BugTraq Mode:
(Page 18 of 525)  < Prev  13 14 15 16 17 18 19 20 21 22 23  Next >
Path traversal vulnerability in WordPress Core Ajax handlers 2016-08-20
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------------------------------------

[ more ]  [ reply ]
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client 2016-08-19
Florian Bogner (florian bogner sh)
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version

[ more ]  [ reply ]
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-08-18
Justin Bull (me justinbull ca)
Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest p

[ more ]  [ reply ]
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-055] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-055
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

dvisory ID: SYSS-2016-051
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solu

[ more ]  [ reply ]
[SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Ri

[ more ]  [ reply ]
[SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: H

[ more ]  [ reply ]
[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-053
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Arbitrary file overwrite (CWE-23)
Risk Level: High
Solution St

[ more ]  [ reply ]
[SYSS-2016-052] QNAP QTS - OS Command Injection 2016-08-18
bugtraq nerz syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status

[ more ]  [ reply ]
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access 2016-08-18
Andrew Klaus (andrewklaus gmail com)
### Device Details
Vendor: Actiontec (Telus Branded)
Model: T2200H (but likely affecting other similar models of theirs)
Affected Firmware: T2200H-31.128L.03
Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manu
al.pdf
Reported: November 2015
Status: Fixed on T2200

[ more ]  [ reply ]
[SECURITY] [DSA 3650-1] libgcrypt20 security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3650-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3649-1] gnupg security update 2016-08-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3649-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 17, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-asa-snmp

Revision: 1.0

For Public Release: 2016 August 17 18:45 UTC (GMT)
+--------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Firepower Management Center Remote Command Execution Vulnerability

Advisory ID: cisco-sa-20160817-fmc

Revision 1.0

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

+--------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-apic

Revision 1.0

Published: 2016 August 17 16:00 GMT
+------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability 2016-08-17
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Firepower Management Center Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20160817-firepower

Revision 1.0:

For Public Release: 2016 August 17 16:00 GMT

Summary
=======

A vulnerability in the web-based GUI of Cisco Firepower Manag

[ more ]  [ reply ]
[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) 2016-08-17
Micha Borrmann (micha borrmann syss de)
Advisory ID: SYSS-2016-067
Product: Access Manager iManager
Manufacturer: NetIQ
Affected Version(s): 2.7.7.5, 2.7.7.6
Tested Version(s): 2.7.7.5
Vulnerability Type: Temporary Second Order Cross-Site Scripting (CWE-79)
Risk Level: Low
Solution Status: Fixed
Solution Date: 2016-07
Public Disclosure: 2

[ more ]  [ reply ]
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported:

[ more ]  [ reply ]
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC â?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent:

[ more ]  [ reply ]
Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS 2.2.0 / 2

[ more ]  [ reply ]
Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAV
ERSAL.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS

[ more ]  [ reply ]
[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236950

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236950
Version: 1

HPSBHF03441 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05237578

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05237578
Version: 1

HPSBGN03634 r

[ more ]  [ reply ]
[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236212

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236212
Version: 1

HPSBST03629 r

[ more ]  [ reply ]
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Link Library WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Link Library WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

A

[ more ]  [ reply ]
Ajax Load More Local File Inclusion vulnerability 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Ajax Load More Local File Inclusion vulnerability
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

Abstr

[ more ]  [ reply ]
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login
Redirect WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------

Julien Rentrop, July 2016

------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
------------------------------------------------------------------------

Julien Rentrop, July 2016

------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of images
------------------------------------------------------------------------

Umit Aksu, July 2016

---------------------------------------------

[ more ]  [ reply ]
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress
Plugin
------------------------------------------------------------------------

Umit Aksu, July 2016

--------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
adding of images
------------------------------------------------------------------------

Umit Aksu, July 2016

-----------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of galleries
------------------------------------------------------------------------

Umit Aksu, July 2016

------------------------------------------

[ more ]  [ reply ]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass 2016-08-15
reggie dodd30 gmail com
[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass

[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd

[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock - Body-Worn Camera Docking Station
https://www.axon.io/products/dock

[SUMMARY]
T

[ more ]  [ reply ]
PayPal Inc BB #127 - 2FA Bypass Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BB #127 - 2FA Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1903

Release Date:
=============
2016-08-12

Vulnerability Laboratory ID (VL-ID):
====================================
1903

[ more ]  [ reply ]
Stash v1.0.3 CMS - SQL Injection Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Stash v1.0.3 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1899

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
====================================
189

[ more ]  [ reply ]
Linksys E2500 and E1200 (Unauth Command Injection) 2016-08-14
samhuntley84 gmail com
Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an attacker to change the control the device remotely.

Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command injection attack

[ more ]  [ reply ]
Linksys E1200 and E2500 (Missing authorization on parental control) 2016-08-14
samhuntley84 gmail com


Linksys E1200 hardware version 2.2 and firmware version 2.0.07 (build 2) suffer from missing authorization control on parental control page. This allows an attacker to change the parental controls set up by parents to keep kids safe from visiting adult sites and probably compromise a kid?s device

[ more ]  [ reply ]
Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 2016-08-15
tal argoni (talargoni gmail com)
Security Advisory
CVE-ID: N/A
Topic: Reflected Cross Site Scripting (XSS) Vulnerability in
"successful registration" page
Class: Input Validation
Severity: Medium
Discovery: 2016-04-28
Vendor Notification: 2016-04-28
Vendor response: 2016-05-30
Vendor Patch:

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: array("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions:

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 CSRF / DOS 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.t
xt

[+] ISR: ApparitionSec

Vendor:
============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2 Carbon is the core p

[ more ]  [ reply ]
WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT
-XSS-COOKIE-THEFT.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION 2016-08-13
apparitionsec gmail com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE
-INCLUSION.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.wso2.com

Product:
====================
Ws02Carbon v4.4.5

WSO2 Car

[ more ]  [ reply ]
WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-X
ML-External-Entity.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.wso2.com

Product:
============================
Wso2 Identity

[ more ]  [ reply ]
[SECURITY] [DSA 3648-1] wireshark security update 2016-08-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3648-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 12, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-08-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 2

HPSBGN03630 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) 2016-08-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05232730

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05232730
Version: 1

HPSBHF03440 r

[ more ]  [ reply ]
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12
Maxim Solodovnik (solomax666 gmail com)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.1.0

Description: The value of the URL's "swf" query parameter is
interpolated into the JavaScript tag without being escaped, leading to
the reflected XSS.

All users are recommended to upgrade to Ap

[ more ]  [ reply ]
[SECURITY] [DSA 3647-1] icedove security update 2016-08-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3647-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2016

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

several of Microsoft's Sysinternals utilities extract executables
to %TEMP% and run them from there; the extracted executables are
vulnerable to DLL hijacking, allowing arbitrary code execution in
every user account and escalation of privilege in "protected
administrator" accounts [*].

* C

[ more ]  [ reply ]
[SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3646-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 11, 2016

[ more ]  [ reply ]
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11
Rv3Lab.org (research rv3lab org)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory

[ more ]  [ reply ]
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1895

Release Date:
=============
2016-08-11

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Education - Stored Cross Site Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1897

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: SAP CAR Multiple Vulnerabilities
Advisory ID: CORE-2016-0006
Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
Date published: 2016-08-09
Date of last update: 2016-08-09
Vendors contacted: SAP
Release mode: Coordinated release

2. V

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160810-iosxr

Revision 1.0

For Public Release 2016 August 10 16:00 GMT

+------

[ more ]  [ reply ]
Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Internet Explorer iframe sandbox local file name disclosure
vulnerability
------------------------------------------------------------------------

Yorick Koster, March 2016

-----------------------------------------------------

[ more ]  [ reply ]
Nagios NA v2.2.1 XSS 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v2.2.1

Net

[ more ]  [ reply ]
Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08
mehta himanshu21 gmail com
Aloha,

Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by ?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this DLL

[ more ]  [ reply ]
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1894

Release Date:
=============
2016-08-09

Vulnerability Laboratory ID (VL-ID):
====

[ more ]  [ reply ]
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1842

Fortinet PSIRT ID: 1737213

Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVo

[ more ]  [ reply ]
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1896

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
AirSnort v0.2.7 Stack Corruption DOS 2016-08-09
hyp3rlinx lycos com
[+] Credits: Hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS
.txt

[+] ISR: ApparitionSec

Vendor:
==================================
sourceforge.net/projects/airsnort/

Product:
===============
AirSnort v0.2.

[ more ]  [ reply ]
Any Video Converter DLL Hijack 2016-08-09
hyp3rlinx lycos com
[+] Credits: HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJAC
K.txt

[+] ISR: ApparitionSec

Vendor:
===========================
www.any-video-converter.com

Product:
====================================
AVCS

[ more ]  [ reply ]
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery vulnerability in Add From Server WordPress
Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

--------------------------------------------------

[ more ]  [ reply ]
Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09
hyp3rlinx lycos com
[+] Credits: John Page -hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSR
F.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.nagios.com

Product:
==============================
Nagios Network Analyzer v

[ more ]  [ reply ]
[SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3645-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
August 09, 2016

[ more ]  [ reply ]
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08
Pedro Ribeiro (pedrib gmail com)
tl;dr

RCE, file download, weak encryption and user impersonation, all of which
can be exploited by an unauthenticated attacker in WebNMS Framework 5.2
and 5.2 SP1.

A special thanks to Beyond Security and their SSD program, which helped
disclose the vulnerabilities. See their advisory at
https://bl

[ more ]  [ reply ]
ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability

EMC Identifier: ESA-2016-070

CVE Identifier: CVE-2016-0915

Severity Rating: CVSS v3 Base Score: 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

[ more ]  [ reply ]
[SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3644-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2016

[ more ]  [ reply ]
phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
phpCollab v2.5 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1898

Release Date:
=============
2016-08-08

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ]  [ reply ]
vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08
Dawid Golunski (dawid legalhackers com)
vBulletin
CVE-2016-6483

vBulletin software is affected by a SSRF vulnerability that allows
unauthenticated remote attackers to access internal services (such as mail
servers, memcached, couchDB, zabbix etc.) running on the server
hosting vBulletin as well as services on other servers on the local
n

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-219-03) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-219-03)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-219-01) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-219-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[slackware-security] stunnel (SSA:2016-219-04) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] stunnel (SSA:2016-219-04)

New stunnel packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+---------------------

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-219-02) 2016-08-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-219-02)

New mozilla-firefox packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packa

[ more ]  [ reply ]
[SECURITY] [DSA 3643-1] kde4libs security update 2016-08-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3643-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 06, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3642-1] lighttpd security update 2016-08-06
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3642-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 05, 2016

[ more ]  [ reply ]
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability 2016-08-05
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP
Object injection vulnerability
------------------------------------------------------------------------

Yorick Koster, June 2016

------------------------------

[ more ]  [ reply ]
DLL side loading vulnerability in VMware Host Guest Client Redirector 2016-08-05
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

DLL side loading vulnerability in VMware Host Guest Client Redirector
------------------------------------------------------------------------

Yorick Koster, December 2015

------------------------------------------------------

[ more ]  [ reply ]
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-063
Product: VMware vSphere Hypervisor (ESXi)
Manufacturer: VMware, Inc.
Affected Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1)
VMware vCenter Server 6.0 U2
Tested Version(s): VMware ESXi 6.0.0 buil

[ more ]  [ reply ]
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-063
Product: VMware vSphere Hypervisor (ESXi)
Manufacturer: VMware, Inc.
Affected Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1)
VMware vCenter Server 6.0 U2
Tested Version(s): VMware ESXi 6.0.0 buil

[ more ]  [ reply ]
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20) 2016-08-05
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-063
Product: VMware vSphere Hypervisor (ESXi)
Manufacturer: VMware, Inc.
Affected Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1)
VMware vCenter Server 6.0 U2
Tested Version(s): VMware ESXi 6.0.0 buil

[ more ]  [ reply ]
Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05
Tim Kretschmann (tim kretschmann pallas com)
Application: Sophos Mobile Control EAS Proxy
Versions Affected: 3.5.0.3
Vendor URL: https://www.sophos.com/
Bugs: Open Reverse Proxy
Sent: 30.06.2016
Reported: 05.07.2016
Vendor response: 13.07.2016
Published BugFix by vendor: 28.07.2016
Date of Public Advisory: 05.08.2016
Reference: Sophos Case #6

[ more ]  [ reply ]
Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05
Tim Kretschmann (tim kretschmann pallas com)
Application: Sophos Mobile Control EAS Proxy
Versions Affected: 3.5.0.3
Vendor URL: https://www.sophos.com/
Bugs: Open Reverse Proxy
Sent: 30.06.2016
Reported: 05.07.2016
Vendor response: 13.07.2016
Published BugFix by vendor: 28.07.2016
Date of Public Advisory: 05.08.2016
Reference: Sophos Case #6

[ more ]  [ reply ]
Subrion v4.0.5 CMS - SQL Injection Vulnerability 2016-08-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Subrion v4.0.5 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1893

Release Date:
=============
2016-08-04

Vulnerability Laboratory ID (VL-ID):
====================================
1

[ more ]  [ reply ]
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities 2016-08-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1735

Release Date:
=============
2016-08-05

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability 2016-08-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1889

Release Date:
=============
2016-08-03

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[0day] net2ftp multiple XSS on unauthenticated users 2016-08-05
Jacobo Avariento (jacobo sofistic com)
*Summary*

Subject: net2ftp XSS in "command" and "url_withpw" parameters

Versions vulnerable: ALL (Tested on latest, version 1.0)

Category: 0-day

Impact: Medium

*Description of the product*

net2ftp is a web based FTP client (_http://www.net2ftp.com/index.php_
<http://www.net2ftp.com/index.php>)

[ more ]  [ reply ]
(Page 18 of 525)  < Prev  13 14 15 16 17 18 19 20 21 22 23  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus