BugTraq Mode:
(Page 34 of 1748)  < Prev  29 30 31 32 33 34 35 36 37 38 39  Next >
SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager 2017-05-11
SEC Consult Vulnerability Lab (research sec-consult com)
A blog post with additional information is available here:
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.htm
l

We have also released a video showing arbitrary code execution:
https://www.youtube.com/watch?v=1EngNIXSNQw

SEC Consult Vulnerability Lab Security Advisory < 201705

[ more ]  [ reply ]
DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability 2017-05-11
DefenseCode (defensecode defensecode com)

DefenseCode WebScanner DAST Advisory
WordPress User Access Manager Plugin
Security Vulnerability

Advisory ID: DC-2017-01-021
Advisory Title: WordPress User Access Manager Plugin Cross Site
Scripting vulnerability
Advisory URL:
http://www.defensecode

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities 2017-05-11
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
WordPress Tracking Code Manager Plugin
Multiple Security Vulnerabilities

Advisory ID: DC-2017-01-020
Advisory Title: WordPress Tracking Code Manager Plugin Multiple
Vulnerabilities
Advisory URL:
http://www.defensecode.com/advi

[ more ]  [ reply ]
ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2017-05-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

CVE Identifier: CVE-2017-4978

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products:

RSA Ad

[ more ]  [ reply ]
ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability 2017-05-10
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability

EMC Identifier: ESA-2017-027

CVE Identifier: CVE-2017-4979

Severity Rating: CVSS v3 Base Score: 7.1 (AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected products: The issue oc

[ more ]  [ reply ]
[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability 2017-05-10
Core Security Advisories Team (advisories coresecurity com)
1. *Advisory Information*

Title: SAP SAPCAR Heap Based Buffer Overflow Vulnerability
Advisory ID: CORE-2017-0001
Advisory URL: http://www.coresecurity.com/advisories/sap-sapcar-
heap-based-buffer-overflow-vulnerability
Date published: 2017-05-10
Date of last update: 2017-05-10
Vendors contacted: SA

[ more ]  [ reply ]
SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App 2017-05-10
SEC Consult Vulnerability Lab (research sec-consult com)
A short demo video is available here:
https://youtu.be/0jZdM9peVSk

SEC Consult Vulnerability Lab Security Advisory < 20170510-0 >
=======================================================================
title: Insecure Handling Of URI Schemes
product: Microsoft OneDrive iO

[ more ]  [ reply ]
[SECURITY] [DSA 3848-1] git security update 2017-05-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3848-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 10, 2017

[ more ]  [ reply ]
Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892] 2017-05-10
Nightwatch Cybersecurity Research (research nightwatchcybersecurity com)
[Original post here:
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabili
ties-in-asus-routers/]

Summary

Various models of ASUS RT routers have several CSRF vulnerabilities
allowing malicious sites to login and change settings in the router;
multiple JSONP vulnerabilities allowi

[ more ]  [ reply ]
[SECURITY] [DSA 3847-1] xen security update 2017-05-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3847-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2017

[ more ]  [ reply ]
[security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege 2017-05-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst
03739en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbst03739en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2016-6799: Internal system information leak 2017-05-09
Simon MacDonald (macdonst apache org)
CVE-2016-6799: Internal system information leak

Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Cordova Android (5.2.2 and below)

Description: The application calls methods of the Log class. Messages
passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and
Log.e(

[ more ]  [ reply ]
SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager 2017-05-09
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170509-0 >
=======================================================================
title: Multiple vulnerabilities
product: I, Librarian PDF manager
vulnerable version: <=4.6 & 4.7
fixed version: 4.8
CVE nu

[ more ]  [ reply ]
[SECURITY] [DSA 3846-1] libytnef security update 2017-05-09
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3846-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 09, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3845-1] libtirpc security update 2017-05-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3845-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 08, 2017

[ more ]  [ reply ]
ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability 2017-05-08
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability

EMC Identifier: ESA-2017-035

CVE Identifier: CVE-2017-4982

Severity Rating: CVSS v3 Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected pro

[ more ]  [ reply ]
CA20170504-01: Security Notice for CA Client Automation OS Installation Management 2017-05-05
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20170504-01: Security Notice for CA Client Automation OS
Installation Management

Issued: May 4, 2017
Last Updated: May 4, 2017

CA Technologies is alerting customers to a potential risk with CA
Client Automation OS Installation Management. A vulner

[ more ]  [ reply ]
[security bulletin] HPESBHF03736 rev.1 - HPE Aruba and HPE ProVision network switches using Diffie Hellman Group1 Sha1 Exchange Algorithm, Remote Disclosure of Information 2017-05-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03736en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03736en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities 2017-05-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03740en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03740en_us

Version: 1

HP

[ more ]  [ reply ]
WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295] 2017-05-03
Dawid Golunski (dawid legalhackers com)
WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day)
[CVE-2017-8295]

https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0
day-CVE-2017-8295.html

Regards,
Dawid Golunski
https://legalhackers.com
https://ExploitBox.io
t: @dawid_golunski

[ more ]  [ reply ]
ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability 2017-05-03
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability

EMC Identifier: ESA-2017-036

CVE Identifier: CVE-2017-4983

Severity Rating: CVSS v3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected products:

? EMC

[ more ]  [ reply ]
Zenario CMS v7.6 - (Delete) Persistent Cross Site Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2042

Release Date:
=============
2017-03-20

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zenario v7.6 - Persistent Cross Site Scripting Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2044

https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc
051b93f477129b1a

Release Date:

[ more ]  [ reply ]
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2046

Release Date:
=============
2017-03-29

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2034

Release Date:
=============
2017-02-23

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2061

IEDB: http://iedb.ir/exploits-7454.html

Release Date:
=============
2017-05-02

Vulnerability Laboratory

[ more ]  [ reply ]
Hola VPN v1.34 - Privilege Escalation Vulnerability 2017-05-03
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Hola VPN v1.34 - Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2062

Release Date:
=============
2017-05-03

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
Mura CMS Cross-Site Scripting (XSS) Vulnerability 2017-05-03
Leon Zhao 7 gmail com
Credits
===============
Zhao Liang, Huawei Weiran Labs

Vendor:
===============
Blue River Interactive Group

Product:
========================
Mura CMS

Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websi

[ more ]  [ reply ]
[SECURITY] [DSA 3843-1] tomcat8 security update 2017-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3843-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3842-1] tomcat7 security update 2017-05-03
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3842-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 03, 2017

[ more ]  [ reply ]
(Page 34 of 1748)  < Prev  29 30 31 32 33 34 35 36 37 38 39  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus