BugTraq Mode:
(Page 4 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-01-30
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer winima90.exe and previous versions
available from <http://www.winimage.com> loads and executes
CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll
from its "application directory".

Self-extracting executables created with WinImage load and
execute CRTdll.dl

[ more ]  [ reply ]
WP-Comment-Rating XSS Vulnerability 2016-01-30
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : wp-comment-rating
#Exploit Author : Rahul Pratap Singh
#Version : 1.5.0
#Home page Link :
http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 30/Jan/201

[ more ]  [ reply ]
OpenXchange | Information Disclosure 2016-01-30
t schughart prosec-networks com
Hi@all,

there is an information disclosure in OpenXchange (prior 7.8).
An authenticated user can enumerate all imap user folders. If you browse
the PoC you get an permission denied error, but the folderâ??s name is
reflected into the page in json format.

About Open Xchange:
Open-Xchange[2] devel

[ more ]  [ reply ]
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability 2016-01-30
t schughart prosec-networks com
Hi@all,

VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.

If the expiration header is not set, the signature never expires. This
means, that the e-mail, perhaps catched while performing a man in the
mi

[ more ]  [ reply ]
[SECURITY] [DSA 3460-1] privoxy security update 2016-01-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3460-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 30, 2016

[ more ]  [ reply ]
CVE-2015-5344 - Apache Camel medium disclosure vulnerability 2016-01-30
Claus Ibsen (claus ibsen gmail com)
Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks

Apache Camel's camel-xstream component is vulnerable to Java object
de-serialisation vulnerability.
Such as de-serializing untrusted data can lead to security flaws as
demonstrated in various similar reports about Java de-s

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:11.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 3

HPSBHF03419 r

[ more ]  [ reply ]
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network 2016-01-29
kingkaustubh me com
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

About the Product:
==

[ more ]  [ reply ]
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953655
Version: 1

HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote
Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon a

[ more ]  [ reply ]
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation 2016-01-29
graphx sigaint org
# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10

1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagemen

[ more ]  [ reply ]
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952488

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952488
Version: 1

HPSBOV03540 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952480

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952480
Version: 1

HPSBHF03539 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04949778
Version: 1

HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible

[ more ]  [ reply ]
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution 2016-01-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04953244

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953244
Version: 1

HPSBGN03542 r

[ more ]  [ reply ]
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-01-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
ProjectSend multiple vulnerabilities 2016-01-29
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA-16001
Title: ProjectSend multiple vulnerabilities
Product: ProjectSend (previously cFTP)
Version: r582 and probably prior
Vendor: www.projectsend.org
Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference
Risk level: 4 / 5
Credit: f

[ more ]  [ reply ]
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) 2016-01-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04952467

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952467
Version: 1

HPSBHF03538 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04939841

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04939841
Version: 3

HPSBHF03535 r

[ more ]  [ reply ]
CVE-2015-7521: Apache Hive authorization bug disclosure 2016-01-28
khorgath apache org (Sushanth Sowmyan)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2015-7521: Apache Hive authorization bug disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Hive 1.0.0 - 1.0.1
Apache Hive 1.1.0 - 1.1.1
Apache Hive 1.2.0 - 1.2.1

Description:

Some partition-level op

[ more ]  [ reply ]
[SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3459-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 28, 2016

[ more ]  [ reply ]
New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
New Era Company CMS - (id) SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1678

Release Date:
=============
2016-01-28

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability 2016-01-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1661

Video: http://www.vulnerability-lab.com/get_content.php?id=1688

Release Date:
=============
2

[ more ]  [ reply ]
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase 2016-01-28
Hacking Corporation Sàrl (releases hackingcorp ch)
------------------------------------------------------------------------
----
Advisory ID: HCA0005 - http://hackingcorp.ch/advisories/HCA0005.pdf
Product: Horizon HD / WiFi
Vendor: Liberty Global plc companies (Unitymedia GmbH, UPC Cablecom, ...)
Affected Version(s): unknown
Tested Version(s): curren

[ more ]  [ reply ]
[SECURITY] [DSA 3458-1] openjdk-7 security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3458-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3457-1] iceweasel security update 2016-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3457-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2016

[ more ]  [ reply ]
Log2Space Central v 6.2 Multiple XSS Vulnerability 2016-01-27
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Log2Space Central
#Exploit Author : Rahul Pratap Singh
#Version : 6.2
#Home page Link :
http://www.spacecom.co.in/log2spacecentralserver_overview.html
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date :

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV220W Management Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160127-rv220

Revision 1.0

For Public Release 2016 January 27 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability 2016-01-27
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wide Area Application Service CIFS Denial of Service Vulnerability

Advisory ID: cisco-sa-20160127-waascifs

Revision 1.0

For Public Release 2016 January 27 16:00 UTC (GMT)

+---------------------------------------------------------------------

[ more ]  [ reply ]
Netgear GS105Ev2 - Multiple Vulnerabilities 2016-01-27
benedikt westermann i-sec tuv com
# Multiple Vulnerabilities - Netgear GS105Ev2

## Product

Vendor: Netgear

Model: GS105Ev2

Firmware version: 1.3.0.3,1.4.0.2

Reference: http://downloadcenter.netgear.com/de/product/GS105Ev2#searchResults

Netgear GS105Ev2 is a Gigabit switch with 5 ports targeting SMBs. The switch can be configu

[ more ]  [ reply ]
(Page 4 of 1655)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus