]
ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability 2015-07-10
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability

EMC Identifier: ESA-2015-115

CVE Identifier: CVE-2015-4526

Severity Rating: CVSSv2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

[ more ]  [ reply ]
CVE-2014-7952, Android ADB backup APK injection vulnerability 2015-07-10
Imre RAD (imre rad search-lab hu)
The Android operating system offers a backup/restore mechanism of
installed packages through the ADB utility. Full backup of applications
including the private files stored on /data partition is performed by
default, but applications can customize this behavior by implementing a
BackupAgent class. T

[ more ]  [ reply ]
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 2

HPSBGN03351 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS) 2015-07-10
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04739301

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04739301
Version: 1

HPSBGN03371 re

[ more ]  [ reply ]
NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability 2015-07-10
VMware Security Response Center (security vmware com)
------------------------------------------------------------------------

VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis: VMware Workstation, Player and Horizon View Client for
Windows updates address a host privilege escalation
vulnerab

[ more ]  [ reply ]
[SECURITY] [DSA 3307-1] pdns-recursor security update 2015-07-09
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3307-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 09, 2015

[ more ]  [ reply ]
[SECURITY] [DSA 3306-1] pdns security update 2015-07-09
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3306-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
July 09, 2015

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2015-190-01) 2015-07-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2015-190-01)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-15:12.openssl 2015-07-09
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-15:12.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software 2015-07-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Multiple Vulnerabilities in Cisco ASA Software

Advisory ID: cisco-sa-20141008-asa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20141008-asa

Revision 3.0

Last Updated 2015 July 8 21:04 UTC (GMT)

For Public Release

[ more ]  [ reply ]
Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution 2015-07-08
andrew panfilov tel
Product: EMC Documentum Content Server
Vendor: EMC
Version: ANY
CVE: N/A
Risk: High
Status: public/not fixed

On November 2013 I discovered vulnerability in EMC Documentum Content Server
which allow authenticated user to execute arbitrary commands using
dm_bp_transition docbase method (for detailed

[ more ]  [ reply ]
(Page 3 of 1620)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus