BugTraq Mode:
(Page 7 of 1729)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks 2017-10-13
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2017-008

Multiple Vulnerabilities in Shadowsocks
=======================================

Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsoc

[ more ]  [ reply ]
[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure 2017-10-13
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5

[ more ]  [ reply ]
Multiple vulnerabilities in OpenText Documentum Content Server 2017-10-13
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:

Opentext Documentum Content Server (formerly known as EMC

[ more ]  [ reply ]
[SECURITY] [DSA 3995-1] libxfont security update 2017-10-10
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3995-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3994-1] nautilus security update 2017-10-08
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3994-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
October 07, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3993-1] tor security update 2017-10-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3993-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
October 06, 2017

[ more ]  [ reply ]
[slackware-security] xorg-server (SSA:2017-279-03) 2017-10-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] xorg-server (SSA:2017-279-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 2017-10-05
DefenseCode (defensecode defensecode com)

            DefenseCode Security Advisory
   Magento Commerce CSRF, Stored Cross Site Scripting

Advisory ID: DC-2017-09-001
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored
_Cross_Site_Scri

[ more ]  [ reply ]
[security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download 2017-10-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03776en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03776en_us

Version: 1

HP

[ more ]  [ reply ]
HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities 2017-10-02
HPE Product Security Response Team (security-alert hpe com)
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu
03753en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbmu03753en_us

Version: 1

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFF
ICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx) 2017-10-01
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERV
ER-SIDE-REQUEST-FORGERY.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===========

[ more ]  [ reply ]
[SECURITY] [DSA 3988-1] libidn2-0 security update 2017-09-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3988-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 30, 2017

[ more ]  [ reply ]
Mac OS X Local Javascript Quarantine Bypass 2017-09-30
filippo cavallarin wearesegment com
Advisory ID: SGMA17-002
Title: Mac OS X Local Javascript Quarantine Bypass
Product: Mac OS X
Version: 10.12, 10.11, 10.10 and probably prior
Vendor: apple.com
Type: DOM Based XSS
Risk level: 3 / 5
Credit

[ more ]  [ reply ]
[SECURITY] [DSA 3987-1] firefox-esr security update 2017-09-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3987-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 29, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3986-1] ghostscript security update 2017-09-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3986-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 29, 2017

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFF
ICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Pr

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt
[+] ISR: ApparitionSec

Vendor:
==================

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAG
E-FILE-EXECUTION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
========
Off

[ more ]  [ reply ]
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx) 2017-09-29
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFF
ICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

P

[ more ]  [ reply ]
Mac OS X Local Javascript Quarantine Bypass 2017-09-29
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-002
Title: Mac OS X Local Javascript Quarantine Bypass
Product: Mac OS X
Version: 10.12, 10.11, 10.10 and probably prior
Vendor: apple.com
Type: DOM Based XSS
Risk level: 3 / 5
Credit

[ more ]  [ reply ]
CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFF
ICESCAN-XG-HOST-HEADER-INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Product:
===

[ more ]  [ reply ]
[security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-28
swpmb cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/km/KM02960811

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02960811

Version: 2

HPESBGN03773 rev.2 - HPE Application Performan

[ more ]  [ reply ]
CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx) 2017-09-28
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFF
ICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.trendmicro.com

Pr

[ more ]  [ reply ]
[CVE-2017-9538] Persistent Application Denial of Service 2017-09-29
andys3c gmail com
-------------------------------------------------------------
Vulnerability type: Persistent Application Denial of Service
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9538
-----------------------------------------------
Product: SolarWinds Network

[ more ]  [ reply ]
[CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities 2017-09-29
andys3c gmail com
-------------------------------------------------------------
Vulnerability type: Persistent Cross-Site Scripting
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9537
-----------------------------------------------
Product: SolarWinds Network Performan

[ more ]  [ reply ]
Faleemi FSC-880 Multiple Security Vulnerabilities 2017-09-27
oleg iotsploit co
https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabi
lities-ed1d132c2cce

This camera has multiple security vulnerabilities, which can be exploited both locally and remotely. In particular, hardwired manufacturer DDNS and port-mapping to camera via upnp compatible router. Allowing

[ more ]  [ reply ]
Bitdefender Total Security 2017 Unquoted Service Path Vulnerability 2017-09-27
wsachin092 gmail com
Vulnerability Title: Bitdefender Total Security 2017 Unquoted Service Path Vulnerability
Affected Product: Bitdefender Total Security 2017
Homepage: https://www.bitdefender.com/
Status: Fixed
Severity: Medium
Description:
Bitdefender Total Security suffers from an unquoted service path vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3984-1] git security update 2017-09-26
Florian Weimer (fw deneb enyo de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3984-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Florian Weimer
September 26, 2017

[ more ]  [ reply ]
(Page 7 of 1729)  < Prev  2 3 4 5 6 7 8 9 10 11 12  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus