BugTraq Mode:
(Page 3 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

EMC Identifier: ESA-2016-108

CVE Identifier: CVE-2016-6644

Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected products:

EMC Documen

[ more ]  [ reply ]
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

EMC Identifier: ESA-2016-104

CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643

Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVE

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released 2016-09-13
Brian Demers (bdemers apache org)
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.

This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].

CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically craft

[ more ]  [ reply ]
Multiple DoS vulnerabilities in libosip2-4.1.0 2016-09-13
bshastry sec t-labs tu-berlin de
Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the following functions while parsing SIP messages and leads to a DoS if glibc hardening is enabled.
1. *osip_body_to_str*
2. *_osip_message_to_str*

All files for reproducing the issues have been filed in the bug tracker [1][2] and

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 (2) 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX Guard
Vendor: OX Software GmbH

Internal reference: 47878 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 2.4.2 and earlier
Vulnerable component: guard
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.4.0-rev11, 2.4.2-rev5
Rese

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 46484 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.2 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev46, 7.6.3-re

[ more ]  [ reply ]
AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-007

Product Asterisk
Summary RTP Resource Exhaustion
Nature of Advisory Denial of Service

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-252-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1948

Release Date:
=============
2016-09-08

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Picosmos Shows v1.6.0 - Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1936

Release Date:
=============
2016-09-05

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)
Vulnerability: Adobe ColdFusion <= 11 XXE Injection
CVE: CVE-2016-4264
Vendor ID: APSB16-30
Discovered by: Dawid Golunski (http://legalhackers.com)

Adobe ColdFusion in versions 11 and below is vulnerable to XXE
Injection when processing untrusted office documents.

Depending on a web application's

[ more ]  [ reply ]
CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com
=======

Product: ffmpeg
Affected Versions: <= 3.1.2
Vulnerability Type: Heap Overflow
Security Risk: High
Credit: Yaoguang Chen of Aliapy unLimit Security Team

Introduction
============

$ ffmpeg_debug_312/bin/ffmpeg -i tiled_with_deeptile_type.exr -y xx.png
ffmpeg version 3.1.2 Copyright (c) 20

[ more ]  [ reply ]
Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com
Exploit Title: Infoblox Cross-site scripting vulnerabilities
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Ad

[ more ]  [ reply ]
[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com
Exploit Title: [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting vulnerability
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: [CWE-113:] Improper Neutraliz

[ more ]  [ reply ]
[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3661-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2016

[ more ]  [ reply ]
Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)
Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7
CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Reference: CVE-

[ more ]  [ reply ]
[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3659-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 04, 2016

[ more ]  [ reply ]
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)
Vulnerable versions:
================
Android 6.0.0 MDA89E through 6.0.1 MMB29V (bootloaders bhz10i/k)

Non-vulnerable versions:
====================
Android 6.0.1 MHC19J (bootloader bhz10m) and above.

Details:
======
The attacker reboots the phone into the 'fastboot' mode. A physical
attacker can

[ more ]  [ reply ]
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1935

Release Date:
=============
2016-09-01

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability

Advisory ID: cisco-sa-20160831-spa

Revision 1.0

For Public Release: 2016 August 31 16:00 GMT

+-----------------------------------------------------------------------
--

Summary

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160831-sps3

Revision 1.0

For Public Release 2016 August 31 16:00 UTC (GMT)

+---------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160831-meetings-player

Revision 1.0

For Public Release 2016 August 31 16:00 UTC (GMT)

+----------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052498
33

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05249833
Version: 1

HPSBGN03637 rev.1 - HP Opera

[ more ]  [ reply ]
[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information 2016-08-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052497
60

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05249760
Version: 1

HPSBHF03641 rev.1 - HPE Inte

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2016-242-01) 2016-08-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2016-242-01)

New kernel packages are available for Slackware 14.1 to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/linux-3.10.103/*: Upg

[ more ]  [ reply ]
[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information 2016-08-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052473
75

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05247375
Version: 1

HPSBGN03638 rev.1 - HPE Remo

[ more ]  [ reply ]
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org
------------------------------------------------------------------------
--------
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
---------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3654-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 26, 2016

[ more ]  [ reply ]
Necroscan <= v0.9.1 Buffer Overflow 2016-08-26
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===================
nscan.hypermart.net

Product:
======================================
NECROSOFT

[ more ]  [ reply ]
[SECURITY] [DSA 3652-1] imagemagick security update 2016-08-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3652-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 25, 2016

[ more ]  [ reply ]
(Page 3 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus