BugTraq Mode:
(Page 4 of 1679)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
XML External Entity XXE vulnerability in OpenID component of Liferay 2016-06-02
Sandro Gauci (sandro enablesecurity com)
# XML External Entity XXE vulnerability in OpenID component of Liferay

- Author: Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
- Liferay reference: LPS-58014
- Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-life
ray

[ more ]  [ reply ]
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158380

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158380
Version: 1

HPSBMU03612

[ more ]  [ reply ]
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158626

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158626
Version: 1

HPSBOV03615 r

[ more ]  [ reply ]
[SECURITY] [DSA 3592-1] nginx security update 2016-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3592-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20160601-prime3

Revision 1.0

For Public Release 2016 June 1 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summa

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160601-prime

Version 1.0: Final

For public release: 2016 June 1 16:00 GMT

+--------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157423

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157423
Version: 1

HPSBGN03609 r

[ more ]  [ reply ]
[SECURITY] [DSA 3591-1] imagemagick security update 2016-06-01
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3591-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
June 01, 2016

[ more ]  [ reply ]
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU
TION.txt

[+] ISR: apparitionsec

Vendor:
==========
sourceforge.net
smsid

download linx:
sourceforge.net/projects/ajax-explorer/files/

Product:
=

[ more ]  [ reply ]
[SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3590-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 01, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:20.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:22.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:23.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:21.43bsd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution

A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.

De

[ more ]  [ reply ]
[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Websockify: Remote Code Execution via Buffer Overflow

RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.

Details
=======

Product: Websockify C implementation
Affected Versions: all versi

[ more ]  [ reply ]
[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monit

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-152-02) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-152-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] imagemagick (SSA:2016-152-01) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] imagemagick (SSA:2016-152-01)

New imagemagick packages are available for Slackware 14.0, 14.1, and -current
to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] Lorex ECO DVR Hard coded password 2016-05-30
andrew hofmans gmail com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1. ADVISORY INFORMATION
=======================
Product: Lorex ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard coded password [CWE-259]
Date found: 2016-05-04
Date published: 2016-05-30
CVE: -

2. CREDITS
==========
This vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3589-1] gdk-pixbuf security update 2016-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3589-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2016

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0004 2016-05-30
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory UR

[ more ]  [ reply ]
[oCERT 2016-001] Jetty path sanitization issues 2016-05-30
Daniele Bianco (danbia ocert org)

Description:

Jetty is a Java HTTP (Web) server and Servlet container.

The Jetty path normalization mechanism suffers of an implementation issue
when parsing the request URLs.

The path normalization logic implemented in the PathResource class and
introduced in Jetty versions 9.3.x can be defeate

[ more ]  [ reply ]
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router 2016-05-28
mohitreload gmail com
Intex Wireless N150 Easy Setup Router
Vulnerabilities
1. Overview
Intex Wireless N150 Easy Setup Router, firmware version: V5.07.51_en_INX01, uses default credentials, vulnerable to cross-site request forgery, clear text Transmission of Sensitive Information and other attacks.
2. Vulnerabilities
1

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-148-03) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-148-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3588-1] symfony security update 2016-05-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3588-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
May 29, 2016

[ more ]  [ reply ]
[slackware-security] libxslt (SSA:2016-148-02) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxslt (SSA:2016-148-02)

New libxslt packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] libxml2 (SSA:2016-148-01) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2016-148-01)

New libxml2 packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway 2016-05-27
Daniel Schliebner (DSchliebner persicon com)
PERSICON Security Advisory
=======================================================================
Title: Login Form Hijacking vulnerability
Product: Citrix Netscaler
Vulnerable Version: 11.0 Build 64.35
Fixed Version: 11.0 Build 66.11

[ more ]  [ reply ]
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass 2016-05-27
Keith W (keith wall gmail com)
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.2 and earlier

Description:

The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and
0-10 connections contains a

[ more ]  [ reply ]
(Page 4 of 1679)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus