|
|
Colapse all |
Post message
Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities 2016-10-11 admin (at) evolution-sec (dot) com [email concealed] (admin evolution-sec com) [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities 2016-10-11 Gergely Eberhardt (gergely eberhardt search-lab hu) Avtech devices multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Every Avtech device (IP camera, NVR, DVR) and firmware version. [4] contains the list of confirmed firmware versions, which are affected. - Product page: http://www [ more ] [ reply ] SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) 2016-10-11 SEC Consult Vulnerability Lab (research sec-consult com) [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-11 matthias deeg syss de [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks 2016-10-10 matthias deeg syss de Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] 2016-10-10 Nightwatch Cybersecurity Research (research nightwatchcybersecurity com) Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-53 48-2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in A [ more ] [ reply ] [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks 2016-10-10 matthias deeg syss de [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-10-10 matthias deeg syss de Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability 2016-10-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1850 Cyberoam ID: #1059276 Security ID: NCR-2064 Release Date: ============= 2016-10-04 Vulnerability Labor [ more ] [ reply ] Clean Master v1.0 - Unquoted Path Privilege Escalation 2016-10-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Clean Master v1.0 - Unquoted Path Privilege Escalation References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1968 Release Date: ============= 2016-10-05 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability 2016-10-05 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-dhcp2 Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +---------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability 2016-10-05 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-dhcp1 Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +------------------------------------------------ [ more ] [ reply ] Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability 2016-10-05 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability Advisory ID: cisco-sa-20161005-nxaaa Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +-------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability 2016-10-05 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-bgp Revision 1.0 For Public Release 2016 October 5 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary === [ more ] [ reply ] [security bulletin] HPSBGN03639 rev.1 - HPE KeyView, Remote Code Execution 2016-10-05 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052974 77 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05297477 Version: 1 HPSBGN03639 rev.1 - HPE KeyV [ more ] [ reply ] KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service 2016-10-05 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service Title: Cisco Firepower Threat Management Console Authenticated Denial of Service Advisory ID: KL-001-2016-004 Publication Date: 2016.10.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-0 [ more ] [ reply ] KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials 2016-10-05 KoreLogic Disclosures (disclosures korelogic com) KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-201 [ more ] [ reply ] September 2016 - HipChat Plugin for various products - Critical Security Advisory 2016-10-06 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the following advisory pages: * Bitbucket Server - https://confluence.atlassian.com/x/0QkcMg * Confluence - https://confluence.atlassian.com/x/yIGbMg * JIRA - https://confluence.atlassian.com/x/w4GbMg CVE ID: * CVE-2016-6668 - T [ more ] [ reply ] ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities 2016-10-04 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities EMC Identifier: ESA-2016-121 CVE Identifier: CVE-2016-6645, CVE-2016-6646 Severity Rating: CVSS v3 Base Score: See below for individual CVE [ more ] [ reply ] ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability 2016-10-04 EMC Product Security Response Center (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability EMC Identifier: ESA-2016-063 CVE Identifier: CVE-2016-0913 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: [ more ] [ reply ] Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities 2016-10-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1942 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): ================ [ more ] [ reply ] AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit 2016-10-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1966 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] TeempIp XSS Cookie Theft 2016-10-03 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TEEMIP-XSS-COOKIE-THEFT.txt [+] ISR: ApparitionSec Vendor: =============== www.combodo.com Product: ============== TeemIp v2.0.2 Offer your customers a professional and eco [ more ] [ reply ] [SECURITY] [DSA 3684-1] libdbd-mysql-perl security update 2016-10-03 Florian Weimer (fw deneb enyo de) [SECURITY] [DSA 3681-2] wordpress regression update 2016-10-01 Yves-Alexis Perez (corsac debian org) CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation 2016-10-01 Dawid Golunski (dawid legalhackers com) CVE: CVE-2016-1240 Vulnerability: Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2) Systems affected: Debian & Ubuntu & possibly others (using the affected deb packages) Discovered by: Dawid Golunski (http://lega [ more ] [ reply ] Multiple exposures in Sophos UTM 2016-09-30 Tim Schughart (t schughart prosec-networks com) Hello @all, together with my colleague we found two uncritical vulnerabilities you'll find below. Product: Sophos UTM Vendor: Sophos ltd. Internal reference: ? (Bug ID) Vulnerability type: Information Disclosure Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not test [ more ] [ reply ] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345) 2016-09-30 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-060 Product: M520 (Mouse of Wireless Combo MK520) Manufacturer: Logitech Affected Version(s): Model Y-R0012 Tested Version(s): Model Y-R0012 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) [ more ] [ reply ] |
|
Privacy Statement |
===============
Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1928
Release Date:
=============
2016-10-10
Vulnerability Laboratory ID (VL-ID):
============================
[ more ] [ reply ]