|
|
Colapse all |
Post message
WebKitGTK+ Security Advisory WSA-2016-0005 2016-08-25 Carlos Alberto Lopez Perez (clopez igalia com) nullcon 8-bit Call for Papers is open 2016-08-24 nullcon (nullcon nullcon net) Dear Hackers and Security Pros, Welcome to nullcon 8-bit! nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. We happily open doors to researchers and hackers around the world and [ more ] [ reply ] [slackware-security] gnupg (SSA:2016-236-01) 2016-08-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2016-236-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities 2016-08-20 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c052407 31 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05240731 Version: 1 HPSBNS03635 rev.1 - HPE NonS [ more ] [ reply ] Path traversal vulnerability in WordPress Core Ajax handlers 2016-08-20 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Path traversal vulnerability in WordPress Core Ajax handlers ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------- [ more ] [ reply ] Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client 2016-08-19 Florian Bogner (florian bogner sh) Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client Metadata =================================================== Release Date: 17-08-2016 Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc) Affected versions: up to ownCloud's Desktop client version [ more ] [ reply ] [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method 2016-08-18 Justin Bull (me justinbull ca) Good evening everyone, A security bulletin for all of you. Software: -------- Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper) Description: ---------- Doorkeeper is an OAuth 2 provider for Rails written in Ruby. Affected Versions: --------------- 1.2.0 - 4.1.0 (all versions but latest p [ more ] [ reply ] [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-049 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Ri [ more ] [ reply ] [SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-054 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status [ more ] [ reply ] [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-049 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Ri [ more ] [ reply ] [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-050 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Ri [ more ] [ reply ] [SYSS-2016-055] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-055 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status [ more ] [ reply ] [SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-048 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: H [ more ] [ reply ] [SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 dvisory ID: SYSS-2016-051 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: Reflected Cross-Site Scripting (CWE-79) Risk Level: Medium Solu [ more ] [ reply ] [SYSS-2016-054] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-054 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status [ more ] [ reply ] [SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-048 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: H [ more ] [ reply ] [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-050 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Ri [ more ] [ reply ] [SYSS-2016-048] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-048 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.0 Build 20160311 and Build 20160601 Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: H [ more ] [ reply ] [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-053 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: Arbitrary file overwrite (CWE-23) Risk Level: High Solution St [ more ] [ reply ] [SYSS-2016-052] QNAP QTS - OS Command Injection 2016-08-18 bugtraq nerz syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-052 Product: QNAP QTS Manufacturer: QNAP Affected Version(s): 4.2.1 Build 20160601 Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: High Solution Status [ more ] [ reply ] Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access 2016-08-18 Andrew Klaus (andrewklaus gmail com) ### Device Details Vendor: Actiontec (Telus Branded) Model: T2200H (but likely affecting other similar models of theirs) Affected Firmware: T2200H-31.128L.03 Device Manual: http://static.telus.com/common/cms/files/internet/telus_t2200h_user_manu al.pdf Reported: November 2015 Status: Fixed on T2200 [ more ] [ reply ] [SECURITY] [DSA 3650-1] libgcrypt20 security update 2016-08-17 Salvatore Bonaccorso (carnil debian org) Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability 2016-08-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160817-asa-snmp Revision: 1.0 For Public Release: 2016 August 17 18:45 UTC (GMT) +-------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability 2016-08-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Firepower Management Center Remote Command Execution Vulnerability Advisory ID: cisco-sa-20160817-fmc Revision 1.0 For Public Release: 2016 August 17 16:00 GMT Summary ======= +-------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability 2016-08-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160817-apic Revision 1.0 Published: 2016 August 17 16:00 GMT +------------------------------ [ more ] [ reply ] Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability 2016-08-17 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Firepower Management Center Privilege Escalation Vulnerability Advisory ID: cisco-sa-20160817-firepower Revision 1.0: For Public Release: 2016 August 17 16:00 GMT Summary ======= A vulnerability in the web-based GUI of Cisco Firepower Manag [ more ] [ reply ] [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79) 2016-08-17 Micha Borrmann (micha borrmann syss de) Advisory ID: SYSS-2016-067 Product: Access Manager iManager Manufacturer: NetIQ Affected Version(s): 2.7.7.5, 2.7.7.6 Tested Version(s): 2.7.7.5 Vulnerability Type: Temporary Second Order Cross-Site Scripting (CWE-79) Risk Level: Low Solution Status: Fixed Solution Date: 2016-07 Public Disclosure: 2 [ more ] [ reply ] [ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16 ERPScan inc (erpscan online gmail com) [ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC â?? Default Credentials 2016-08-16 ERPScan inc (erpscan online gmail com) |
|
Privacy Statement |
WebKitGTK+ Security Advisory WSA-2016-0005
------------------------------------------------------------------------
Date reported : August 25, 2016
Advisory ID : WSA-2016-0005
Advisory
[ more ] [ reply ]