|
|
Colapse all |
Post message
[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th 2017-04-19 Hafez Kamal (aphesz hackinthebox org) October CMS v1.0.412 several vulnerabilities 2017-04-19 Anti Räis (antirais gmail com) October CMS v1.0.412 several vulnerabilities ############################################ Information =========== Name: October CMS v1.0.412 (build 412) Homepage: http://octobercms.com Vulnerability: several issues, including PHP code execution Prerequisites: attacker has to be auth [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability 2017-04-19 DefenseCode (defensecode defensecode com) CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands. 2017-04-19 Andrey B. Panfilov (andrew panfilov tel) CVE Identifier: CVE-2017-7220 Vendor: OpenText Affected products: OpenText Documentum Content Server (all versions) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available PoC: https://gist.github.com/andreybpanfilov/d879248 [ more ] [ reply ] CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution 2017-04-19 Filippo Cavallarin (filippo cavallarin wearesegment com) [slackware-security] minicom (SSA:2017-108-01) 2017-04-19 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] minicom (SSA:2017-108-01) New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +-------------------- [ more ] [ reply ] CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset 2017-04-18 apparitionsec gmail com (hyp3rlinx) [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability 2017-04-18 Simon Steiner (simonsteiner1984 gmail com) [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 2017-04-17 Bryan Call (bcall apache org) There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0. Downloads: https://trafficserver.apache.org/downloads Jira Ticket: ttps://issues.apache.org/jira/browse/TS-5019 CVE https://www.cve.m [ more ] [ reply ] Watchguard Fireware XXE DoS & User Enumeration 2017-04-17 David Fernandez (david fdmv gmail com) Watchguardâ??s Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the [ more ] [ reply ] [slackware-security] bind (SSA:2017-103-01) 2017-04-13 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-103-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data 2017-04-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03728en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03728en_us Version: 1 HP [ more ] [ reply ] [SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE') 2017-04-13 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-009 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Improper Restriction of XML External Entity Reference ('XXE') (CWE-611) Risk Le [ more ] [ reply ] [SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery 2017-04-13 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-008 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Cross-Site Request Forgery (CWE-352) Risk Level: Medium Solution Status: Open M [ more ] [ reply ] [SYSS-2017-007] agorum core Pro - Cross-Site Scripting 2017-04-13 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-007 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Open Manufactu [ more ] [ reply ] [SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference 2017-04-13 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference (CWE-932) Risk Level: High Solution Status: Ope [ more ] [ reply ] [SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting 2017-04-13 erlijn vangenuchten syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-005 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Risk Level: High Solution Status: Open [ more ] [ reply ] April 2017 - HipChat Server Advisory 2017-04-13 Matthew Hart (mhart atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE ID: * CVE-2017-7357. Product: Hipchat Server. Affected Hipchat Server product versions: All versions < 2.2.3 Fixed Hipchat Server product versions: 2.2.3 Summary: This advisory discloses a critical severity security vulnerability that was [ more ] [ reply ] DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) 2017-04-12 DefenseCode (defensecode defensecode com) CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure 2017-04-12 apparitionsec gmail com (hyp3rlinx) CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection 2017-04-12 apparitionsec gmail com (hyp3rlinx) FreeBSD Security Advisory FreeBSD-SA-17:03.ntp 2017-04-12 FreeBSD Security Advisories (security-advisories freebsd org) Microsoft Office OneNote 2007 DLL side loading vulnerability 2017-04-11 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Microsoft Office OneNote 2007 DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 -------------------------------------------------------------- [ more ] [ reply ] Multiple local privilege escalation vulnerabilities in Proxifier for Mac 2017-04-11 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in Proxifier for Mac ------------------------------------------------------------------------ Yorick Koster, April 2017 ------------------------------------------------------ [ more ] [ reply ] [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure 2017-04-10 Mark Thomas (markt apache org) CVE-2017-5648 Apache Tomcat Information Disclosure Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17 Apache Tomcat 8.5.0 to 8.5.11 Apache Tomcat 8.0.0.RC1 to 8.0.41 Apache Tomcat 7.0.0 to 7.0.75 Apache Tomcat 6.0.x is not affected Descrip [ more ] [ reply ] [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure 2017-04-10 Mark Thomas (markt apache org) CVE-2017-5651 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.x and earlier are not affected Description: The refactoring of the HTTP connectors [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities 2017-04-10 DefenseCode (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities Advisory ID: DC-2017-01-014 Software: WordPress Tribulant Slideshow Gallery plugin Software Language: PHP Version: 1.6.4 and below Vendor Status: Vendor contacted, [ more ] [ reply ] |
|
Privacy Statement |
CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!
Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/
HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agen
[ more ] [ reply ]