BugTraq Mode:
(Page 17 of 524)  < Prev  12 13 14 15 16 17 18 19 20 21 22  Next >
ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability 2016-09-23
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

EMC Identifier: EMC-2016-097

CVE Identifier: CVE-2016-0918

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

[ more ]  [ reply ]
Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium 2016-09-22
cfpbrussels2017 recon cx

` . R E C O N * B R U S S E L S .
. . C F P ' .
' https://recon.cx
. 27 - 29 January 2017 . .
. ' Brussels, Belgium .

[ more ]  [ reply ]
[SECURITY] [DSA 3674-1] firefox-esr security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3674-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3673-1] openssl security update 2016-09-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3673-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016

[ more ]  [ reply ]
Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK 2016-09-22
Jamie R (jamie riden gmail com)
BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting
leading to disclosure of PSK.

A firmware update is required to resolve this issue.

The essential problem is that if you hit the following URL on your
wifi extender, it will pop up a whole load of private data, including
your PSK.

[ more ]  [ reply ]
IE11 is not following CORS specification for local files 2016-09-22
Ricardo Iramar dos Santos (riramar gmail com)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.
From my tests IE11 is not following CORS specifications for local
files as supposed to be.
In order to prove I've created a maliciou

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2016-265-03) 2016-09-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2016-265-03)

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-------------------------

[ more ]  [ reply ]
[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities 2016-09-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052708
39

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05270839
Version: 1

HPSBHF03646 rev.1 - HPE Comw

[ more ]  [ reply ]
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla 2016-09-21
Larry W. Cashdollar (larry0 me com)

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site: http://huge-it.com/joomla-video-gallery/
Vendor: www.huge-it.com, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info (at) huge-it (dot) com [email concealed]
Descripti

[ more ]  [ reply ]
[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access 2016-09-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052735
84

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05273584
Version: 2

HPSBGN03645 rev.2 - HPE Heli

[ more ]  [ reply ]
[slackware-security] pidgin (SSA:2016-265-01) 2016-09-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pidgin (SSA:2016-265-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+-----------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3672-1] irssi security update 2016-09-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3672-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 21, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-2

Revision 1.0

Published: 2016 September 21 16:00 GMT
+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability 2016-09-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability

Advisory ID: cisco-sa-20160921-csp2100-1

Revision 1.0

Published: 2016 September 21 16:00 GMT
+------------------------------------------------------------

[ more ]  [ reply ]
APPLE-SA-2016-09-20-6 tvOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-6 tvOS 10

The tvOS 10 advisory has been released to describe the entries below:

Audio
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-5 watchOS 3 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-5 watchOS 3

The watchOS 3 advisory has been updated to include additional entries
as noted below.

Audio
Available for: All Apple Watch models
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory c

[ more ]  [ reply ]
APPLE-SA-2016-09-20-4 macOS Server 5.2 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-4 macOS Server 5.2

macOS Server 5.2 is now available and addresses the following:

apache
Available for: macOS 10.12 Sierra
Impact: A remote attacker may be able to proxy traffic through an
arbitrary server
Description: An issue

[ more ]  [ reply ]
APPLE-SA-2016-09-20-3 iOS 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-3 iOS 10

The iOS 10 advisory has been updated to include additional entries as
noted below.

AppleMobileFileIntegrity
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: A

[ more ]  [ reply ]
APPLE-SA-2016-09-20-2 Safari 10 2016-09-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-20-2 Safari 10

Safari 10 is now available and addresses the following:

Safari Reader
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS 10.12 Sierra
Impact: Enabling the Safari Reader feature on a maliciousl

[ more ]  [ reply ]
ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability 2016-09-20
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-093

CVE Identifier: CVE-2016-0925

Severity Rating: CVSS v3 Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

[ more ]  [ reply ]
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

EMC Identifier: ESA-2016-096

CVE Identifier: CVE-2016-0917

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affec

[ more ]  [ reply ]
ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities 2016-09-19
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities

EMC Identifier: ESA-2016-065

CVE Identifier: CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921

Severity Rating: See below for indi

[ more ]  [ reply ]
Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer) 2016-09-18
ML (marialemos72 gmail com)
*
** Apologize if you receive multiple copies of this email, or if its content is irrelevant for you.
*
** Please forward for your contacts. Thank you very much!
*

---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto santo Isalnd, Madeira, Portugal
11th-13th

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
Apologies for the duplicate, this report has a correction over the previous version sent earlier.

#######################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affec

[ more ]  [ reply ]
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell 2016-09-16
Flavio Junqueira (fpj apache org)
############################################################
CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell

Severity: moderate

Vendor:
The Apache Software Foundation

Versions Affected:
ZooKeeper 3.4.0 to 3.4.8
ZooKeeper 3.5.0 to 3.5.2
The unsupported ZooKeeper 1.x through 3

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-259-01) 2016-09-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-259-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3669-1] tomcat7 security update 2016-09-15
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3669-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 15, 2016

[ more ]  [ reply ]
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities 2016-09-15
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:

? RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5

? RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

[ more ]  [ reply ]
Cisco EPC 3925 Multiple Vulnerabilities 2016-09-15
msg patrykbogdan com
# Title: Cisco EPC 3925 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco EPC3925 (EuroDocsis 3.0 2-PORT Voice Gateway)
# Date: 15.09.2016
# Author: Patryk Bogdan

========

Vulnerability list:
1. HTTP Response Injection via 'Lang' Cookie
2. DoS via 'Lang' Cook

[ more ]  [ reply ]
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936] 2016-09-14
research nightwatchcybersecurity com
Original at:
https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-tr
ansmission-of-data-in-android-applications-developed-with-adobe-air-cve-
2016-6936/

Summary

Android applications developed with Adobe AIR send data back to Adobe servers without HTTPS while running. This can allow

[ more ]  [ reply ]
APPLE-SA-2016-09-14-1 iOS 10.0.1 2016-09-14
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-09-14-1 iOS 10.0.1

iOS 10.0.1 is now available and addresses the following:

Kernel
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An application may be able to disclose k

[ more ]  [ reply ]
[SECURITY] [DSA 3666-1] mysql-5.5 security update 2016-09-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3666-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 14, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052577
11

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05257711
Version: 1

HPSBST03640 rev.1 - HP XP7 C

[ more ]  [ reply ]
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure 2016-09-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052693
56

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05269356
Version: 1

HPSBGN03572 rev.1 - HPE Perf

[ more ]  [ reply ]
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability

EMC Identifier: ESA-2016-108

CVE Identifier: CVE-2016-6644

Severity Rating: CVSS v3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected products:

EMC Documen

[ more ]  [ reply ]
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities 2016-09-13
EMC Product Security Response Center (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities

EMC Identifier: ESA-2016-104

CVE Identifier: CVE-2016-0922, CVE-2016-6641, CVE-2016-6642, CVE-2016-6643

Severity Rating: CVSS v3 Base Score: See below for CVSSv3 scores for individual CVE

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released 2016-09-13
Brian Demers (bdemers apache org)
The Shiro team is pleased to announce the release of Apache Shiro version 1.3.2.

This security release contains 1 fix since the 1.3.1 release and is
available for Download now [1].

CVE-2016-6802:
Apache Shiro before 1.3.2, when using a non-root servlet context path,
specifically craft

[ more ]  [ reply ]
Multiple DoS vulnerabilities in libosip2-4.1.0 2016-09-13
bshastry sec t-labs tu-berlin de
Antisip's libosip2 v4.1.0 is vulnerable to heap buffer overflows in the following functions while parsing SIP messages and leads to a DoS if glibc hardening is enabled.
1. *osip_body_to_str*
2. *_osip_message_to_str*

All files for reproducing the issues have been filed in the bug tracker [1][2] and

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 (2) 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX Guard
Vendor: OX Software GmbH

Internal reference: 47878 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 2.4.2 and earlier
Vulnerable component: guard
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.4.0-rev11, 2.4.2-rev5
Rese

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-09-13 2016-09-13
Martin Heiland (martin heiland lists open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 46484 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.2 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev46, 7.6.3-re

[ more ]  [ reply ]
AST-2016-007: RTP Resource Exhaustion 2016-09-08
Asterisk Security Team (security asterisk org)
Asterisk Project Security Advisory - AST-2016-007

Product Asterisk
Summary RTP Resource Exhaustion
Nature of Advisory Denial of Service

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-252-01) 2016-09-08
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-252-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1948

Release Date:
=============
2016-09-08

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability 2016-09-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Picosmos Shows v1.6.0 - Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1936

Release Date:
=============
2016-09-05

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability 2016-09-07
Dawid Golunski (dawid legalhackers com)
Vulnerability: Adobe ColdFusion <= 11 XXE Injection
CVE: CVE-2016-4264
Vendor ID: APSB16-30
Discovered by: Dawid Golunski (http://legalhackers.com)

Adobe ColdFusion in versions 11 and below is vulnerable to XXE
Injection when processing untrusted office documents.

Depending on a web application's

[ more ]  [ reply ]
CVE-2016-6920 ffmpeg exr file Heap Overflow 2016-09-07
unlimitsec gmail com
=======

Product: ffmpeg
Affected Versions: <= 3.1.2
Vulnerability Type: Heap Overflow
Security Risk: High
Credit: Yaoguang Chen of Aliapy unLimit Security Team

Introduction
============

$ ffmpeg_debug_312/bin/ffmpeg -i tiled_with_deeptile_type.exr -y xx.png
ffmpeg version 3.1.2 Copyright (c) 20

[ more ]  [ reply ]
Infoblox Cross-site scripting vulnerabilities 2016-09-06
alex_haynes outlook com
Exploit Title: Infoblox Cross-site scripting vulnerabilities
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Ad

[ more ]  [ reply ]
[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting 2016-09-06
alex_haynes outlook com
Exploit Title: [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting vulnerability
Product: Infoblox Network Automation
Vulnerable Versions: 7.0.1 and all previous versions
Tested Version: 6.9.2
Advisory Publication: 06/09/2016
Vulnerability Type: [CWE-113:] Improper Neutraliz

[ more ]  [ reply ]
[SECURITY] [DSA 3661-1] charybdis security update 2016-09-06
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3661-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2016

[ more ]  [ reply ]
Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation 2016-09-04
ZeroDay (zeroday contextis co uk)
Title: Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
Affected Software: BMC BladeLogic Server Automation for Linux <= 8.7
CVSSv2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Reference: CVE-

[ more ]  [ reply ]
[SECURITY] [DSA 3659-1] linux security update 2016-09-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3659-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 04, 2016

[ more ]  [ reply ]
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB 2016-09-04
Roee Hay (roeehay gmail com)
Vulnerable versions:
================
Android 6.0.0 MDA89E through 6.0.1 MMB29V (bootloaders bhz10i/k)

Non-vulnerable versions:
====================
Android 6.0.1 MHC19J (bootloader bhz10m) and above.

Details:
======
The attacker reboots the phone into the 'fastboot' mode. A physical
attacker can

[ more ]  [ reply ]
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability 2016-09-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1935

Release Date:
=============
2016-09-01

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability

Advisory ID: cisco-sa-20160831-spa

Revision 1.0

For Public Release: 2016 August 31 16:00 GMT

+-----------------------------------------------------------------------
--

Summary

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160831-sps3

Revision 1.0

For Public Release 2016 August 31 16:00 UTC (GMT)

+---------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution 2016-08-31
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160831-meetings-player

Revision 1.0

For Public Release 2016 August 31 16:00 UTC (GMT)

+----------------------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS) 2016-08-31
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052498
33

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05249833
Version: 1

HPSBGN03637 rev.1 - HP Opera

[ more ]  [ reply ]
[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information 2016-08-30
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052497
60

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05249760
Version: 1

HPSBHF03641 rev.1 - HPE Inte

[ more ]  [ reply ]
[slackware-security] kernel (SSA:2016-242-01) 2016-08-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] kernel (SSA:2016-242-01)

New kernel packages are available for Slackware 14.1 to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/linux-3.10.103/*: Upg

[ more ]  [ reply ]
[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information 2016-08-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052473
75

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05247375
Version: 1

HPSBGN03638 rev.1 - HPE Remo

[ more ]  [ reply ]
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 2016-08-26
submit cxsec org
------------------------------------------------------------------------
--------
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
Credit: Maksymilian Arciemowicz from CXSECURITY.COM
URL: https://cxsecurity.com/issue/WLB-2016080232
---------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3654-1] quagga security update 2016-08-26
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3654-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 26, 2016

[ more ]  [ reply ]
Necroscan <= v0.9.1 Buffer Overflow 2016-08-26
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NECROSCAN-BUFFER-OVERFLOW.txt

[+] ISR: ApparitionSec

Vendor:
===================
nscan.hypermart.net

Product:
======================================
NECROSOFT

[ more ]  [ reply ]
[SECURITY] [DSA 3652-1] imagemagick security update 2016-08-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3652-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 25, 2016

[ more ]  [ reply ]
APPLE-SA-2016-08-25-1 iOS 9.3.5 2016-08-25
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-08-25-1 iOS 9.3.5

iOS 9.3.5 is now available and addresses the following:

Kernel
Available for: iPhone 4s and later, iPad 2 and later, iPod touch (5th generation) and later
Impact: An application may be able to disclose kernel memory
D

[ more ]  [ reply ]
SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise 2016-08-25
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160825-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus GroupWise
vulnerable version: GroupWise 2014 R2 (<=SP1)
GroupWis

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0005 2016-08-25
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0005
------------------------------------------------------------------------

Date reported : August 25, 2016
Advisory ID : WSA-2016-0005
Advisory

[ more ]  [ reply ]
nullcon 8-bit Call for Papers is open 2016-08-24
nullcon (nullcon nullcon net)
Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and

[ more ]  [ reply ]
[slackware-security] gnupg (SSA:2016-236-01) 2016-08-23
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+------------------------

[ more ]  [ reply ]
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities 2016-08-20
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052407
31

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05240731
Version: 1

HPSBNS03635 rev.1 - HPE NonS

[ more ]  [ reply ]
Path traversal vulnerability in WordPress Core Ajax handlers 2016-08-20
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------------------

[ more ]  [ reply ]
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client 2016-08-19
Florian Bogner (florian bogner sh)
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version

[ more ]  [ reply ]
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-08-18
Justin Bull (me justinbull ca)
Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest p

[ more ]  [ reply ]
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-055] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-055
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

dvisory ID: SYSS-2016-051
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solu

[ more ]  [ reply ]
[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-053
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Arbitrary file overwrite (CWE-23)
Risk Level: High
Solution St

[ more ]  [ reply ]
[SYSS-2016-052] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access 2016-08-18
Andrew Klaus (andrewklaus gmail com)
### Device Details
Vendor: Actiontec (Telus Branded)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manu
al.pdf
Reported: November 2015
Status: Fixed on T2200

[ more ]  [ reply ]
[SECURITY] [DSA 3650-1] libgcrypt20 security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3650-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3649-1] gnupg security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3649-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-asa-snmp

Revision: 1.0

For Public Release: 2016 August 17 18:45 UTC (GMT)
+--------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Firepower Management Center Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160817-fmc

Revision 1.0

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

+--------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-apic

Revision 1.0

Published: 2016 August 17 16:00 GMT
+------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Firepower Management Center Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20160817-firepower

Revision 1.0:

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

A vulnerability in the web-based GUI of Cisco Firepower Manag

[ more ]  [ reply ]
[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) 2016-08-17
Micha Borrmann (micha borrmann syss de)
Advisory ID: SYSS-2016-067
Product: Access Manager iManager
Manufacturer: NetIQ
Affected Version(s): 2.7.7.5, 2.7.7.6
Tested Version(s): 2.7.7.5
Vulnerability Type: Temporary Second Order Cross-Site Scripting (CWE-79)
Risk Level: Low
Solution Status: Fixed
Solution Date: 2016-07
Public Disclosure: 2

[ more ]  [ reply ]
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported:

[ more ]  [ reply ]
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC â?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent:

[ more ]  [ reply ]
Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS 2.2.0 / 2

[ more ]  [ reply ]
Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAV
ERSAL.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS

[ more ]  [ reply ]
[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236950

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236950
Version: 1

HPSBHF03441 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05237578

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05237578
Version: 1

HPSBGN03634 r

[ more ]  [ reply ]
(Page 17 of 524)  < Prev  12 13 14 15 16 17 18 19 20 21 22  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus