BugTraq Mode:
(Page 11 of 524)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2034

Release Date:
=============
2017-02-23

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2061

IEDB: http://iedb.ir/exploits-7454.html

Release Date:
=============
2017-05-02

Vulnerability Laboratory

[ more ]  [ reply ]
Hola VPN v1.34 - Privilege Escalation Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Hola VPN v1.34 - Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2062

Release Date:
=============
2017-05-03

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
Mura CMS Cross-Site Scripting (XSS) Vulnerability 2017-05-03
Leon Zhao 7 gmail com
Credits
===============
Zhao Liang, Huawei Weiran Labs

Vendor:
===============
Blue River Interactive Group

Product:
========================
Mura CMS

Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websi

[ more ]  [ reply ]
[SECURITY] [DSA 3843-1] tomcat8 security update 2017-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3843-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3842-1] tomcat7 security update 2017-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3842-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2017

[ more ]  [ reply ]
MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi 2017-05-02
Anti Räis (antirais gmail com)
MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi
##############################################

Information
===========

Name: MODX Revolution 2.0.1 - 2.5.6 (based on git commit)
Software: MODX CMS
Homepage: https://modx.com
Vulnerability: blind SQL injection
Prerequisites: attacke

[ more ]  [ reply ]
[security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information 2017-05-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03741en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03741en_us

Version: 1

HP

[ more ]  [ reply ]
IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom 2017-04-29
IML 2017 Conference (cfp iml-conference site)
Call for Papers

International Conference on Internet of Things and Machine Learning (IML 2017)

Venue: Liverpool John Moores University, United Kingdom

Proceedings: ACM Digital Library/ ISBN: 978-1-4503-5243-7

Extended papers will be invited to our journals (Indexed by Thomson Reuters)

https://b

[ more ]  [ reply ]
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options 2017-04-29
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

SyntaxHighlight MediaWiki extension allows injection of arbitrary
Pygments options
------------------------------------------------------------------------

Yorick Koster, February 2017

-----------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X 2017-04-29
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
------------------------------------------------------------------------

Han Sahin, April 2017

-------------------------------------

[ more ]  [ reply ]
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-04-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03738en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03738en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3838-1] ghostscript security update 2017-04-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3838-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2017

[ more ]  [ reply ]
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability 2017-04-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability

References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059

Video: https://www.youtube.com/watch?v=MSscCLATxPQ

Release Date:
=============
2017-04-27

Vulnerability Laboratory

[ more ]  [ reply ]
Live Helper Chat - Cross-Site Scripting 2017-04-28
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#############################################################
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper Chat

[ more ]  [ reply ]
[SECURITY] [DSA 3836-1] weechat security update 2017-04-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3836-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2017

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter 2017-04-27
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:04.ipfilter Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability 2017-04-26
Chris Douglas (cdouglas apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS

[ more ]  [ reply ]
April 2017 - Confluence - Security Advisory 2017-04-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE ID:

* CVE-2017-7415.

Product: Confluence.

Affected Confluence product versions:

6.0.0 <= version < 6.0.7

Fixed Confluence product versions:

* for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue.

Summary:
This advisory

[ more ]  [ reply ]
[SECURITY] [DSA 3834-1] mysql-5.5 security update 2017-04-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3834-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2017

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-114-01) 2017-04-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-114-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3833-1] libav security update 2017-04-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3833-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2017

[ more ]  [ reply ]
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials

Title: Solarwinds LEM Database Listener with Hardcoded Credentials
Advisory ID: KL-001-2017-009
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt

1. Vulnera

[ more ]  [ reply ]
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read

Title: Solarwinds LEM Management Shell Arbitrary File Read
Advisory ID: KL-001-2017-008
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt

1. Vulnerability Details

[ more ]  [ reply ]
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection

Title: Solarwinds LEM Management Shell Escape via Command Injection
Advisory ID: KL-001-2017-007
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt

1. Vulne

[ more ]  [ reply ]
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse

Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Advisory ID: KL-001-2017-006
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path 2017-04-24
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path

Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Advisory ID: KL-001-2017-005
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt

1. Vulne

[ more ]  [ reply ]
CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method 2017-04-24
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7221
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC: https://gist.github.com/andreybpanfilov/0a4fdfad5

[ more ]  [ reply ]
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-23
Dawid Golunski (dawid legalhackers com)
Hi Filippo,

I received a reply from MITRE regarding which CVE to use in this
situation. Here is the reply I received:

'CVE-2017-7692 is now correct.

CVE-2017-5181 is no longer a valid ID number according to our
http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf policy. We fully
recognize that you ma

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2017-112-02) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2017-112-02)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-112-01) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-112-01)

New mozilla-firefox packages are available for Slackware 14.1 to
fix security and stability issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/

[ more ]  [ reply ]
[slackware-security] proftpd (SSA:2017-112-03) 2017-04-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] proftpd (SSA:2017-112-03)

New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges 2017-04-22
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Authentication bypass vulnerability in Western Digital My Cloud allows
escalation to admin privileges
------------------------------------------------------------------------

Remco Vermeulen, April 2017

-----------------------

[ more ]  [ reply ]
CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-5887
Type: SSL Pinning bypass

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because pinning occurs in the stream function (this is too
late; pinning should occur in the initStrea

[ more ]  [ reply ]
CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass 2017-04-21
Security Advisories (security advisories centralway com)
Product: Starscream websocket library
Severity: LOW
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure

Abstract
--------

WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set

[ more ]  [ reply ]
[SECURITY] [DSA 3831-1] firefox-esr security update 2017-04-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3831-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017

[ more ]  [ reply ]
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th 2017-04-19
Hafez Kamal (aphesz hackinthebox org)
FINAL CALL!

CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/

HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agen

[ more ]  [ reply ]
October CMS v1.0.412 several vulnerabilities 2017-04-19
Anti Räis (antirais gmail com)
October CMS v1.0.412 several vulnerabilities
############################################

Information
===========

Name: October CMS v1.0.412 (build 412)
Homepage: http://octobercms.com
Vulnerability: several issues, including PHP code execution
Prerequisites: attacker has to be auth

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability 2017-04-19
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability

Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Version: Various
Vendor Status: Vendor contacted
Rele

[ more ]  [ reply ]
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. 2017-04-19
Andrey B. Panfilov (andrew panfilov tel)
CVE Identifier: CVE-2017-7220
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
PoC:

https://gist.github.com/andreybpanfilov/d879248

[ more ]  [ reply ]
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-19
Filippo Cavallarin (filippo cavallarin wearesegment com)
Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Product: Squirrelmail
Version: 1.4.22 and probably prior
Vendor: squirrelmail.org
Type: Command Injection
Risk level: 4 / 5
Credit:

[ more ]  [ reply ]
[slackware-security] minicom (SSA:2017-108-01) 2017-04-19
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] minicom (SSA:2017-108-01)

New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------

[ more ]  [ reply ]
CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset 2017-04-18
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-R
EMOTE-PASSWORD-RESET.txt
[+] ISR: ApparitionSec

Vendor:
================
www.mantisbt.org

Product:
==================

[ more ]  [ reply ]
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability 2017-04-18
Simon Steiner (simonsteiner1984 gmail com)
CVE-2017-5661:
Apache XML Graphics FOP information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
FOP 1.0 - 2.1

Description:
Files lying on the filesystem of the server which uses batik can
be re

[ more ]  [ reply ]
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 2017-04-17
Bryan Call (bcall apache org)
There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0.

Downloads:
https://trafficserver.apache.org/downloads

Jira Ticket:
ttps://issues.apache.org/jira/browse/TS-5019

CVE
https://www.cve.m

[ more ]  [ reply ]
Watchguard Fireware XXE DoS & User Enumeration 2017-04-17
David Fernandez (david fdmv gmail com)
Watchguardâ??s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the

[ more ]  [ reply ]
concrete5 v8.1.0 Host Header Injection 2017-04-14
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-
INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.concrete5.org

Product:
================
concrete5

[ more ]  [ reply ]
[slackware-security] bind (SSA:2017-103-01) 2017-04-13
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2017-103-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data 2017-04-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03728en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03728en_us

Version: 1

HP

[ more ]  [ reply ]
[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-009
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Risk Le

[ more ]  [ reply ]
[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-008
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Open
M

[ more ]  [ reply ]
[SYSS-2017-007] agorum core Pro - Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-007
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Manufactu

[ more ]  [ reply ]
[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-006
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: High
Solution Status: Ope

[ more ]  [ reply ]
[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting 2017-04-13
erlijn vangenuchten syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2017-005
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s): 7.8.1.4-251
Tested Version(s): 7.8.1.4-251
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open

[ more ]  [ reply ]
April 2017 - HipChat Server Advisory 2017-04-13
Matthew Hart (mhart atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE ID:

* CVE-2017-7357.

Product: Hipchat Server.

Affected Hipchat Server product versions:
All versions < 2.2.3

Fixed Hipchat Server product versions:
2.2.3

Summary:
This advisory discloses a critical severity security vulnerability
that was

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) 2017-04-12
DefenseCode (defensecode defensecode com)

DefenseCode Security Advisory
Magento 0day Arbitrary File Upload Vulnerability
(Remote Code Execution, CSRF)

Advisory ID: DC-2017-04-003
Software: Magento CE
Software Language: PHP
Version: 2.1.6 and below
Vendor Status: Vendor contacted / Not fixed
Release Date:

[ more ]  [ reply ]
CVE-2017-7456 Moxa MXview v2.8 Denial Of Service 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SE
RVICE.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
===========
MXView v2.8

Download:
http://ww

[ more ]  [ reply ]
CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVA
TE-KEY-DISCLOSURE.txt
[+] ISR: APPARITIONSEC

Vendor:
============
www.moxa.com

Product:
===========
MXview V2.8

Downloa

[ more ]  [ reply ]
CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection 2017-04-12
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-
EXTERNAL-ENTITY.txt
[+] ISR: ApparitionSec

Vendor:
============
www.moxa.com

Product:
=======================
MX-AOPC UA

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-17:03.ntp 2017-04-12
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-17:03.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3829-1] bouncycastle security update 2017-04-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3829-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 11, 2017

[ more ]  [ reply ]
Microsoft Office OneNote 2007 DLL side loading vulnerability 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Office OneNote 2007 DLL side loading vulnerability
------------------------------------------------------------------------

Yorick Koster, September 2015

--------------------------------------------------------------

[ more ]  [ reply ]
Multiple local privilege escalation vulnerabilities in Proxifier for Mac 2017-04-11
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Multiple local privilege escalation vulnerabilities in Proxifier for Mac
------------------------------------------------------------------------

Yorick Koster, April 2017

------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5648 Apache Tomcat Information Disclosure

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected

Descrip

[ more ]  [ reply ]
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure 2017-04-10
Mark Thomas (markt apache org)
CVE-2017-5651 Apache Tomcat Information Disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected

Description:
The refactoring of the HTTP connectors

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities 2017-04-10
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting
Vulnerabilities

Advisory ID: DC-2017-01-014
Software: WordPress Tribulant Slideshow Gallery plugin
Software Language: PHP
Version: 1.6.4 and below
Vendor Status: Vendor contacted,

[ more ]  [ reply ]
ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode 2017-04-09
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
[Original post can be found here:
https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-ch
romebooks-persist-certain-network-settings-in-guest-mode/]

SUMMARY

Certain network settings in ChromeOS / ChromeBooks persists between
reboots when set in guest mode. These issues have been re

[ more ]  [ reply ]
Foscam All networked devices, multiple Design Errors. SSL bypass. 2017-04-09
nick m mckenna gmail com
Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are val

[ more ]  [ reply ]
[slackware-security] libtiff (SSA:2017-098-01) 2017-04-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libtiff (SSA:2017-098-01)

New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libtiff-

[ more ]  [ reply ]
[SECURITY] [DSA 3827-1] jasper security update 2017-04-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3827-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017

[ more ]  [ reply ]
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution 2017-04-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03733en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03733en_us

Version: 1

HP

[ more ]  [ reply ]
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite 2017-04-07
Denis Magda (dmagda apache org)
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8

Description:
Apache Ignite uses an update notifier component to update the users about new project r

[ more ]  [ reply ]
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download 2017-04-07
patrykgnt gmail com
# Title: D-Link DWR-116 Arbitrary File Download
# Vendor: D-Link (www.dlink.com)
# Affected model(s): DWR-116 / DWR-116A1
# Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU)
# CVE: CVE-2017-6190
# Date: 04.07.2016
# Author: Patryk Bogdan (@patryk_bogdan)

Description:
D-Link DWR-116 with firmware before

[ more ]  [ reply ]
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum 2017-04-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
=======================================================================
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version: 1.8.11
CVE

[ more ]  [ reply ]
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2017-2387)
--
http://www.info-sec.ca/advisories/Apple-Music.html

Overview

"Listen to all the music you want, anytime."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android

[ more ]  [ reply ]
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Trend Micro Enterprise Mobile Security Android Application - MITM SSL
Certificate Vulnerability (CVE-2016-9319)
--
http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security
.html

Overview

"Trend Micro Mobile Security is the client app for Trend Microâ??s
enterprise mobility platform.

[ more ]  [ reply ]
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload 2017-04-06
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CO
NTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC

Vendor:
==================
www.spiceworks.com

Product:
=================
S

[ more ]  [ reply ]
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data 2017-04-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03727en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03727en_us

Version: 1

HP

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal 2017-04-04
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal

Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Rel

[ more ]  [ reply ]
[SECURITY] [DSA 3826-1] tryton-server security update 2017-04-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3826-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 04, 2017

[ more ]  [ reply ]
AST-2017-001: Buffer overflow in CDR's set user 2017-04-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-001

Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow

[ more ]  [ reply ]
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-02

Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider SoMachine Basic 1.4 SP1, Schne

[ more ]  [ reply ]
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-01
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider Modicon TM221CE16R, Firmware 1.

[ more ]  [ reply ]
Moodle URL Manipulation Remote Account Information Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-in
formation-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in

[ more ]  [ reply ]
iPlatinum iOneView Multiple Parameter Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-ref
lected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie
)</script>
http://

[ more ]  [ reply ]
Kaseya information disclosure vulnerability 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerabili
ty.html

Date:
04-Apr-2017

Product:
Kaseya VSA

Versions affected:
9.02.00.04

Vulnerability:

Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html

When the product is installed

[ more ]  [ reply ]
AcoraCMS browser redirect and Cross-site scripting vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-
scripting-vulnerabilities.html

Date:
04-Apr-2017

Product:
AcoraCMS

Versions affected:
7.0.0.6 (known bugs from 6.0.6 are still present
http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt).

Vulnerabilities:
1) Arbi

[ more ]  [ reply ]
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-pers
onal-information-disclosure-and-phpmailer-package.html

Date:
04-Apr-2017

Product:
SmartJobBoard

Versions affected:
v5.0.9 and below.

Vulnerability:

1) Cross-site scripting vulnerabilities in the following locations and
para

[ more ]  [ reply ]
SilverStripe CMS - Path Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html

Date:
04-Apr-2017

Product:
SilverStripe CMS

Versions affected:
3.1.9 and below.

Vulnerability:
Path disclosure.

Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php

h

[ more ]  [ reply ]
Tweek!DM Document Management Authentication bypass, SQL injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/tweekdm-document-management-authenticatio
n-bypass-sql-injection-vulnerabilities.html

Date:
04-Apr-2017

Product:
Tweek!DM Document Management

Versions affected:
Unknown

Vulnerabilities:
1) Authentication bypass - the software sends a 301 Location redirect
back to th

[ more ]  [ reply ]
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-resp
onse-splitting-directory-traversal-vulnerabilities.html

Date:
04-Apr-2017

Product:
Computer Associates (Layer7) API Gateway

Versions affected:
v7, v8, v9

Vulnerabilities:

1) CRLF Response Splitting

https://[target]:8443/te

[ more ]  [ reply ]
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service 2017-04-04
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#############################################################
#
# Product: Mongoose OS
# Vendor: Cesanta
# CVE ID: CVE-2017-7185
# CSNC ID: CSNC-20

[ more ]  [ reply ]
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection
-reflected-xss.html

Date:
04-Apr-2017

Product:
LanternCMS

Versions affected:
Unknown

Vulnerabilities:

1) Path disclosure
By requesting a site with an invalid intSiteI or numRedirectCount:
http://[target]/www/default.asp?int

[ more ]  [ reply ]
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workpl
ace-management-system-xml-external-entity-xxe-injection-file-disclosure.
html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML Ext

[ more ]  [ reply ]
AirWatch Self Service Portal Username Parameter LDAP Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/airwatch-self-service-portal-username-par
ameter-ldap-injection.html

Date:
04-Apr-2017

Product:
AirWatch Self Service MDM

Versions affected:
v6.1.x
v6.4.x

Vulnerability:
LDAP injection

Example:
https://[target]/DeviceManagement/ URL accepts the following
POST param

[ more ]  [ reply ]
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_logino
wneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL in

[ more ]  [ reply ]
Lotus Protector for Mail Security remote code execution 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-
code-execution.html

Date:
09-Nov-2012

Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)

Vulnerability:
Local File Inclusion to Remote Code Execution

Details:
There is local file inclusion vulnerability in
th

[ more ]  [ reply ]
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeratio
n-and-bruteforce-weakness.html

Date:
04-Apr-2017

Software:
Kaseya

Affected version:
Kaseya VSA v6.5.0.0.

Vulnerability details:

1. The "forgot password" function at https://[target]/access/logon.asp
reveals whether a userna

[ more ]  [ reply ]
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) 2017-04-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03721en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03721en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function 2017-04-03
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170403-0 >
=======================================================================
title: Misbehavior of the "fsockopen" function
product: PHP
vulnerable version: 7.1.2
fixed version:
CVE number: CVE-2017-7

[ more ]  [ reply ]
(Page 11 of 524)  < Prev  6 7 8 9 10 11 12 13 14 15 16  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus