|
|
Colapse all |
Post message
[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19 erlijn vangenuchten syss de [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358) 2016-02-19 erlijn vangenuchten syss de [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-064 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Version(s): 9.0.2 Tested Version(s): 9.0.2 Vulnerability Type: Insecure Direct Object Reference (CWE-932) Risk Level: Medium Solution Status: Open Manuf [ more ] [ reply ] [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548) 2016-02-19 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-062 Product: ownCloud Manufacturer: ownCloud Inc., Community Affected Version(s): ownCloud <= 8.2.1, <= 8.1.4, <= 8.0.9 Tested Version(s): 8.1.1, 8.1.4 Vulnerability Type: Information Exposure Through Directory Listing (CWE-548) [ more ] [ reply ] [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79) 2016-02-19 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-055 Product: Novell Filr Vendor: Novell Affected Version(s): 1.2.0 build 846 Tested Version(s): 1.2.0 build 846 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Vendor Notification: 201 [ more ] [ reply ] [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932) 2016-02-19 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-058 Product: Thru Managed File Transfer Portal Manufacturer: Thru Affected Version(s): 9.0.2 Tested Version(s): 9.0.2 Vulnerability Type: Insecure Direct Object Reference (CWE-932) Risk Level: Medium Solution Status: Open Manuf [ more ] [ reply ] CVE-2015-7521: Apache Hive authorization bug disclosure (update) 2016-02-18 khorgath apache org (Sushanth Sowmyan) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2015-7521: Apache Hive authorization bug disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Hive 0.13.x Apache Hive 0.14.x Apache Hive 1.0.0 - 1.0.1 Apache Hive 1.1.0 - 1.1.1 Apache Hive 1.2.0 - 1.2.1 [ more ] [ reply ] [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS) 2016-02-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04974114 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04974114 Version: 1 HPSBUX03437 S [ more ] [ reply ] SSO Authentication Bypass and Website Takeover in DOKEOS 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23289 Product: DOKEOS Vendor: DOKEOS Vulnerable Version(s): ce30 and probably prior Tested Version: ce30 Advisory Publication: January 7, 2016 [without technical details] Vendor Notification: January 7, 2016 Public Disclosure: February 17, 2016 Vulnerability Type: Improper Authen [ more ] [ reply ] SQL Injection in webSPELL 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Version(s): 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 [without technical details] Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure: February [ more ] [ reply ] SQL Injection in TestLink 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23288 Product: TestLink Vendor: TestLink Development Team Vulnerable Version(s): 1.9.14 and probably prior Tested Version: 1.9.14 Advisory Publication: January 7, 2016 [without technical details] Vendor Notification: January 7, 2016 Vendor Patch: January 9, 2016 Public Disclosure [ more ] [ reply ] SQL Injection in WeBid 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23292 Product: WeBid Vendor: WeBid Vulnerable Version(s): 1.1.2P2 and probably prior Tested Version: 1.1.2P2 Advisory Publication: January 22, 2016 [without technical details] Vendor Notification: January 22, 2016 Vendor Patch: February 4, 2016 Public Disclosure: February 17, 201 [ more ] [ reply ] RCE via CSRF in osCommerce 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23284 Product: osCommerce Vendor: osCommerce Vulnerable Version(s): 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability Type: P [ more ] [ reply ] SQL Injection in Osclass 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23287 Product: Osclass Vendor: https://osclass.org/ Vulnerable Version(s): 3.5.9 and probably prior Tested Version: 3.5.9 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Vendor Patch: January 25, 2016 Public Disclosure: F [ more ] [ reply ] RCE via CSRF in osCmax 2016-02-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23285 Product: osCmax Vendor: http://oscmax.com/ Vulnerable Version(s): 2.5.4 and probably prior Tested Version: 2.5.4 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability Typ [ more ] [ reply ] Redaxo CMS contains multiple vulnerabilities 2016-02-16 LSE-Advisories (advisories lsexperts de) === LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.o [ more ] [ reply ] CSRF and XsS In Manage Engine oputils 2016-02-15 kingkaustubh me com ================================================== CSRF and XsS In Manage Engine oputils ================================================== . contents:: Table Of Content Overview ======== * Title : CSRF and XSS In Manage Engine OPutils * Author: Kaustubh G. Padwad * Plugin Homepage: https://www. [ more ] [ reply ] Privilege escalation Vulnerability in ManageEngine oputils 2016-02-15 kingkaustubh me com ================================================== Privilege escalation Vulnerability in ManageEngine oputils ================================================== . contents:: Table Of Content Overview ======== Title:- Privilege escalation Vulnerability in ManageEngine oputils Author: Kaustubh G. P [ more ] [ reply ] Missing Function Level Access control Vulnerability in OPutils 2016-02-15 kingkaustubh me com ================================================== Missing Function Level Access control Vulnerability in OPutils ================================================== . contents:: Table Of Content Overview ======== Title:- Missing Function Level Access control Vulnerability in ManageEngine OpUtils [ more ] [ reply ] [SECURITY] [DSA 3478-1] libgcrypt11 security update 2016-02-15 Salvatore Bonaccorso (carnil debian org) CyberCop Scanner Smbgrind v5.5 Buffer Overflow 2016-02-16 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SMBGRIND-BUFFER-OVERFLOW.txt Vendor: ======================= Network Associates Inc. Product: =========================================== smbgrind: NetBIOS parallel password g [ more ] [ reply ] phpMyBackupPro v.2.5 Remote Command Execution / CSRF 2016-02-16 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ======================== [ more ] [ reply ] phpMyBackupPro v.2.5 Arbitrary File Upload 2016-02-16 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILE_UPLO AD_VULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: =========== [ more ] [ reply ] phpMyBackupPro v.2.5 XSS 2016-02-16 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-XSS.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ======================== [ more ] [ reply ] BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware 2016-02-15 Blue Frost Security Research Lab (research bluefrostsecurity de) |
|
Privacy Statement |
Hash: SHA512
Advisory ID: SYSS-2015-059
Product: Thru Managed File Transfer Portal
Manufacturer: Thru
Affected Version(s): 9.0.2
Tested Version(s): 9.0.2
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: Medium
Solution Status: Open
Manuf
[ more ] [ reply ]