|
|
Colapse all |
Post message
MS Internet Information Services XSS / HTML Injection vulnerability 2017-03-16 David FM (david fdmv gmail com) Cross Site Scripting / HTML injection vulnerability in Microsoft Internet Information Services web server ================================== Versions Affected: MS Internet Information services (All platforms and versions) ================================== CVE Reference: CVE-2017-0055 [ more ] [ reply ] CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure 2017-03-16 apparitionsec gmail com (hyp3rlinx) +] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL -REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor: ===================== mobaxterm.mobatek.net Product: =============================== [ more ] [ reply ] SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products 2017-03-16 SEC Consult Vulnerability Lab (research sec-consult com) CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability 2017-03-16 wsachin092 gmail com Vulnerability Title: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability Affected Product: USB Pratirodh Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra CVE-ID : CVE-2017-6911 Severity: Medium Description: USB Pratirodh is prone to sensitive information disc [ more ] [ reply ] [slackware-security] pidgin (SSA:2017-074-01) 2017-03-16 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] pidgin (SSA:2017-074-01) New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +---------------------- [ more ] [ reply ] CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure 2017-03-16 apparitionsec gmail com (hyp3rlinx) [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTER NAL-ENTITY-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ================= Windows [ more ] [ reply ] Microsoft Edge Fetch API allows setting of arbitrary request headers 2017-03-14 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 2017 -------------------------------------------------------- [ more ] [ reply ] Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability 2017-03-14 iedb team gmail com Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory 2017-03-14 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the following advisory pages: * Bamboo - https://confluence.atlassian.com/x/_slDN * Crowd - https://confluence.atlassian.com/x/PMpDN * HipChat Server - https://confluence.atlassian.com/x/lj1LN CVE ID: * CVE-2017-5638. Produc [ more ] [ reply ] Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability 2017-03-12 iedb team gmail com Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability 2017-03-12 iedb team gmail com Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability 2017-03-12 iedb team gmail com [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities 2017-03-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux 03706en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbux03706en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF) 2017-03-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03711en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03711en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege 2017-03-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03707en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03707en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass 2017-03-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03716en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03716en_us Version: 1 HP [ more ] [ reply ] CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki" 2017-03-10 Leon Zhao 7 gmail com Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Tiki Product: ======================== Tiki Wiki CMS The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System [ more ] [ reply ] [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download 2017-03-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03714en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03714en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution 2017-03-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03713en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03713en_us Version: 1 HP [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA256
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3811-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2017
[ more ] [ reply ]