|
|
Colapse all |
Post message
Lotus Protector for Mail Security remote code execution 2017-04-04 Patrick Webster (patrick osisecurity com au) Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness 2017-04-04 Patrick Webster (patrick osisecurity com au) https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeratio n-and-bruteforce-weakness.html Date: 04-Apr-2017 Software: Kaseya Affected version: Kaseya VSA v6.5.0.0. Vulnerability details: 1. The "forgot password" function at https://[target]/access/logon.asp reveals whether a userna [ more ] [ reply ] [security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS) 2017-04-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03721en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03721en_us Version: 1 HP [ more ] [ reply ] SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function 2017-04-03 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege 2017-03-31 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03722en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03722en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution 2017-03-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03723en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03723en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities 2017-03-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux 03725en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbux03725en_us Version: 1 HP [ more ] [ reply ] ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability 2017-03-29 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 EMC Identifier: ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability CVE Identifier: CVE-2017-4977 Severity Rating: CVSS v3 Base Score: 5.0 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N) Affecte [ more ] [ reply ] ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability 2017-03-29 EMC Product Security Response Center (Security_Alert emc com) [slackware-security] mariadb (SSA:2017-087-01) 2017-03-28 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2017-087-01) New mariadb packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb- [ more ] [ reply ] APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 2017-03-28 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 iCloud for Windows 6.2 is now available and addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Descri [ more ] [ reply ] APPLE-SA-2017-03-27-7 macOS Server 5.3 2017-03-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-7 macOS Server 5.3 macOS Server 5.3 is now available and addresses the following: Profile Manager Available for: macOS 10.12.4 and later Impact: A remote user may be able to cause a denial-of-service Description: A crafted reque [ more ] [ reply ] [SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update 2017-03-27 Moritz Muehlenhoff (jmm debian org) APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS 2017-03-27 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now available and address the following: Export Available for: macOS 10.12 Sierra or later, iOS 10 or later Impact: The conten [ more ] [ reply ] APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 2017-03-22 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These is [ more ] [ reply ] SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices 2017-03-22 SEC Consult Vulnerability Lab (research sec-consult com) Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups" 2017-03-21 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2 with KB2532445 or KB3125574 installed too) don't allow unprivileged callers to circumvent AppLocker and SAFER rules via LoadLibraryEx(TEXT("<arbitrary DLL>"), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL); See <https://msdn.microsof [ more ] [ reply ] [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM 2017-03-21 ERPScan inc (erpscan online gmail com) Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: http://SAP.com Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli (ERPScan) Descr [ more ] [ reply ] ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability 2017-03-20 EMC Product Security Response Center (Security_Alert emc com) [SECURITY] [DSA 3796-2] sitesummary regression update 2017-03-20 Sebastien Delafond (seb debian org) [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2017-03-20 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c051218 42 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05121842 Version: 2 HPSBUX03596 rev.2 [ more ] [ reply ] CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service 2017-03-20 apparitionsec gmail com (hyp3rlinx) |
|
Privacy Statement |
code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
th
[ more ] [ reply ]