Colapse all |
Post message
[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information 2016-08-15 security-alert hpe com Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------- [ more ] [ reply ] Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting in Link Library WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Link Library WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ A [ more ] [ reply ] Ajax Load More Local File Inclusion vulnerability 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Ajax Load More Local File Inclusion vulnerability ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstr [ more ] [ reply ] Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016 ------------------------------------------------------ [ more ] [ reply ] Cross-Site Scripting vulnerability in Google Maps WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Maps WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016 ------------------------------------------------------------ [ more ] [ reply ] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images ------------------------------------------------------------------------ Umit Aksu, July 2016 --------------------------------------------- [ more ] [ reply ] Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin ------------------------------------------------------------------------ Umit Aksu, July 2016 -------------------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images ------------------------------------------------------------------------ Umit Aksu, July 2016 ----------------------------------------------- [ more ] [ reply ] Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries 2016-08-15 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries ------------------------------------------------------------------------ Umit Aksu, July 2016 ------------------------------------------ [ more ] [ reply ] Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass 2016-08-15 reggie dodd30 gmail com [TITLE] Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass [CREDITS & AUTHORS] Reginald Dodd https://www.linkedin.com/in/reginalddodd [VENDOR & PRODUCT] Taser International Inc. Axon Dock - Body-Worn Camera Docking Station https://www.axon.io/products/dock [SUMMARY] T [ more ] [ reply ] PayPal Inc BB #127 - 2FA Bypass Vulnerability 2016-08-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc BB #127 - 2FA Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1903 Release Date: ============= 2016-08-12 Vulnerability Laboratory ID (VL-ID): ==================================== 1903 [ more ] [ reply ] Stash v1.0.3 CMS - SQL Injection Vulnerability 2016-08-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Stash v1.0.3 CMS - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1899 Release Date: ============= 2016-08-10 Vulnerability Laboratory ID (VL-ID): ==================================== 189 [ more ] [ reply ] Linksys E2500 and E1200 (Unauth Command Injection) 2016-08-14 samhuntley84 gmail com Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an attacker to change the control the device remotely. Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command injection attack [ more ] [ reply ] Linksys E1200 and E2500 (Missing authorization on parental control) 2016-08-14 samhuntley84 gmail com Linksys E1200 hardware version 2.2 and firmware version 2.0.07 (build 2) suffer from missing authorization control on parental control page. This allows an attacker to change the parental controls set up by parents to keep kids safe from visiting adult sites and probably compromise a kid?s device [ more ] [ reply ] Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 2016-08-15 tal argoni (talargoni gmail com) OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13 hamedizadi gmail com ########################### # OpenCart 2.0.3.1 Cross Site Scripting Vulnerability ########################### Information -------------------- Author: Hamed Izadi Email: array("hamedizadi", "@", "gmail", ".com"); Name: XSS Vulnerability in OpenCart Affected Software : OpenCart Affected Versions: [ more ] [ reply ] OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13 hamedizadi gmail com ########################### # OpenCart 2.0.3.1 Cross Site Scripting Vulnerability ########################### Information -------------------- Author: Hamed Izadi Email: ("hamedizadi", "@", "gmail", ".com"); Name: XSS Vulnerability in OpenCart Affected Software : OpenCart Affected Versions: v2.0 [ more ] [ reply ] OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13 hamedizadi gmail com ########################### # OpenCart 2.0.3.1 Cross Site Scripting Vulnerability ########################### Information -------------------- Author: Hamed Izadi Email: ("hamedizadi", "@", "gmail", ".com"); Name: XSS Vulnerability in OpenCart Affected Software : OpenCart Affected Versions: v2.0 [ more ] [ reply ] WSO2-CARBON v4.4.5 CSRF / DOS 2016-08-13 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.t xt [+] ISR: ApparitionSec Vendor: ============ www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 Carbon is the core p [ more ] [ reply ] WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT 2016-08-13 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT -XSS-COOKIE-THEFT.txt [+] ISR: ApparitionSec Vendor: ============= www.wso2.com Product: ================== Ws02Carbon v4.4.5 WSO2 [ more ] [ reply ] WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION 2016-08-13 apparitionsec gmail com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE -INCLUSION.txt [+] ISR: ApparitionSec Vendor: =============== www.wso2.com Product: ==================== Ws02Carbon v4.4.5 WSO2 Car [ more ] [ reply ] WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity 2016-08-13 hyp3rlinx lycos com [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-X ML-External-Entity.txt [+] ISR: ApparitionSec Vendor: ============= www.wso2.com Product: ============================ Wso2 Identity [ more ] [ reply ] [security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-08-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05206507 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05206507 Version: 2 HPSBGN03630 r [ more ] [ reply ] [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) 2016-08-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05232730 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05232730 Version: 1 HPSBHF03440 r [ more ] [ reply ] [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12 Maxim Solodovnik (solomax666 gmail com) Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS. All users are recommended to upgrade to Ap [ more ] [ reply ] Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, several of Microsoft's Sysinternals utilities extract executables to %TEMP% and run them from there; the extracted executables are vulnerable to DLL hijacking, allowing arbitrary code execution in every user account and escalation of privilege in "protected administrator" accounts [*]. * C [ more ] [ reply ] [SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11 Salvatore Bonaccorso (carnil debian org) Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11 Rv3Lab.org (research rv3lab org) ################################################### 01. ### Advisory Information ### Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Date published: n/a Date of last update: n/a Vendors contacted: ColoradoFTP author Sergei Abramov Discovered by: Rv3Laboratory [ more ] [ reply ] QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1895 Release Date: ============= 2016-08-11 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Microsoft Education - Stored Cross Site Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1897 Release Date: ============= 2016-08-10 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP Release mode: Coordinated release 2. V [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20160810-iosxr Revision 1.0 For Public Release 2016 August 10 16:00 GMT +------ [ more ] [ reply ] Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Internet Explorer iframe sandbox local file name disclosure vulnerability ------------------------------------------------------------------------ Yorick Koster, March 2016 ----------------------------------------------------- [ more ] [ reply ] Nagios NA v2.2.1 XSS 2016-08-09 hyp3rlinx lycos com [+] Credits: John Page -HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt [+] ISR: ApparitionSec Vendor: =============== www.nagios.com Product: ============================== Nagios Network Analyzer v2.2.1 Net [ more ] [ reply ] Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08 mehta himanshu21 gmail com Aloha, Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by ?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this DLL [ more ] [ reply ] Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1894 Release Date: ============= 2016-08-09 Vulnerability Laboratory ID (VL-ID): ==== [ more ] [ reply ] FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1842 Fortinet PSIRT ID: 1737213 Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVo [ more ] [ reply ] Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1896 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID (VL-ID): ========= [ more ] [ reply ] AirSnort v0.2.7 Stack Corruption DOS 2016-08-09 hyp3rlinx lycos com [+] Credits: Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS .txt [+] ISR: ApparitionSec Vendor: ================================== sourceforge.net/projects/airsnort/ Product: =============== AirSnort v0.2. [ more ] [ reply ] Any Video Converter DLL Hijack 2016-08-09 hyp3rlinx lycos com [+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJAC K.txt [+] ISR: ApparitionSec Vendor: =========================== www.any-video-converter.com Product: ==================================== AVCS [ more ] [ reply ] Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016 -------------------------------------------------- [ more ] [ reply ] Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09 hyp3rlinx lycos com [+] Credits: John Page -hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSR F.txt [+] ISR: ApparitionSec Vendor: =============== www.nagios.com Product: ============================== Nagios Network Analyzer v [ more ] [ reply ] [SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09 Michael Gilbert (mgilbert debian org) [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08 Pedro Ribeiro (pedrib gmail com) tl;dr RCE, file download, weak encryption and user impersonation, all of which can be exploited by an unauthenticated attacker in WebNMS Framework 5.2 and 5.2 SP1. A special thanks to Beyond Security and their SSD program, which helped disclose the vulnerabilities. See their advisory at https://bl [ more ] [ reply ] ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability EMC Identifier: ESA-2016-070 CVE Identifier: CVE-2016-0915 Severity Rating: CVSS v3 Base Score: 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H [ more ] [ reply ] [SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08 Salvatore Bonaccorso (carnil debian org) phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1898 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1 [ more ] [ reply ] vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08 Dawid Golunski (dawid legalhackers com) vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local n [ more ] [ reply ] [slackware-security] openssh (SSA:2016-219-03) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2016-219-03) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] curl (SSA:2016-219-01) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2016-219-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [slackware-security] stunnel (SSA:2016-219-04) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] stunnel (SSA:2016-219-04) New stunnel packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2016-219-02) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-219-02) New mozilla-firefox packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packa [ more ] [ reply ] [SECURITY] [DSA 3643-1] kde4libs security update 2016-08-06 Salvatore Bonaccorso (carnil debian org) Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability 2016-08-05 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016 ------------------------------ [ more ] [ reply ] DLL side loading vulnerability in VMware Host Guest Client Redirector 2016-08-05 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ DLL side loading vulnerability in VMware Host Guest Client Redirector ------------------------------------------------------------------------ Yorick Koster, December 2015 ------------------------------------------------------ [ more ] [ reply ] Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05 Tim Kretschmann (tim kretschmann pallas com) Application: Sophos Mobile Control EAS Proxy Versions Affected: 3.5.0.3 Vendor URL: https://www.sophos.com/ Bugs: Open Reverse Proxy Sent: 30.06.2016 Reported: 05.07.2016 Vendor response: 13.07.2016 Published BugFix by vendor: 28.07.2016 Date of Public Advisory: 05.08.2016 Reference: Sophos Case #6 [ more ] [ reply ] Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597) 2016-08-05 Tim Kretschmann (tim kretschmann pallas com) Application: Sophos Mobile Control EAS Proxy Versions Affected: 3.5.0.3 Vendor URL: https://www.sophos.com/ Bugs: Open Reverse Proxy Sent: 30.06.2016 Reported: 05.07.2016 Vendor response: 13.07.2016 Published BugFix by vendor: 28.07.2016 Date of Public Advisory: 05.08.2016 Reference: Sophos Case #6 [ more ] [ reply ] Subrion v4.0.5 CMS - SQL Injection Vulnerability 2016-08-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Subrion v4.0.5 CMS - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1893 Release Date: ============= 2016-08-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1 [ more ] [ reply ] FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities 2016-08-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1735 Release Date: ============= 2016-08-05 Vulnerability Laboratory ID (VL-ID): ==================== [ more ] [ reply ] Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability 2016-08-05 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1889 Release Date: ============= 2016-08-03 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] [0day] net2ftp multiple XSS on unauthenticated users 2016-08-05 Jacobo Avariento (jacobo sofistic com) *Summary* Subject: net2ftp XSS in "command" and "url_withpw" parameters Versions vulnerable: ALL (Tested on latest, version 1.0) Category: 0-day Impact: Medium *Description of the product* net2ftp is a web based FTP client (_http://www.net2ftp.com/index.php_ <http://www.net2ftp.com/index.php>) [ more ] [ reply ] Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin 2016-08-04 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016 --------------------------------------------------- [ more ] [ reply ] Cross-Site Scripting in Count per Day WordPress Plugin 2016-08-04 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Count per Day WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] Cross-Site Scripting in FormBuilder WordPress Plugin 2016-08-04 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in FormBuilder WordPress Plugin ------------------------------------------------------------------------ Peter Ganzevles, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin 2016-08-04 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin ------------------------------------------------------------------------ Job Diesveld, July 2016 --------------------------------------------------------- [ more ] [ reply ] Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04 Pedro Ribeiro (pedrib gmail com) (1 replies) tl;dr Lots of RCE, hardcoded credentials, stack buffer overflow and information disclosure in the Nuuo NVRmini and other network video recorders of the same vendor. These vulnerabilities also affect the NETGEAR Surveillance app (which can be installed on the NETGEAR ReadyNAS). See the full [ more ] [ reply ] Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04 Pedro Ribeiro (pedrib gmail com) Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability 2016-08-04 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability Advisory ID: cisco-sa-20160804-wedge Revision 1.0 For Public Release 2016 August 4 16:00 GMT +-------------------------------------- [ more ] [ reply ] [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection 2016-08-04 klaus eisentraut syss de Advisory ID: SYSS-2016-065 Product: NASdeluxe NDL-2400r Vendor: Starline Computer GmbH Affected Version(s): 2.01.10 Tested Version(s): 2.01.09 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status: no fix (product has reached EOL since 3 years) Vendor Notification: 2016 [ more ] [ reply ] FortiManager (Series) - (Bookmark) Persistent Vulnerability 2016-08-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FortiManager (Series) - (Bookmark) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1685 Fortinet PSIRT ID: 1624461 Release Notes 1: http://docs.fortinet.com/uploaded/files/2499/fortios-5.0.12-r [ more ] [ reply ] FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability 2016-08-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1686 Fortinet PSIRT ID: 1624489 Release Notes 1: http://docs.fortinet.com/uploaded/files [ more ] [ reply ] Cross-Site Scripting in WordPress Landing Pages Plugin 2016-08-03 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in WordPress Landing Pages Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] Cross-Site Scripting in Activity Log WordPress Plugin 2016-08-03 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Activity Log WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ A [ more ] [ reply ] Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin 2016-08-03 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016 ------------------------------------------- [ more ] [ reply ] Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability 2016-08-03 Secunia Research (remove-vuln secunia com) [security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF) 2016-08-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05219560 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05219560 Version: 1 HPSBGN03633 r [ more ] [ reply ] Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability 2016-08-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160803-rv180_2 Revision 1.0 For Public Release 2016 August 3 16:00 UTC (GMT) +---------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability 2016-08-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability Advisory ID: cisco-sa-20160803-rv180_1 Revision 1.0 For Public Release 2016 August 3 16:00 UTC (GMT) +------------------------ [ more ] [ reply ] Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability 2016-08-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability Advisory ID: cisco-sa-20160803-rv110_130w2 Revision 1.0 For Public Release 2016 August 3 16:00 UTC (GMT) +--------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability 2016-08-03 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability Advisory ID: cisco-sa-20160803-ucm Revision 1.0 For Public Release 2016 August 3 16:00 UTC (GMT) +----------- [ more ] [ reply ] [SECURITY] [DSA 3639-1] wordpress security update 2016-08-03 Salvatore Bonaccorso (carnil debian org) WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5 2016-08-03 Maria Lemos (marialemos72 gmail com) -- ----- --------- WorldCIST'17 - 5th World Conference on Information Systems and Technologies Porto Santo Island, Madeira, Portugal 11th-13th of April 2017 http://www.worldcist.org/ ------------------------------------------- WORKSHOP FORMAT The Information Systems and Technologies research and [ more ] [ reply ] Arbitrary File Content Disclosure in Atutor 2016-08-02 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23297 Product: Atutor Vendor: Atutor Vulnerable Version(s): 2.2.1 and probably prior Tested Version: 2.2.1 Advisory Publication: February 24, 2016 [without technical details] Vendor Notification: February 24, 2016 Vendor Patch: July 1, 2016 Public Disclosure: August 2, 2016 Vuln [ more ] [ reply ] Cross-Site Scripting in WangGuard WordPress Plugin 2016-08-02 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in WangGuard WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abst [ more ] [ reply ] Cross-Site Scripting in Uji Countdown WordPress Plugin 2016-08-02 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Scripting in Uji Countdown WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ [ more ] [ reply ] WinSaber - Unquoted Service Path Privilege Escalation 2016-08-02 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WinSaber - Unquoted Service Path Privilege Escalation References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1879 Release Date: ============= 2016-07-29 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities 2016-08-02 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1882 Release Date: ============= 2016-08-01 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability 2016-08-02 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1888 Video: http://www.vulnerability-lab.com/get_content.php?id=1892 Release Date: =========== [ more ] [ reply ] |
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236212
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05236212
Version: 1
HPSBST03629 r
[ more ] [ reply ]