BugTraq Mode:
(Page 12 of 525)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >
[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution 2017-04-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03733en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03733en_us

Version: 1

HP

[ more ]  [ reply ]
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite 2017-04-07
Denis Magda (dmagda apache org)
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8

Description:
Apache Ignite uses an update notifier component to update the users about new project r

[ more ]  [ reply ]
D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download 2017-04-07
patrykgnt gmail com
# Title: D-Link DWR-116 Arbitrary File Download
# Vendor: D-Link (www.dlink.com)
# Affected model(s): DWR-116 / DWR-116A1
# Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU)
# CVE: CVE-2017-6190
# Date: 04.07.2016
# Author: Patryk Bogdan (@patryk_bogdan)

Description:
D-Link DWR-116 with firmware before

[ more ]  [ reply ]
SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum 2017-04-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170407-0 >
=======================================================================
title: Server Side Request Forgery (SSRF) Vulnerability
product: MyBB
vulnerable version: 1.8.10
fixed version: 1.8.11
CVE

[ more ]  [ reply ]
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Apple Music Android Application - MITM SSL Certificate Vulnerability
(CVE-2017-2387)
--
http://www.info-sec.ca/advisories/Apple-Music.html

Overview

"Listen to all the music you want, anytime."

(https://play.google.com/store/apps/details?id=com.apple.android.music)

Issue

The Apple Music Android

[ more ]  [ reply ]
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) 2017-04-06
David Coomber (davidcoomber infosec gmail com)
Trend Micro Enterprise Mobile Security Android Application - MITM SSL
Certificate Vulnerability (CVE-2016-9319)
--
http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security
.html

Overview

"Trend Micro Mobile Security is the client app for Trend Microâ??s
enterprise mobility platform.

[ more ]  [ reply ]
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload 2017-04-06
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CO
NTROL-FILE-OVERWRITE.txt
[+] ISR: APPARITIONSEC

Vendor:
==================
www.spiceworks.com

Product:
=================
S

[ more ]  [ reply ]
[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data 2017-04-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03727en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03727en_us

Version: 1

HP

[ more ]  [ reply ]
DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal 2017-04-04
DefenseCode (defensecode defensecode com)

DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal

Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language: Java
Version: 7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
Rel

[ more ]  [ reply ]
[SECURITY] [DSA 3826-1] tryton-server security update 2017-04-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3826-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 04, 2017

[ more ]  [ reply ]
AST-2017-001: Buffer overflow in CDR's set user 2017-04-04
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2017-001

Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow

[ more ]  [ reply ]
The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-02

Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider SoMachine Basic 1.4 SP1, Schne

[ more ]  [ reply ]
OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10. 2017-04-04
Ralf Spenneberg (info os-t de)
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
info (at) os-s (dot) net [email concealed]

OS-S Security Advisory 2017-01
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider Modicon TM221CE16R, Firmware 1.

[ more ]  [ reply ]
Moodle URL Manipulation Remote Account Information Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-in
formation-disclosure.html

Date:
04-Apr-2017

Product:
Moodle

Versions affected:
2.4.10, 2.5.6, 2.6.3, 2.7 and earlier.

Vulnerability:
Information disclosure.

Example:
/user/edit.php?id= reveals account owner name

1. Log in

[ more ]  [ reply ]
iPlatinum iOneView Multiple Parameter Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-ref
lected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie
)</script>
http://

[ more ]  [ reply ]
Kaseya information disclosure vulnerability 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerabili
ty.html

Date:
04-Apr-2017

Product:
Kaseya VSA

Versions affected:
9.02.00.04

Vulnerability:

Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html

When the product is installed

[ more ]  [ reply ]
AcoraCMS browser redirect and Cross-site scripting vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-
scripting-vulnerabilities.html

Date:
04-Apr-2017

Product:
AcoraCMS

Versions affected:
7.0.0.6 (known bugs from 6.0.6 are still present
http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt).

Vulnerabilities:
1) Arbi

[ more ]  [ reply ]
SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-pers
onal-information-disclosure-and-phpmailer-package.html

Date:
04-Apr-2017

Product:
SmartJobBoard

Versions affected:
v5.0.9 and below.

Vulnerability:

1) Cross-site scripting vulnerabilities in the following locations and
para

[ more ]  [ reply ]
SilverStripe CMS - Path Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html

Date:
04-Apr-2017

Product:
SilverStripe CMS

Versions affected:
3.1.9 and below.

Vulnerability:
Path disclosure.

Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php

h

[ more ]  [ reply ]
Tweek!DM Document Management Authentication bypass, SQL injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/tweekdm-document-management-authenticatio
n-bypass-sql-injection-vulnerabilities.html

Date:
04-Apr-2017

Product:
Tweek!DM Document Management

Versions affected:
Unknown

Vulnerabilities:
1) Authentication bypass - the software sends a 301 Location redirect
back to th

[ more ]  [ reply ]
Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-resp
onse-splitting-directory-traversal-vulnerabilities.html

Date:
04-Apr-2017

Product:
Computer Associates (Layer7) API Gateway

Versions affected:
v7, v8, v9

Vulnerabilities:

1) CRLF Response Splitting

https://[target]:8443/te

[ more ]  [ reply ]
CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service 2017-04-04
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#
#############################################################
#
# Product: Mongoose OS
# Vendor: Cesanta
# CVE ID: CVE-2017-7185
# CSNC ID: CSNC-20

[ more ]  [ reply ]
Lantern CMS Path Disclosure, SQL Injection, Reflected XSS 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection
-reflected-xss.html

Date:
04-Apr-2017

Product:
LanternCMS

Versions affected:
Unknown

Vulnerabilities:

1) Path disclosure
By requesting a site with an invalid intSiteI or numRedirectCount:
http://[target]/www/default.asp?int

[ more ]  [ reply ]
Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workpl
ace-management-system-xml-external-entity-xxe-injection-file-disclosure.
html

Date:
04-Apr-2017

Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)

Versions affected:
9.x

Vulnerability:
XML Ext

[ more ]  [ reply ]
AirWatch Self Service Portal Username Parameter LDAP Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/airwatch-self-service-portal-username-par
ameter-ldap-injection.html

Date:
04-Apr-2017

Product:
AirWatch Self Service MDM

Versions affected:
v6.1.x
v6.4.x

Vulnerability:
LDAP injection

Example:
https://[target]/DeviceManagement/ URL accepts the following
POST param

[ more ]  [ reply ]
Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_logino
wneridjsp-ownerid-sql-injection.html

Date:
04-Apr-2017

Product:
Avaya Radvision SCOPIA Desktop

Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)

Vulnerability:
Blind SQL in

[ more ]  [ reply ]
Lotus Protector for Mail Security remote code execution 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-
code-execution.html

Date:
09-Nov-2012

Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)

Vulnerability:
Local File Inclusion to Remote Code Execution

Details:
There is local file inclusion vulnerability in
th

[ more ]  [ reply ]
Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness 2017-04-04
Patrick Webster (patrick osisecurity com au)
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeratio
n-and-bruteforce-weakness.html

Date:
04-Apr-2017

Software:
Kaseya

Affected version:
Kaseya VSA v6.5.0.0.

Vulnerability details:

1. The "forgot password" function at https://[target]/access/logon.asp
reveals whether a userna

[ more ]  [ reply ]
[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) 2017-04-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03721en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03721en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function 2017-04-03
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170403-0 >
=======================================================================
title: Misbehavior of the "fsockopen" function
product: PHP
vulnerable version: 7.1.2
fixed version:
CVE number: CVE-2017-7

[ more ]  [ reply ]
Splunk Enterprise Information Theft CVE-2017-5607 2017-04-01
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION
-THEFT.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.splunk.com

Product:
==================
Splunk Enterprise

[ more ]  [ reply ]
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege 2017-03-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03722en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03722en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution 2017-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03723en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03723en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities 2017-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux
03725en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbux03725en_us

Version: 1

HP

[ more ]  [ reply ]
ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability 2017-03-29
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability

CVE Identifier: CVE-2017-4977

Severity Rating: CVSS v3 Base Score: 5.0 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)

Affecte

[ more ]  [ reply ]
ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability 2017-03-29
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

EMC Identifier: ESA-2017-028

CVE Identifier:

CVE-2017-4980

Severity Rating: CVSS v3 Base Score: 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected products:

? EMC Is

[ more ]  [ reply ]
[SECURITY] [DSA 3824-1] firebird2.5 security update 2017-03-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3824-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3798-2] tnef regression update 2017-03-29
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3798-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2017

[ more ]  [ reply ]
[slackware-security] mariadb (SSA:2017-087-01) 2017-03-28
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2017-087-01)

New mariadb packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-

[ more ]  [ reply ]
APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 2017-03-28
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

iCloud for Windows 6.2 is now available and addresses the following:

APNs Server
Available for: Windows 7 and later
Impact: An attacker in a privileged network position can track a
user's activity
Descri

[ more ]  [ reply ]
[SECURITY] [DSA 3823-1] eject security update 2017-03-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3823-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 28, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-27-7 macOS Server 5.3 2017-03-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-27-7 macOS Server 5.3

macOS Server 5.3 is now available and addresses the following:

Profile Manager
Available for: macOS 10.12.4 and later
Impact: A remote user may be able to cause a denial-of-service
Description: A crafted reque

[ more ]  [ reply ]
[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update 2017-03-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3821-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS 2017-03-27
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1
for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now
available and address the following:

Export
Available for: macOS 10.12 Sierra or later, iOS 10 or later
Impact: The conten

[ more ]  [ reply ]
[SECURITY] [DSA 3817-1] jbig2dec security update 2017-03-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3817-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 24, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3816-1] samba security update 2017-03-23
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3816-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2017

[ more ]  [ reply ]
APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 2017-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

iTunes for Windows 12.6 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Multiple issues in SQLite
Description: Multiple issues existed in SQLite. These is

[ more ]  [ reply ]
SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices 2017-03-22
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170322-0 >
=======================================================================
title: Multiple vulnerabilities
product: Solare Datensysteme GmbH
Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" 2017-03-21
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2
with KB2532445 or KB3125574 installed too) don't allow unprivileged
callers to circumvent AppLocker and SAFER rules via

LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL);

See <https://msdn.microsof

[ more ]  [ reply ]
[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM 2017-03-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Descr

[ more ]  [ reply ]
ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability 2017-03-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

EMC Identifier: ESA-2017-010

CVE Identifier: CVE-2016-6650

Severity Rating: CVSS v3 Base Score: CVSS v3 Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).

Affected products:

[ more ]  [ reply ]
[SECURITY] [DSA 3796-2] sitesummary regression update 2017-03-20
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3796-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 20, 2017

[ more ]  [ reply ]
[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2017-03-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c051218
42

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121842

Version: 2

HPSBUX03596 rev.2

[ more ]  [ reply ]
CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service 2017-03-20
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SER
VICE.txt
[+] ISR: ApparitionSec

Vendor:
==================
www.extraputty.com

Product:
======================
ExtraPuTTY

[ more ]  [ reply ]
[SECURITY] [DSA 3813-1] r-base security update 2017-03-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3813-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3812-1] ioquake3 security update 2017-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3812-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017

[ more ]  [ reply ]
[SECURITY] [DSA 3811-1] wireshark security update 2017-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3811-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017

[ more ]  [ reply ]
MS Internet Information Services XSS / HTML Injection vulnerability 2017-03-16
David FM (david fdmv gmail com)
Cross Site Scripting / HTML injection vulnerability in Microsoft
Internet Information Services web server

==================================

Versions Affected:

MS Internet Information services (All platforms and versions)

==================================

CVE Reference:

CVE-2017-0055

[ more ]  [ reply ]
CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL

-REMOTE-FILE-ACCESS.txt
[+] ISR: ApparitionSec

Vendor:
=====================
mobaxterm.mobatek.net

Product:
===============================

[ more ]  [ reply ]
SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products 2017-03-16
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170316-0 >
=======================================================================
title: Authenticated Command Injection
product: Multiple Ubiquiti Networks products, e.g.
TS-16-CARRIER, TS-5-POE, TS-

[ more ]  [ reply ]
CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability 2017-03-16
wsachin092 gmail com
Vulnerability Title: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
Affected Product: USB Pratirodh
Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra
CVE-ID : CVE-2017-6911
Severity: Medium

Description:

USB Pratirodh is prone to sensitive information disc

[ more ]  [ reply ]
[slackware-security] pidgin (SSA:2017-074-01) 2017-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pidgin (SSA:2017-074-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+----------------------

[ more ]  [ reply ]
Path Traversal Remote File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL
-REMOTE-FILE-ACCESS.txt
[+] ISR: ApparitionSec

Vendor:
=====================
mobaxterm.mobatek.net

Product:
============

[ more ]  [ reply ]
CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure 2017-03-16
apparitionsec gmail com (hyp3rlinx)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTER
NAL-ENTITY-FILE-DISCLOSURE.txt
[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
=================
Windows

[ more ]  [ reply ]
Microsoft Edge Fetch API allows setting of arbitrary request headers 2017-03-14
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Edge Fetch API allows setting of arbitrary request headers
------------------------------------------------------------------------

Yorick Koster, January 2017

--------------------------------------------------------

[ more ]  [ reply ]
Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_virtuemart component version 1.6 suffers from a remote SQL injection vulnerability.
tested on 1.6
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@

[ more ]  [ reply ]
Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.2
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@

[ more ]  [ reply ]
Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.5
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@

[ more ]  [ reply ]
Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_fidecalendar component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.5
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@

[ more ]  [ reply ]
Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_registrationpro component version 1.x suffers from a remote SQL injection vulnerability.
tested on 1.2 and all version
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@

[ more ]  [ reply ]
Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14
iedb team gmail com
Joomla com_easyblog component version 1.4 suffers from a remote SQL injection vulnerability.
tested on 1.* and all version
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@

[ more ]  [ reply ]
Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory 2017-03-14
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the following advisory pages:

* Bamboo - https://confluence.atlassian.com/x/_slDN
* Crowd - https://confluence.atlassian.com/x/PMpDN
* HipChat Server - https://confluence.atlassian.com/x/lj1LN

CVE ID:

* CVE-2017-5638.

Produc

[ more ]  [ reply ]
[SECURITY] [DSA 3808-1] imagemagick security update 2017-03-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3808-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 13, 2017

[ more ]  [ reply ]
Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability 2017-03-12
iedb team gmail com
Joomla com_carocci component version 1.4 suffers from a remote SQL injection vulnerability.
tested on 1.4
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @

[ more ]  [ reply ]
Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability 2017-03-12
iedb team gmail com
Joomla com_kide component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.x
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@

[ more ]  [ reply ]
Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability 2017-03-12
iedb team gmail com
Joomla com_eventlist component version 1.5 suffers from a remote SQL injection vulnerability.
tested on 1.x
tnks.
Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@

[ more ]  [ reply ]
[security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities 2017-03-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux
03706en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbux03706en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF) 2017-03-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03711en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03711en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege 2017-03-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03707en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03707en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass 2017-03-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03716en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03716en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki" 2017-03-10
Leon Zhao 7 gmail com
Credits
===============
Zhao Liang, Huawei Weiran Labs

Vendor:
===============
Tiki

Product:
========================
Tiki Wiki CMS

The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System

[ more ]  [ reply ]
[SECURITY] [DSA 3805-1] firefox-esr security update 2017-03-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3805-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 08, 2017

[ more ]  [ reply ]
[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download 2017-03-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03714en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03714en_us

Version: 1

HP

[ more ]  [ reply ]
[SECURITY] [DSA 3804-1] linux security update 2017-03-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3804-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 08, 2017

[ more ]  [ reply ]
[security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution 2017-03-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03713en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03713en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution 2017-03-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn
03712en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbgn03712en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint 2017-03-08
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170308-0 >
=======================================================================
title: Multiple vulnerabilities
product: Navetti PricePoint
vulnerable version: 4.6.0.0
fixed version: 4.7.0.0 or higher
CV

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2017-066-01) 2017-03-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2017-066-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead 2017-03-08
Pierre Kim (pierre kim sec gmail com)
Hello,

Please find a text-only version below sent to security mailing lists.

The complete version on analysing the security of "Wireless IP Camera
(P2P) WIFICAM cameras and vulnerabilities in GoAhead" is posted here:
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html

=== text

[ more ]  [ reply ]
[security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities 2017-03-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03710en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03710en_us

Version: 1

HP

[ more ]  [ reply ]
Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution 2017-03-07
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Stack-based buffer overflow in Western Digital My Cloud allows for
remote code execution
------------------------------------------------------------------------

Remco Vermeulen, January 2017

----------------------------------

[ more ]  [ reply ]
SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud 2017-03-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20170307-0 >
=======================================================================
title: Unauthenticated OS command injection & arbitrary file upload
product: Western Digital My Cloud
vulnerable version: at least: 2.21.1

[ more ]  [ reply ]
WordPress audio playlist functionality is affected by Cross-Site Scripting 2017-03-06
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

WordPress audio playlist functionality is affected by Cross-Site
Scripting
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------

[ more ]  [ reply ]
EasyCom PHP API Stack Buffer Overflow 2017-03-06
apparitionsec gmail securityfocus com (hyp3rlinx)
[+] Credits: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFL
OW.txt
[+] ISR: ApparitionSec

Vendor:
================
easycom-aura.com

Product:
===========================
EASYCOM AS400

[ more ]  [ reply ]
Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass 2017-03-06
apparitionsec gmail securityfocus com (hyp3rlinx)
[+] Credits: John Page AKA Hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENT
ICATION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.sawmill.net

Product:
========================
Saw

[ more ]  [ reply ]
CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass 2017-03-06
Peter Lapp (lappsec gmail com)
Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Authentication Bypass
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-7955
Vulnerable Versions: <=5.3.0
Fixed Version: 5.3.1

Vulnerability Details
=====================

This vulnerability allows remote attackers to bypass authe

[ more ]  [ reply ]
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility 2017-03-06
ddos2me gmail com
Document Title:
===============
CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility

Vendor:
=======
Ettercap (http://ettercap.github.io/ettercap/)

Product and Versions Affected:
==============================
Etterfilter 0.8.2 and possibly prior.

Vulnerability Ty

[ more ]  [ reply ]
OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445) 2017-03-06
Wolfgang (lister feedyourhead at)
During my research about update mechanisms of open-source software I
discovered vulnerabilities in OpenElec.

== [ OVERVIEW ] ==

System affected: OpenElec
CVE: CVE-2017-6445
Vulnerable component: auto-update feature
Software-Version: 6.0.3, 7.0.1
User-Interaction: Reboot require

[ more ]  [ reply ]
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility 2017-03-06
ddos2me gmail com
Document Title:
===============
CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility

Vendor:
=======
Appneta (https://www.appneta.com/)

Product and Versions Affected:
==============================
Tcpreplay 4.1.2 and possibly prior.

Fixed Version:
==============
4.2.0 Bet

[ more ]  [ reply ]
(Page 12 of 525)  < Prev  7 8 9 10 11 12 13 14 15 16 17  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus