|
|
Colapse all |
Post message
[security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information 2017-05-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03741en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03741en_us Version: 1 HP [ more ] [ reply ] IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom 2017-04-29 IML 2017 Conference (cfp iml-conference site) Call for Papers International Conference on Internet of Things and Machine Learning (IML 2017) Venue: Liverpool John Moores University, United Kingdom Proceedings: ACM Digital Library/ ISBN: 978-1-4503-5243-7 Extended papers will be invited to our journals (Indexed by Thomson Reuters) https://b [ more ] [ reply ] SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options 2017-04-29 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options ------------------------------------------------------------------------ Yorick Koster, February 2017 ----------------------------------------- [ more ] [ reply ] Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X 2017-04-29 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X ------------------------------------------------------------------------ Han Sahin, April 2017 ------------------------------------- [ more ] [ reply ] [security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-04-28 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03738en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03738en_us Version: 1 HP [ more ] [ reply ] [SECURITY] [DSA 3838-1] ghostscript security update 2017-04-28 Salvatore Bonaccorso (carnil debian org) Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability 2017-04-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Apple iOS 10.3 - Control Panel Denial of Service Vulnerability References: =========== https://www.vulnerability-lab.com/get_content.php?id=2059 Video: https://www.youtube.com/watch?v=MSscCLATxPQ Release Date: ============= 2017-04-27 Vulnerability Laboratory [ more ] [ reply ] Live Helper Chat - Cross-Site Scripting 2017-04-28 Advisories (advisories compass-security com) ############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/en/research/advisories/ ############################################################# # # CSNC ID: CSNC-2017-004 # Product: Live Helper Chat [1] # Vendor: Live Helper Chat [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter 2017-04-27 FreeBSD Security Advisories (security-advisories freebsd org) CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability 2017-04-26 Chris Douglas (cdouglas apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Severity: Important Vendor: The Apache Software Foundation Versions affected: Hadoop 2.6.x and earlier Description: HDFS clients interact with a servlet on the DataNode to browse the HDFS [ more ] [ reply ] April 2017 - Confluence - Security Advisory 2017-04-26 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE ID: * CVE-2017-7415. Product: Confluence. Affected Confluence product versions: 6.0.0 <= version < 6.0.7 Fixed Confluence product versions: * for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue. Summary: This advisory [ more ] [ reply ] [SECURITY] [DSA 3834-1] mysql-5.5 security update 2017-04-25 Salvatore Bonaccorso (carnil debian org) [slackware-security] mozilla-firefox (SSA:2017-114-01) 2017-04-24 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-114-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials 2017-04-24 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials Title: Solarwinds LEM Database Listener with Hardcoded Credentials Advisory ID: KL-001-2017-009 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt 1. Vulnera [ more ] [ reply ] KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read 2017-04-24 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read Title: Solarwinds LEM Management Shell Arbitrary File Read Advisory ID: KL-001-2017-008 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt 1. Vulnerability Details [ more ] [ reply ] KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection 2017-04-24 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection Title: Solarwinds LEM Management Shell Escape via Command Injection Advisory ID: KL-001-2017-007 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt 1. Vulne [ more ] [ reply ] KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse 2017-04-24 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse Advisory ID: KL-001-2017-006 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt 1. Vulnerabili [ more ] [ reply ] KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path 2017-04-24 KoreLogic Disclosures (disclosures korelogic com) KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path Title: Solarwinds LEM Privilege Escalation via Controlled Sudo Path Advisory ID: KL-001-2017-005 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-005.txt 1. Vulne [ more ] [ reply ] CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method 2017-04-24 Andrey B. Panfilov (andrew panfilov tel) CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server (all versions) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available PoC: https://gist.github.com/andreybpanfilov/0a4fdfad5 [ more ] [ reply ] Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-23 Dawid Golunski (dawid legalhackers com) Hi Filippo, I received a reply from MITRE regarding which CVE to use in this situation. Here is the reply I received: 'CVE-2017-7692 is now correct. CVE-2017-5181 is no longer a valid ID number according to our http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf policy. We fully recognize that you ma [ more ] [ reply ] [slackware-security] ntp (SSA:2017-112-02) 2017-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2017-112-02) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2017-112-01) 2017-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-112-01) New mozilla-firefox packages are available for Slackware 14.1 to fix security and stability issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/ [ more ] [ reply ] [slackware-security] proftpd (SSA:2017-112-03) 2017-04-22 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2017-112-03) New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges 2017-04-22 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges ------------------------------------------------------------------------ Remco Vermeulen, April 2017 ----------------------- [ more ] [ reply ] CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake 2017-04-21 Security Advisories (security advisories centralway com) Product: Starscream websocket library Severity: LOW CVE Reference: CVE-2017-5887 Type: SSL Pinning bypass Abstract -------- WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStrea [ more ] [ reply ] CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass 2017-04-21 Security Advisories (security advisories centralway com) Product: Starscream websocket library Severity: LOW CVE Reference: CVE-2017-7192 Type: SSL Pinning bypass / Information disclosure Abstract -------- WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set [ more ] [ reply ] |
|
Privacy Statement |
##############################################
Information
===========
Name: MODX Revolution 2.0.1 - 2.5.6 (based on git commit)
Software: MODX CMS
Homepage: https://modx.com
Vulnerability: blind SQL injection
Prerequisites: attacke
[ more ] [ reply ]