BugTraq Mode:
(Page 3 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 2

HPSBUX03665 rev.2

[ more ]  [ reply ]
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
55

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324755

Version: 1

HPSBGN03669 rev.1

[ more ]  [ reply ]
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 2016-11-14
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161114-0 >
=======================================================================
title: Multiple vulnerabilities
product: I-Panda SolarEagle - Solar Controller Administration
Software / MPPT Solar Co

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-13
iedb team gmail com
Mail Delivery Reports crash database Local Vulnerability in WHM Panel All Version

###########################

# WHM Panel Mail Delivery Reports crash database Vulnerability

###########################

#####################################

# Iranian Exploit DataBase And Security

[ more ]  [ reply ]
Multiple vulnerabilities in Barco Clickshare 2016-11-14
vincent ruijter kpn com
CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1
Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1).
A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-12
iedb team gmail com
Mail Delivery Reports crash database in whm panel 60.0 ( build 17) version local exploit
Pic:http://kkli.ir/C6LGY

#####################################

# Iranian Exploit DataBase And Security Team - iedb.ir

# Title : WHM Panel Mail Delivery Reports crash database Vulnerability

#

[ more ]  [ reply ]
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details 2016-11-14
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
tenth entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161114001.html.

Follow me on http://twitter.co

[ more ]  [ reply ]
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE 2016-11-13
Maxim Solodovnik (solomax apache org)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Apache Openmeetings is vulnerable to Remote Code
Execution via RMI deserialization attack

The issue was fixed in 3.1.2
All users are recommended to upgrade to Apache OpenMeetings 3

[ more ]  [ reply ]
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart 2016-11-12
unlimitsec gmail com
Description of the potential vulnerability:
Severity: Low
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart.
The patch fixes the vuln

[ more ]  [ reply ]
[SECURITY] [DSA 3711-1] mariadb-10.0 security update 2016-11-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3711-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 11, 2016

[ more ]  [ reply ]
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Microsoft Windows OTF Parsing Table Encoding Record Offset

Vulnerability

=================================================================

[ more ]  [ reply ]
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser 2016-11-10
tallison apache org
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.6-1.13

Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files. T

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected S

[ more ]  [ reply ]
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.

Th

[ more ]  [ reply ]
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10
nickyccwu tencent com
Document Title:
===============
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0

References (Source):
====================
https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-
sql-injection-vulnerability-in-exponent-cms-240-4
https://github.com/exponentcms/exponent-cms/com

[ more ]  [ reply ]
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventh entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
th

[ more ]  [ reply ]
[SECURITY] [DSA 3709-1] libxslt security update 2016-11-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3709-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 08, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution 2016-11-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053274
47

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05327447

Version: 1

HPSBGN03670 rev.1

[ more ]  [ reply ]
URL Redirection Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com
URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

De

[ more ]  [ reply ]
Cross-Site Scripting in Calendar WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Calendar WordPress Plugin
------------------------------------------------------------------------

Remco Vermeulen, July 2016

------------------------------------------------------------------------

Abs

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress
Plugin
------------------------------------------------------------------------

Burak Kelebek, October 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
Cross Site Scripting Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com
Overview
========

* Title : Cross Site Scripting Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

Description
===========

About the Product
=====

[ more ]  [ reply ]
[SECURITY] [DSA 3707-1] openjdk-7 security update 2016-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3707-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2016

[ more ]  [ reply ]
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow 2016-11-07
Pedro Ribeiro (pedrib gmail com)
tl;dr

A stack bof in several Dlink routers, which can be exploited by an
unauthenticated attacker in the LAN. There is no patch as Dlink did not
respond to CERT's requests. As usual, a Metasploit module is in the
queue (see [9] below) and should hopefully be integrated soon.

The interesting thing

[ more ]  [ reply ]
[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution 2016-11-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258
36

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05325836

Version: 1

HPSBGN03643 rev.1

[ more ]  [ reply ]
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1931

Release Date:
=============
2016-11-07

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1871

Release Date:
=============
2016-11-04

Vulnerability Laboratory ID (VL-ID):
================

[ more ]  [ reply ]
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1870

Release Date:
=============
2016-11-03

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
(Page 3 of 1700)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus