|
|
Colapse all |
Post message
[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-08-12 security-alert hpe com [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS) 2016-08-12 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05232730 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05232730 Version: 1 HPSBHF03440 r [ more ] [ reply ] [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel 2016-08-12 Maxim Solodovnik (solomax666 gmail com) Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS. All users are recommended to upgrade to Ap [ more ] [ reply ] Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP% 2016-08-11 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, several of Microsoft's Sysinternals utilities extract executables to %TEMP% and run them from there; the extracted executables are vulnerable to DLL hijacking, allowing arbitrary code execution in every user account and escalation of privilege in "protected administrator" accounts [*]. * C [ more ] [ reply ] [SECURITY] [DSA 3646-1] postgresql-9.4 security update 2016-08-11 Salvatore Bonaccorso (carnil debian org) Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) 2016-08-11 Rv3Lab.org (research rv3lab org) ################################################### 01. ### Advisory Information ### Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Date published: n/a Date of last update: n/a Vendors contacted: ColoradoFTP author Sergei Abramov Discovered by: Rv3Laboratory [ more ] [ reply ] QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability 2016-08-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1895 Release Date: ============= 2016-08-11 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] Microsoft Education - Stored Cross Site Web Vulnerability 2016-08-11 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Microsoft Education - Stored Cross Site Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1897 Release Date: ============= 2016-08-10 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities 2016-08-10 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP Release mode: Coordinated release 2. V [ more ] [ reply ] Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2016-08-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20160810-iosxr Revision 1.0 For Public Release 2016 August 10 16:00 GMT +------ [ more ] [ reply ] Internet Explorer iframe sandbox local file name disclosure vulnerability 2016-08-09 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Internet Explorer iframe sandbox local file name disclosure vulnerability ------------------------------------------------------------------------ Yorick Koster, March 2016 ----------------------------------------------------- [ more ] [ reply ] Nagios NA v2.2.1 XSS 2016-08-09 hyp3rlinx lycos com [+] Credits: John Page -HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-XSS.txt [+] ISR: ApparitionSec Vendor: =============== www.nagios.com Product: ============================== Nagios Network Analyzer v2.2.1 Net [ more ] [ reply ] Notepad++6.9.2 DLL Hijacking Vulnerability 2016-08-08 mehta himanshu21 gmail com Aloha, Notepad++ contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to some DLL file is loaded by ?npp.6.9.2.Installer.exe? improperly. And it allows an attacker to load this DLL [ more ] [ reply ] Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1894 Release Date: ============= 2016-08-09 Vulnerability Laboratory ID (VL-ID): ==== [ more ] [ reply ] FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1842 Fortinet PSIRT ID: 1737213 Release Notes: http://docs.fortinet.com/uploaded/files/3081/fortiVo [ more ] [ reply ] Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability 2016-08-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1896 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID (VL-ID): ========= [ more ] [ reply ] AirSnort v0.2.7 Stack Corruption DOS 2016-08-09 hyp3rlinx lycos com [+] Credits: Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AIRSNORT-STACK-CORRUPTION-DOS .txt [+] ISR: ApparitionSec Vendor: ================================== sourceforge.net/projects/airsnort/ Product: =============== AirSnort v0.2. [ more ] [ reply ] Any Video Converter DLL Hijack 2016-08-09 hyp3rlinx lycos com [+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ANY-VIDEO-CONVERTER-DLL-HIJAC K.txt [+] ISR: ApparitionSec Vendor: =========================== www.any-video-converter.com Product: ==================================== AVCS [ more ] [ reply ] Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin 2016-08-08 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016 -------------------------------------------------- [ more ] [ reply ] Nagios Network Analyzer v2.2.1 Multiple CSRF 2016-08-09 hyp3rlinx lycos com [+] Credits: John Page -hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAGIOS-NA-v2.2.1-MULTIPLE-CSR F.txt [+] ISR: ApparitionSec Vendor: =============== www.nagios.com Product: ============================== Nagios Network Analyzer v [ more ] [ reply ] [SECURITY] [DSA 3645-1] chromium-browser security update 2016-08-09 Michael Gilbert (mgilbert debian org) [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1 2016-08-08 Pedro Ribeiro (pedrib gmail com) tl;dr RCE, file download, weak encryption and user impersonation, all of which can be exploited by an unauthenticated attacker in WebNMS Framework 5.2 and 5.2 SP1. A special thanks to Beyond Security and their SSD program, which helped disclose the vulnerabilities. See their advisory at https://bl [ more ] [ reply ] ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability 2016-08-08 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability EMC Identifier: ESA-2016-070 CVE Identifier: CVE-2016-0915 Severity Rating: CVSS v3 Base Score: 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H [ more ] [ reply ] [SECURITY] [DSA 3644-1] fontconfig security update 2016-08-08 Salvatore Bonaccorso (carnil debian org) phpCollab v2.5 CMS - SQL Injection Vulnerability 2016-08-08 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1898 Release Date: ============= 2016-08-08 Vulnerability Laboratory ID (VL-ID): ==================================== 1 [ more ] [ reply ] vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) 2016-08-08 Dawid Golunski (dawid legalhackers com) vBulletin CVE-2016-6483 vBulletin software is affected by a SSRF vulnerability that allows unauthenticated remote attackers to access internal services (such as mail servers, memcached, couchDB, zabbix etc.) running on the server hosting vBulletin as well as services on other servers on the local n [ more ] [ reply ] [slackware-security] openssh (SSA:2016-219-03) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2016-219-03) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] [slackware-security] curl (SSA:2016-219-01) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2016-219-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [slackware-security] stunnel (SSA:2016-219-04) 2016-08-06 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] stunnel (SSA:2016-219-04) New stunnel packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------- [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05206507
Version: 2
HPSBGN03630 r
[ more ] [ reply ]