BugTraq Mode:
(Page 15 of 524)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >
Microsoft Windows Media Center "ehshell.exe" XML External Entity 2016-12-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTE
R-XXE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
===========================

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-336-01) 2016-12-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-336-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 3

HPSBUX03665 rev.3

[ more ]  [ reply ]
[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053475
41

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05347541

Version: 1

HPSBGN03680 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053448
49

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05344849

Version: 1

HPSBGN03677 rev.1

[ more ]  [ reply ]
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues 2016-11-30
FOXMOLE Advisories (advisories foxmole com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=== FOXMOLE - Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) - Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============

[ more ]  [ reply ]
[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access 2016-11-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053414
63

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05341463

Version: 1

HPSBHF03682 rev.1

[ more ]  [ reply ]
[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler 2016-11-30
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code
Execution through the JavaScript Less Compiler

RedTeam Pentesting discovered behaviour in the Less.js compiler,
which allows execution of arbitrary code if an untrusted LESS file is
compiled.

Details
=======

Produc

[ more ]  [ reply ]
XSS in tooltip plugin of Zurb Foundation 5 2016-11-29
Winni Neessen (winni insecure so)
XSS vulnerabilty in the tooltip plugin of Zurb Foundation 5.x
=============================================================

URL to this advisory: https://nop.li/foundation5tooltipxss

Vendor
======
http://zurb.com/

Product
=======
(Taken from http://foundation.zurb.com/sites/docs/v/5.5.3/)
Foundat

[ more ]  [ reply ]
Google Chrome Accessibility blink::Node corruption details 2016-11-29
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twenty-first entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these throug

[ more ]  [ reply ]
SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic 2016-11-28
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161128-0 >
=======================================================================
title: Denial of service & heap-based buffer overflow
product: Guidance Software EnCase Forensic Imager & EnCase Forensic
vulnerable versi

[ more ]  [ reply ]
[SECURITY] [DSA 3725-1] icu security update 2016-11-27
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3725-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
November 27, 2016

[ more ]  [ reply ]
Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow 2016-11-27
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFF
ER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.coreftp.com

Product:
========================
Core FTP LE (clie

[ more ]  [ reply ]
WorldCIST'2017 - Submission deadline: November 30 2016-11-26
ML (marialemos72 gmail com)
* Best papers published in several SCI/SSCI-indexed journals
** Proceedings by Springer, indexed by ISI, Scopus, DBLP, EI-Compendex, etc.

------------------------------------------------------------------------
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Po

[ more ]  [ reply ]
CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability 2016-11-25
Apache OpenOffice Security (orcmid apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-6803
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6803>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6803.html>

Title: Windows Installer Can Enable Privileged Trojan Execution

Version 1.0
Announced O

[ more ]  [ reply ]
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic 2016-11-25
Jackie Blanco (jackie sdiwc info)
*********************************************************************
Call for Participation

CyberSec2017: The Fifth International Conference on Cyber Security,
Cyber Welfare and Digital Forensic

22-24 April 2017, St. Mary's University, Addis Ababa, Ethiopia

https://goo.gl/mbDr7F

**************

[ more ]  [ reply ]
[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update 2016-11-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3724-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 24, 2016

[ more ]  [ reply ]
Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic 2016-11-25
Jackie Blanco (jackie sdiwc info)
*********************************************************************
Call for Participation

CyberSec2017: The Fifth International Conference on Cyber Security,
Cyber Welfare and Digital Forensic

22-24 April 2017, St. Mary's University, Addis Ababa, Ethiopia

https://goo.gl/mbDr7F

**************

[ more ]  [ reply ]
[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update 2016-11-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3723-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 24, 2016

[ more ]  [ reply ]
WorldCIST'17 - Submission deadline: November 27 2016-11-24
ML (marialemos72 gmail com)
* Best papers published in SCI/SSCI-indexed journals
** Proceedings by Springer, indexed in ISI, Scopus, DBLP, EI-Compendex, etc.

------------------------------------------------------------------------
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto Sant

[ more ]  [ reply ]
[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310) 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-107
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Low
Solution St

[ more ]  [ reply ]
[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks 2016-11-24
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-071
Product: Smart GSM Alarm SA 2500 Kit
Manufacturer: Blaupunkt
Affected Version(s): v1.0
Tested Version(s): v1.0
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufactur

[ more ]  [ reply ]
[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307) 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-064
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Improper Restriction of Excessive Authentication
At

[ more ]  [ reply ]
[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks 2016-11-24
gerhard klostermeier syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-066
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution S

[ more ]  [ reply ]
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition 2016-11-24
Dawid Golunski (dawid legalhackers com)
Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition
CVE-2016-7098

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Severity: Medium

GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerability th

[ more ]  [ reply ]
[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities 2016-11-23
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053368
88

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05336888

Version: 1

HPSBHF03673 rev.1

[ more ]  [ reply ]
CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details 2016-11-23
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventeenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through

[ more ]  [ reply ]
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks 2016-11-23
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-106
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medi

[ more ]  [ reply ]
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks 2016-11-23
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-072
Product: Protect 9061
Manufacturer: Olympia
Affected Version(s): Article No. 5943 rev.03
Tested Version(s): Article No. 5943 rev.03
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution St

[ more ]  [ reply ]
[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities 2016-11-22
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: TP-LINK TDDP Multiple Vulnerabilities
Advisory ID: CORE-2016-0007
Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabili
ties
Date published: 2016-11-21
Date of last update: 2016-11-18
Vendors contacted: TP-Link
Release mode: User releas

[ more ]  [ reply ]
CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details 2016-11-22
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
sixteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through D

[ more ]  [ reply ]
Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1 2016-11-21
Andrea Barisani (andrea inversepath com)

The following vulnerabilities have been reported to Siemens CERT and are now
covered by by Siemens Security Advisory SSA-603476, published today
(2016-11-21) and available at the following URL:

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-6034
76.pdf

-- CVE-016-8672 --------

[ more ]  [ reply ]
[SECURITY] [DSA 3719-1] wireshark security update 2016-11-21
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3719-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
November 21, 2016

[ more ]  [ reply ]
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component 2016-11-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2296909

Author: Vahagn Vardanyan (ERPScan)

[ more ]  [ reply ]
Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) 2016-11-21
Dawid Golunski (dawid legalhackers com)
Vulnerability: Nginx (Debian-based distros) - Root Privilege
Escalation (CVE-2016-1247)

Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure permi

[ more ]  [ reply ]
[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Cross-site Scripting [CWE-79]
Date found: 2016-06-29
Date published: -
CVSSv3 Score:

[ more ]  [ reply ]
[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Information Exposure Through an Error Message [CWE-209]
Date found: 2016-06-29
Date p

[ more ]  [ reply ]
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution 2016-11-20
Julien Ahrens (julien ahrens rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: -
CVSSv3 Score: 6.3

[ more ]  [ reply ]
Multiple issues in OpManager 12100 & 12200 2016-11-20
Michael Heydon (michael mheydon net)
Title: Multiple issues in OpManager
Author: Michael Heydon
Product: OpManager
Tested Versions: 12100 & 12200
Vendor: Zoho ManageEngine
Vendor Notified: 2016-08-14
Disclosure Date: 2016-11-20

Product Description:
====================
OpManager is a web-based network monitoring system. It is used p

[ more ]  [ reply ]
[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS) 2016-11-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053370
25

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05337025

Version: 1

HPSBHF03675 rev.1

[ more ]  [ reply ]
Putty Cleartext Password Storage 2016-11-20
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUTTY.EXE-INSECURE-PASSWORD-S
TORAGE.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.chiark.greenend.org.uk

Product:
===========
Putty.exe
v0.

[ more ]  [ reply ]
[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution 2016-11-20
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Path Traversal [CWE-22]
Date found: 2016-06-23
Date published: -
CVSSv3 Score: 6.3

[ more ]  [ reply ]
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Check Email WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Check Email WordPress Plugin
------------------------------------------------------------------------

Antonis Manaras, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin 2016-11-19
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
------------------------------------------------------------------------

Antonis Manaras, July 2016

-----------------------------------------------------------

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-323-01) 2016-11-18
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-323-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
pa

[ more ]  [ reply ]
CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details 2016-11-18
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
fourteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through

[ more ]  [ reply ]
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability 2016-11-18
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2003

Release Date:
=============
2016-11-14

Vulnerability Laboratory ID (VL-ID):
======

[ more ]  [ reply ]
[ERPSCAN-16-031] SAP NetWeaver AS ABAP â?? directory traversal using READ DATASET 2016-11-18
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Pro

[ more ]  [ reply ]
[ERPSCAN-16-032] SAP Telnet Console â?? Directory traversal vulnerability 2016-11-18
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2280371

Author:

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody 2016-11-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in response to <http://seclists.org/fulldisclosure/2016/Jan/24>
EmsiSoft fixed some of the DLL hijacking vulnerabilities in some
of their executable installers and unpackers.

EmsisoftEmergencyKit.exe still has beginner's errors which allow
escalation of privilege for EVERY local user:

0.

[ more ]  [ reply ]
[SECURITY] [DSA 3716-1] firefox-esr security update 2016-11-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3716-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 16, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS) 2016-11-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053333
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333384

Version: 1

HPSBGN03676 rev.1

[ more ]  [ reply ]
CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details 2016-11-16
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
twelfth entry in that series. Unfortunately I won't be able to publish
everything within one month at the current rate, so I may continue to
publish these through Dec

[ more ]  [ reply ]
[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information 2016-11-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053332
97

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05333297

Version: 1

HPSBST03671 rev.1

[ more ]  [ reply ]
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset 2016-11-15
Andrew Klaus (andrewklaus gmail com)
### Device Details
Vendor: Actiontec (Telus Branded)
Model: WCB3000N
Affected Firmware: v0.16.2.5
Device Manual: http://static.telus.com/common/cms/files/internet/wifi_plus_extender.pdf

Reported: November 2015
Status: Fixed on newest pushed firmware version
CVE: Update is handled by the vendor, th

[ more ]  [ reply ]
CVE-2016-4484: - Cryptsetup Initrd root Shell 2016-11-14
Hector Marco (hmarco hmarco org) (1 replies)
Hello All,

Affected package
----------------
Cryptsetup <= 2:1

CVE-ID
------
CVE-2016-4484

Description
-----------
A vulnerability in Cryptsetup, concretely in the scripts that unlock the
system partition when the partition is ciphered using LUKS (Linux
Unified Key Setup).

This vulnerability

[ more ]  [ reply ]
Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell 2016-11-15
Leo Famulari (leo famulari name)
[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 2

HPSBUX03665 rev.2

[ more ]  [ reply ]
[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery 2016-11-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
55

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324755

Version: 1

HPSBGN03669 rev.1

[ more ]  [ reply ]
SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2 2016-11-14
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20161114-0 >
=======================================================================
title: Multiple vulnerabilities
product: I-Panda SolarEagle - Solar Controller Administration
Software / MPPT Solar Co

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-13
iedb team gmail com
Mail Delivery Reports crash database Local Vulnerability in WHM Panel All Version

###########################

# WHM Panel Mail Delivery Reports crash database Vulnerability

###########################

#####################################

# Iranian Exploit DataBase And Security

[ more ]  [ reply ]
Multiple vulnerabilities in Barco Clickshare 2016-11-14
vincent ruijter kpn com
CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1
Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (CSM-1).
A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance

[ more ]  [ reply ]
WHM Panel Mail Delivery Reports crash database Vulnerability 2016-11-12
iedb team gmail com
Mail Delivery Reports crash database in whm panel 60.0 ( build 17) version local exploit
Pic:http://kkli.ir/C6LGY

#####################################

# Iranian Exploit DataBase And Security Team - iedb.ir

# Title : WHM Panel Mail Delivery Reports crash database Vulnerability

#

[ more ]  [ reply ]
CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details 2016-11-14
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
tenth entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161114001.html.

Follow me on http://twitter.co

[ more ]  [ reply ]
[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE 2016-11-13
Maxim Solodovnik (solomax apache org)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: Apache Openmeetings is vulnerable to Remote Code
Execution via RMI deserialization attack

The issue was fixed in 3.1.2
All users are recommended to upgrade to Apache OpenMeetings 3

[ more ]  [ reply ]
CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart 2016-11-12
unlimitsec gmail com
Description of the potential vulnerability:
Severity: Low
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart.
The patch fixes the vuln

[ more ]  [ reply ]
[SECURITY] [DSA 3711-1] mariadb-10.0 security update 2016-11-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3711-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 11, 2016

[ more ]  [ reply ]
Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Microsoft Windows OTF Parsing Table Encoding Record Offset

Vulnerability

=================================================================

[ more ]  [ reply ]
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser 2016-11-10
tallison apache org
CVE-2016-6809 â?? Arbitrary Code Execution Vulnerability in Apache Tikaâ??s MATLAB Parser

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: 1.6-1.13

Description: Apache Tika wraps the jmatio parser (https://github.com/gradusnikov/jmatio) to handle MATLAB files. T

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability 2016-11-10
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2016/11/10

Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected S

[ more ]  [ reply ]
WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details 2016-11-10
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
eight entry in that series, although this particular vulnerability does
not just affect web-browsers, but all applications that use WININET to
make HTTP requests.

Th

[ more ]  [ reply ]
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 2016-11-10
nickyccwu tencent com
Document Title:
===============
Blind SQL Injection Vulnerability in Exponent CMS 2.4.0

References (Source):
====================
https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-
sql-injection-vulnerability-in-exponent-cms-240-4
https://github.com/exponentcms/exponent-cms/com

[ more ]  [ reply ]
MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details 2016-11-09
Berend-Jan Wever (berendj nwever nl)
Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
seventh entry in that series.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161109001.html. There you can find a repro
th

[ more ]  [ reply ]
[SECURITY] [DSA 3709-1] libxslt security update 2016-11-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3709-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
November 08, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution 2016-11-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053274
47

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05327447

Version: 1

HPSBGN03670 rev.1

[ more ]  [ reply ]
URL Redirection Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com
URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

De

[ more ]  [ reply ]
Cross-Site Scripting in Calendar WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Calendar WordPress Plugin
------------------------------------------------------------------------

Remco Vermeulen, July 2016

------------------------------------------------------------------------

Abs

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress
Plugin
------------------------------------------------------------------------

Burak Kelebek, October 2016

----------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin 2016-11-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
Cross Site Scripting Vulnerability In Verint Impact 360 2016-11-08
sanehsingh controlcase com
Overview
========

* Title : Cross Site Scripting Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

Description
===========

About the Product
=====

[ more ]  [ reply ]
[SECURITY] [DSA 3707-1] openjdk-7 security update 2016-11-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3707-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2016

[ more ]  [ reply ]
[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow 2016-11-07
Pedro Ribeiro (pedrib gmail com)
tl;dr

A stack bof in several Dlink routers, which can be exploited by an
unauthenticated attacker in the LAN. There is no patch as Dlink did not
respond to CERT's requests. As usual, a Metasploit module is in the
queue (see [9] below) and should hopefully be integrated soon.

The interesting thing

[ more ]  [ reply ]
[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution 2016-11-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258
36

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05325836

Version: 1

HPSBGN03643 rev.1

[ more ]  [ reply ]
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1931

Release Date:
=============
2016-11-07

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1871

Release Date:
=============
2016-11-04

Vulnerability Laboratory ID (VL-ID):
================

[ more ]  [ reply ]
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability 2016-11-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1870

Release Date:
=============
2016-11-03

Vulnerability Laboratory ID (VL-ID):
======================

[ more ]  [ reply ]
Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07
iedb team gmail com
Cross-Site Scripting in Faraznet Cms Version 4.x

###########################

# Faraznet Cms Cross-Site Scripting Vulnerability

###########################

#####################################

# Iranian Exploit DataBase And Security Team - iedb.ir

# Title : Faraznet Cms Cross-Site Scripting V

[ more ]  [ reply ]
Faraznet Cms Cross-Site Scripting Vulnerability 2016-11-07
iedb team gmail com
Cross-Site Scripting in Faraznet Cms Version 4.x

###########################

# Faraznet Cms Cross-Site Scripting Vulnerability

###########################

#####################################

# Iranian Exploit DataBase And Security Team - iedb.ir

# Title : Faraznet Cms Cross-Site Scripting V

[ more ]  [ reply ]
WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow 2016-11-05
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFF
ER-OVERFLOW.txt

[+] ISR: Apparition Security

Vendor:
============
www.labf.com

Product:
================
WinaXe v7.7 FTP

The X W

[ more ]  [ reply ]
Axessh 4.2.2 Denial Of Service 2016-11-05
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt

[+] ISR: ApparitionSec

Vendor:
============
www.labf.com

Product:
=============
Axessh 4.2.2

Axessh is a SSH client. It is a supe

[ more ]  [ reply ]
Rapid PHP Editor CSRF Remote Command Execution 2016-11-05
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-E
XEC.txt

[+] ISR: Apparition Security

Vendor:
======================
www.rapidphpeditor.com

Product:
==============================

[ more ]  [ reply ]
[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting 2016-11-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258
23

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05325823

Version: 1

HPSBGN03656 rev.1

[ more ]  [ reply ]
[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution 2016-11-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053258
11

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05325811

Version: 1

HPSBGN03657 rev.1

[ more ]  [ reply ]
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution 2016-11-04
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-009 : Sophos Web Appliance Remote Code Execution

Title: Sophos Web Appliance Remote Code Execution
Advisory ID: KL-001-2016-009
Publication Date: 2016.11.03
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-009.txt

1. Vulnerability Details

Affected Vend

[ more ]  [ reply ]
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation 2016-11-04
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-008 : Sophos Web Appliance Privilege Escalation

Title: Sophos Web Appliance Privilege Escalation
Advisory ID: KL-001-2016-008
Publication Date: 2016.11.03
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-008.txt

1. Vulnerability Details

Affected Vendor

[ more ]  [ reply ]
MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) 2016-11-04
Dawid Golunski (dawid legalhackers com)
CVE-2016-6664 / (Oracle)CVE-2016-5617
Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation

Discovered by:
Dawid Golunski
@dawid_golunski
https://legalhackers.com

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected
by a privilege escalation vulnerability whic

[ more ]  [ reply ]
[security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection 2016-11-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c053247
59

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759

Version: 1

HPSBUX03665 rev.1

[ more ]  [ reply ]
Axessh 4.2.2 Denial Of Service 2016-11-04
apparitionsec gmail com/hyp3rlinx
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt

[+] ISR: ApparitionSec

Vendor:
============
www.labf.com

Product:
=============
Axessh 4.2.2

Axessh is a SSH client. It is a supe

[ more ]  [ reply ]
(Page 15 of 524)  < Prev  10 11 12 13 14 15 16 17 18 19 20  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus