BugTraq Mode:
(Page 13 of 524)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 2017-02-21
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbit

[ more ]  [ reply ]
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability 2017-02-20
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
[SECURITY] [DSA 3790-1] spice security update 2017-02-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3790-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 16, 2017

[ more ]  [ reply ]
[SYSS-2017-004] Simplessus Files: Path Traversal 2017-02-16
adrian vollmer syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 2

[ more ]  [ reply ]
[SYSS-2017-001] Simplessus Files: SQL Injection 2017-02-16
adrian vollmer syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2017-001
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: January 25,

[ more ]  [ reply ]
KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability 2017-02-16
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

Title: Trendmicro InterScan Remote Root Access Vulnerability
Advisory ID: KL-001-2017-003
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt

1. Vulnerability Detai

[ more ]  [ reply ]
KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write 2017-02-16
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

Title: Trendmicro InterScan Arbitrary File Write
Advisory ID: KL-001-2017-001
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt

1. Vulnerability Details

Affected Vendor

[ more ]  [ reply ]
Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability 2017-02-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170215-ucs

Revision 1.0

For Public Release 2017 February 15 16:00 UTC (GMT)

+--------------------------------------------------------------------

[ more ]  [ reply ]
CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only) 2017-02-15
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-5585
Vendor: OpenText
Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available

Description:

Previously announced fix

[ more ]  [ reply ]
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef 2017-02-15
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2017-002

Multiple Vulnerabilities in ytnef
=================================

Overview
--------
Severity Rating: High
Confirmed Affected Versions: 1.9 and earlier
Confirmed Patched Versions: 1.9.1
Vendor: Yerase
Vendor URL: https://github.com/Yeraze/ytnef
Vect

[ more ]  [ reply ]
CVE-2017-5586: Remote code execution in OpenText Documentum D2 2017-02-15
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-5586
Vendor: OpenText
Affected products: Documentum D2 version 4.x
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and acc

[ more ]  [ reply ]
[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information 2017-02-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053908
93

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893

Version: 1

HPESBHF03703 rev.1

[ more ]  [ reply ]
Cisco Security Response: Cisco Smart Install Protocol Misuse 2017-02-14
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

[ more ]  [ reply ]
[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information 2017-02-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053908
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390849

Version: 1

HPESBGN03697 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities 2017-02-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053907
22

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390722

Version: 1

HPSBMU03691 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3788-1] tomcat8 security update 2017-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3788-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3787-1] tomcat7 security update 2017-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3787-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3786-1] vim security update 2017-02-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3786-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS) 2017-02-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053868
04

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05386804

Version: 1

HPESBGN03698 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities 2017-02-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053856
80

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05385680

Version: 1

HPSBMU03692 rev.1

[ more ]  [ reply ]
[slackware-security] tcpdump (SSA:2017-041-04) 2017-02-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] tcpdump (SSA:2017-041-04)

New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2,
and -current to fix security issues.

NOTE: These updates also require the updated libpcap package.

Here are the details from t

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2017-041-02) 2017-02-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2017-041-02)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-

[ more ]  [ reply ]
[security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification 2017-02-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053889
48

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05388948

Version: 1

HPESBHF03704 rev.1

[ more ]  [ reply ]
[security bulletin] HPESBNS03702 rev.1 - HPE NonStop OSS Core Utilities with Bash Shell, Local Arbitrary Command Execution, Elevation of Privilege 2017-02-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053881
15

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05388115

Version: 1

HPESBNS03702 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3784-1] viewvc security update 2017-02-09
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3784-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3783-1] php5 security update 2017-02-09
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3783-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
February 08, 2017

[ more ]  [ reply ]
TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules 2017-02-08
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing lists.

The HTML version on "Vulnerabilities found in TP-Link C2 and C20i" is
posted here:
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerabl
e.html

=== text-version of the advisory ===

-----BEGIN PGP

[ more ]  [ reply ]
[SECURITY] [DSA 3782-1] openjdk-7 security update 2017-02-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3782-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 08, 2017

[ more ]  [ reply ]
[slackware-security] php (SSA:2017-041-03) 2017-02-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2017-041-03)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2017-0002 2017-02-10
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2017-0002
------------------------------------------------------------------------

Date reported : February 10, 2017
Advisory ID : WSA-2017-0002
Adviso

[ more ]  [ reply ]
Authentication bypass vulnerability in Western Digital My Cloud 2017-02-08
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass vulnerability in Western Digital My Cloud
------------------------------------------------------------------------

Remco Vermeulen, Januari 2017

-----------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability 2017-02-08
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

Advisory ID: cisco-sa-20170208-asa

Revision 1.0

For Public Release 2017 February 8 16:00 GMT (UTC)

+----------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability 2017-02-08
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability

Advisory ID: cisco-sa-20170208-anyconnect

Revision 1.0

For Public Release 2017 February 8 16:00 GMT (UTC)

+--------------------

[ more ]  [ reply ]
ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability 2017-02-07
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability

EMC Identifier: ESA-2017-001

CVE Identifier: CVE-2017-2765

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:

?

[ more ]  [ reply ]
SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server 2017-02-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170207-0 >
=======================================================================
title: Path Traversal, Backdoor accounts & KNX group address
password bypass
product: JUNG Smart Visu Server
vulnerab

[ more ]  [ reply ]
[security bulletin] HPESBUX03699 SSRT110304 rev.1 - HP-UX BIND, Multiple Remote Denial of Service (DoS) 2017-02-06
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053816
87

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05381687

Version: 1

HPESBUX03699 SS

[ more ]  [ reply ]
Teleopti WFM <= 7.1.0 Multiple Vulnerabilities 2017-02-06
Graph-X (graphx sigaint org)
#############################################################
# Advisory Title: Teleopti WFM (Multiple Vulnerabilities)
# Date: 2/4/2017
# Researcher: Graph-X ((email: graphx (at) sigaint (dot) org [email concealed]))
# Vendor Homepage: http://www.teleopti.com
# Version: <= 7.1.0
# CVE: is dead
################################

[ more ]  [ reply ]
[SECURITY] [DSA 3781-1] svgsalamander security update 2017-02-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3781-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 05, 2017

[ more ]  [ reply ]
ZoneMinder - multiple vulnerabilities 2017-02-05
john terabyteit com au
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

========================================================================
==
Product: ZoneMinder
Versions: Multiple versions - see inline
Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure
CVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE

[ more ]  [ reply ]
[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues 2017-02-02
FOXMOLE Advisories (advisories foxmole com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=== FOXMOLE - Security Advisory 2016-07-05 ===

Zoneminder multiple vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
Zoneminder 1.29,1.30

Issue Overview
==============
Vulnerability Type: SQL Injection, Cross S

[ more ]  [ reply ]
Ghostscript 9.20 Filename Command Execution 2017-02-02
apparitionsec gmail com (hyp3rlinx)
[+]#####################################################################
############################
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-
EXECUTION.txt
[+] ISR: ApparitionSec

[ more ]  [ reply ]
[security bulletin] HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command Execution 2017-02-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053829
58

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382958

Version: 1

HPSBST03588 rev 1.

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability 2017-02-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170201-prime-home

Revision 1.0

For Public Release 2017 February 1 16:00 UTC (GMT)

+---------------------------------------------------------------

[ more ]  [ reply ]
ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities 2017-02-01
EMC Product Security Response Center (Security_Alert emc com)

----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities

EMC Identifier: ESA-2017-003

CVE Identifier: CVE-2017-2767, CVE-2017-2768

Severity Rating: CVSS v3 Base Score: See below for scores

Affected products:

EMC Sof

[ more ]  [ reply ]
[SECURITY] [DSA 3779-1] wordpress security update 2017-02-01
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3779-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 01, 2017

[ more ]  [ reply ]
[security bulletin] HPESBHF03700 rev.1 - HPE iMC PLAT, Remote Disclosure of Information, Denial of Service (DoS) 2017-01-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053824
18

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382418

Version: 1

HPESBHF03700 rev.1

[ more ]  [ reply ]
[SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update 2017-01-31
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3778-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 31, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03696 rev.1 - HPE Helion Eucalyptus, Remote Escalation of Privilege 2017-01-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053828
68

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382868

Version: 1

HPESBGN03696 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL Server, Remote Elevation of Privilege 2017-01-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053827
40

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382740

Version: 1

HPSBHF03693 rev.1

[ more ]  [ reply ]
ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability 2017-01-31
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability

EMC Identifier: ESA-2017-007

CVE Identifier: CVE-2017-2766

Severity Rating: CVSS v3 Base Score: 5.7 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Affected products:

EM

[ more ]  [ reply ]
ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities 2017-01-31
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:

? RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5

[ more ]  [ reply ]
[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities 2017-01-31
Matteo Beccati (matteo beccati com)
========================================================================

Revive Adserver Security Advisory REVIVE-SA-2017-001
========================================================================

http://www.revive-adserver.com/security/revive-sa-2017-001
======================

[ more ]  [ reply ]
[security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution 2017-01-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053823
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382349

Version: 1

HPESBMU03701 rev.1

[ more ]  [ reply ]
Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability 2017-01-30
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2017/01/27

libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access

Denial of Service Vulnerability

===============================================

[ more ]  [ reply ]
secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") 2017-01-30
sbieber secuvera de
Affected Products
Tested with
OPSI Server 4.0.7.26
OPSI ClientAgent 4.0.7.10-1
(older releases have not been tested)
According to the vendor all server instances that use a python-opsi version lower
than 4.0.7.28-4 are affected

References
https://www.secuvera.de/advisori

[ more ]  [ reply ]
Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin 2017-01-28
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting vulnerability in User Access Manager
WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------

[ more ]  [ reply ]
Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin 2017-01-28
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple blind SQL injection vulnerabilities in FormBuilder WordPress
Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

---------------------------------------------------

[ more ]  [ reply ]
CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default 2017-01-27
bowserj gmail com
===================================================================
CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default

Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Cordova Android (6.1.1 and below)

Description: After the Andro

[ more ]  [ reply ]
[SECURITY] [DSA 3773-1] openssl security update 2017-01-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3773-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2017

[ more ]  [ reply ]
ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability

EMC Identifier: ESA-2016-133

CVE Identifier: CVE-2016-8211

Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected products:

EMC

[ more ]  [ reply ]
ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities

EMC Identifier: ESA-2016-154

CVE Identifier: CVE-2016-8212, CVE-2016-8217

Severity Rating: See below for scores for individual issues

Affected Products:

? RSA BSA

[ more ]  [ reply ]
ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability

EMC Identifier: ESA-2016-037

CVE Identifier: CVE-2016-0890

Severity Rating: CVSS v3 Base Score: 6.4 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L)

Affected

[ more ]  [ reply ]
Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability 2017-01-27
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/01/18

Oracle Outside In VSDX Use-After-Free Vulnerability

======================================================================

Table of Contents

Affected Software...

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2017-026-01) 2017-01-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2017-026-01)

New mozilla-thunderbird packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
CA20170126-01: Security Notice for CA Common Services casrvc 2017-01-26
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170126-01: Security Notice for CA Common Services casrvc

Issued: January 26, 2017
Last Updated: January 26, 2017

CA Technologies support is alerting customers about a medium risk
vulnerability that may allow a local attacker to gain additional
p

[ more ]  [ reply ]
[SECURITY] [DSA 3772-1] libxpm security update 2017-01-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3772-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 26, 2017

[ more ]  [ reply ]
ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities

EMC Identifier: ESA-2016-167

CVE Identifier: CVE-2016-9872, CVE-2016-9873

Severity Rating: CVSS v3 Base Score: See below for CVSSv3 score.

Affected products:

EMC Documentum D2

[ more ]  [ reply ]
ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability

EMC Identifier: ESA-2016-160

CVE Identifier: CVE-2016-8216

Severity Rating: CVSS v3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected products:

EMC Data

[ more ]  [ reply ]
ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities

EMC Identifier: ESA-2016-132

CVE Identifiers: CVE-2016-6648, CVE-2016-6649

Severity Rating: CVSS v3 Base Score: See below for individual scores.

Affected products:

EMC Recove

[ more ]  [ reply ]
ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability 2017-01-26
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability

EMC Identifier: ESA-2016-092

CVE Identifier: CVE-2016-0919

Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

Affected Products:

·

[ more ]  [ reply ]
PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload 2017-01-26
apparitionsec gmail com (hyp3rlinx)
[+]#####################################################################
###########################
[+] Credits: John Page AKA Hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTP_UPLOAD-ARBITRARY-FI
LE-UPLOAD.txt
[+] ISR: ApparitionSEC

[ more ]  [ reply ]
[SECURITY] [DSA 3771-1] firefox-esr security update 2017-01-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3771-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 25, 2017

[ more ]  [ reply ]
Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability 2017-01-25
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Google Forms WordPress Plugin unauthenticated PHP Object injection
vulnerability
------------------------------------------------------------------------

Yorick Koster, June 2016

-----------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability 2017-01-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170125-telepresence

Revision 1.0

For Public Release 2017 January 25 16:00 UTC (GMT)

+-----------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability 2017-01-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

Advisory ID: cisco-sa-20170125-expressway

Revision 1.0

For Public Release 2017 January 25 16:00 UTC (GMT)

+---------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability 2017-01-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

Advisory ID: cisco-sa-20170125-cas

Revision 1.0

For Public Release 2017 January 25 16:00 UTC (GMT)

+-------------------------------

[ more ]  [ reply ]
ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability 2017-01-25
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-166

CVE Identifier: CVE-2016-9871

Severity Rating: CVSS v3 Base Score: 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products:

? EMC Is

[ more ]  [ reply ]
OpenCart 2.3.0.2 CSRF - User Account Takeover 2017-01-25
Open Security (open opensecurity ca)
===[ Introduction ]===

OpenCart is a free open source ecommerce platform for online merchants.
OpenCart provides a professional and reliable foundation from which to
build a successful online store.

===[ Description ]===

There is a security vulnerability in OpenCart 2.3.0.2 which allows a
hacker

[ more ]  [ reply ]
[security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access 2017-01-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053019
46

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05301946

Version: 3

HPSBST03642 rev.3

[ more ]  [ reply ]
[security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) 2017-01-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053683
78

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05368378

Version: 1

HPSBHF03695 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2017-01-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052369
50

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236950

Version: 2

HPSBHF03441 rev.2

[ more ]  [ reply ]
Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability 2017-01-24
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20170124-webex

Revision 1.0

For Public Release 2017 January 22 18:30 UTC (GMT)
Last Updated 2017 January 24 18:30 UTC (GMT)

+--------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information 2017-01-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053694
15

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05369415

Version: 1

HPSBGN03690 rev.1

[ more ]  [ reply ]
CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS 2017-01-24
ERPScan inc (erpscan online gmail com)
Application: Java SE

Vendor: Oracle

Bug: DoS

Reported: 23.12.2016

Vendor response: 24.12.2016

Date of Public Advisory: 17.01.2017

Reference: Oracle CPU Jan 2017

Author: Roman Shalymov

1. ADVISORY INFORMATION

Title: Oracle OpenJDK - Java Serialization DoS

Advisory ID: [ERPSCAN-17-006]

Ri

[ more ]  [ reply ]
[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300 2017-01-24
ERPScan inc (erpscan online gmail com)
Application: Oracle PeopleSoft

Vendor: Oracle

Bugs: XXS

Reported: 31.10.2016

Vendor response: 1.11.2016

Date of Public Advisory: 17.01.2017

Reference: Oracle CPU Jan 2017

Authors: Vahagn Vardanyan, Dmitry Yudin

1. ADVISORY INFORMATION

Title: Oracle PeopleSoft â?? XSS vulnerability

Adviso

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-023-01) 2017-01-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-023-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5

iTunes for Windows 12.5.5 is now available and addresses the
following:

WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corru

[ more ]  [ reply ]
APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1

iCloud for Windows 6.1.1 is now available and addresses the
following:

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution

[ more ]  [ reply ]
APPLE-SA-2017-01-23-2 macOS 10.12.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-2 macOS 10.12.3

macOS 10.12.3 is now available and addresses the following:

apache_mod_php
Available for: macOS Sierra 10.12.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version

[ more ]  [ reply ]
APPLE-SA-2017-01-23-5 Safari 10.0.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-5 Safari 10.0.3

Safari 10.0.3 is now available and addresses the following:

Safari
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12.3
Impact: Visiting a malicious website may lead to addres

[ more ]  [ reply ]
APPLE-SA-2017-01-23-4 tvOS 10.1.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-4 tvOS 10.1.1

tvOS 10.1.1 is now available and addresses the following:

Kernel
Available for: Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer ov

[ more ]  [ reply ]
APPLE-SA-2017-01-23-3 watchOS 3.1.3 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-3 watchOS 3.1.3

watchOS 3.1.3 is now available and addresses the following:

Accounts
Available for: All Apple Watch models
Impact: Uninstalling an app did not reset the authorization settings
Description: An issue existed which

[ more ]  [ reply ]
APPLE-SA-2017-01-23-1 iOS 10.2.1 2017-01-23
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-01-23-1 iOS 10.2.1

iOS 10.2.1 is now available and addresses the following:

Auto Unlock
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: Auto Unlock may unlock when Apple Wa

[ more ]  [ reply ]
ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability 2017-01-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-150

CVE Identifier: CVE-2016-8215

Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Produ

[ more ]  [ reply ]
ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability 2017-01-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-146

CVE Identifier: CVE-2016-8214

Severity Rating: CVSSv3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affe

[ more ]  [ reply ]
Microsoft Remote Desktop Client for Mac Remote Code Execution - Update 2017-01-23
Filippo Cavallarin (filippo cavallarin wearesegment com)

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Type: Arbi

[ more ]  [ reply ]
[SECURITY] [DSA 3770-1] mariadb-10.0 security update 2017-01-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3770-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 22, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3769-1] libphp-swiftmailer security update 2017-01-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3769-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 22, 2017

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution 2017-01-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installers of "Pelle's C",
<http://smorgasbordet.com/pellesc/800/setup64.exe> and,
<http://smorgasbordet.com/pellesc/800/setup.exe>, available
from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable
to DLL hijacking: they load (tested on Windows 7) at least the
foll

[ more ]  [ reply ]
NTOPNG Web Interface v2.4 CSRF Token Bypass 2017-01-21
apparitionsec gmail com (hyp3rlinx)
[+]#####################################################################
################
[+] Credits / Discovery: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt
[+] ISR: ApparitionSEC
[+]############

[ more ]  [ reply ]
(Page 13 of 524)  < Prev  8 9 10 11 12 13 14 15 16 17 18  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus