BugTraq Mode:
(Page 19 of 525)  < Prev  14 15 16 17 18 19 20 21 22 23 24  Next >
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting vulnerability in Count per Day WordPress
Plugin
------------------------------------------------------------------------

Julien Rentrop, July 2016

---------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Count per Day WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Count per Day WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in FormBuilder WordPress Plugin 2016-08-04
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in FormBuilder WordPress Plugin
------------------------------------------------------------------------

Peter Ganzevles, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin 2016-08-04
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
------------------------------------------------------------------------

Job Diesveld, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance 2016-08-04
Pedro Ribeiro (pedrib gmail com) (1 replies)
tl;dr

Lots of RCE, hardcoded credentials, stack buffer overflow and

information disclosure in the Nuuo NVRmini and other network video

recorders of the same vendor.

These vulnerabilities also affect the NETGEAR Surveillance app (which

can be installed on the NETGEAR ReadyNAS).

See the full

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability 2016-08-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability

Advisory ID: cisco-sa-20160804-wedge

Revision 1.0

For Public Release 2016 August 4 16:00 GMT

+--------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3641-1] openjdk-7 security update 2016-08-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3641-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2016

[ more ]  [ reply ]
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection 2016-08-04
klaus eisentraut syss de
Advisory ID: SYSS-2016-065
Product: NASdeluxe NDL-2400r
Vendor: Starline Computer GmbH
Affected Version(s): 2.01.10
Tested Version(s): 2.01.09
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: no fix (product has reached EOL since 3 years)
Vendor Notification: 2016

[ more ]  [ reply ]
FortiManager (Series) - (Bookmark) Persistent Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager (Series) - (Bookmark) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1685

Fortinet PSIRT ID: 1624461

Release Notes 1: http://docs.fortinet.com/uploaded/files/2499/fortios-5.0.12-r

[ more ]  [ reply ]
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability 2016-08-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1686

Fortinet PSIRT ID: 1624489

Release Notes 1: http://docs.fortinet.com/uploaded/files

[ more ]  [ reply ]
Cross-Site Scripting in WordPress Landing Pages Plugin 2016-08-03
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in WordPress Landing Pages Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Activity Log WordPress Plugin 2016-08-03
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Activity Log WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

A

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin 2016-08-03
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in search function Activity Log
WordPress Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

-------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3640-1] firefox-esr security update 2016-08-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3640-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
August 03, 2016

[ more ]  [ reply ]
Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability 2016-08-03
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 03/08/2016

LibGD "_gdContributionsAlloc()" Integer Overflow

Denial of Service Vulnerability

===============================================================

[ more ]  [ reply ]
[security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF) 2016-08-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05219560

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05219560
Version: 1

HPSBGN03633 r

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability 2016-08-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160803-rv180_2

Revision 1.0

For Public Release 2016 August 3 16:00 UTC (GMT)

+----------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability 2016-08-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20160803-rv180_1

Revision 1.0

For Public Release 2016 August 3 16:00 UTC (GMT)

+------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability 2016-08-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability

Advisory ID: cisco-sa-20160803-rv110_130w2

Revision 1.0

For Public Release 2016 August 3 16:00 UTC (GMT)

+---------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability 2016-08-03
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability

Advisory ID: cisco-sa-20160803-ucm

Revision 1.0

For Public Release 2016 August 3 16:00 UTC (GMT)

+-----------

[ more ]  [ reply ]
[SECURITY] [DSA 3639-1] wordpress security update 2016-08-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3639-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 03, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3638-1] curl security update 2016-08-03
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3638-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
August 03, 2016

[ more ]  [ reply ]
WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5 2016-08-03
Maria Lemos (marialemos72 gmail com)
--
-----
---------
WorldCIST'17 - 5th World Conference on Information Systems and Technologies
Porto Santo Island, Madeira, Portugal
11th-13th of April 2017
http://www.worldcist.org/
-------------------------------------------

WORKSHOP FORMAT

The Information Systems and Technologies research and

[ more ]  [ reply ]
Arbitrary File Content Disclosure in Atutor 2016-08-02
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23297
Product: Atutor
Vendor: Atutor
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Advisory Publication: February 24, 2016 [without technical details]
Vendor Notification: February 24, 2016
Vendor Patch: July 1, 2016
Public Disclosure: August 2, 2016
Vuln

[ more ]  [ reply ]
Cross-Site Scripting in WangGuard WordPress Plugin 2016-08-02
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in WangGuard WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

Abst

[ more ]  [ reply ]
Cross-Site Scripting in Uji Countdown WordPress Plugin 2016-08-02
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Uji Countdown WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
WinSaber - Unquoted Service Path Privilege Escalation 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WinSaber - Unquoted Service Path Privilege Escalation

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1879

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1882

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1888

Video: http://www.vulnerability-lab.com/get_content.php?id=1892

Release Date:
===========

[ more ]  [ reply ]
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1887

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
FortiManager (Series) - Multiple Web Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager (Series) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1684

Fortinet PSIRT ID: 1624459

Release Notes 1: http://docs.fortinet.com/uploaded/files/2910/fortimanager-v5.4.0-rel

[ more ]  [ reply ]
[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-08-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05063986

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05063986
Version: 2

HPSBGN03564 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information 2016-08-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05216368

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05216368
Version: 1

HPSBUX03632 S

[ more ]  [ reply ]
[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c 2016-08-01
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.5/drivers/scsi/aacraid/commctrl.c, and crafted user space data change under race condition will lead to over-b

[ more ]  [ reply ]
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) 2016-08-01
David Coomber (davidcoomber infosec gmail com)
Kaspersky Safe Browser iOS Application - MITM SSL Certificate
Vulnerability (CVE-2016-6231)
--
http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html

Overview

"Stay safe from malicious links, suspicious content and identity theft
while you surfing the Internet."

"Our Safe Browser covers th

[ more ]  [ reply ]
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/

[ more ]  [ reply ]
Cross-Site Scripting in Contact Bank WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Contact Bank WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

A

[ more ]  [ reply ]
SQL injection vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

SQL injection vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

--------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3637-1] chromium-browser security update 2016-07-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3637-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
July 31, 2016

[ more ]  [ reply ]
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple vulnerabilities in All In One WP Security & Firewall plugin
login CAPTCHA
------------------------------------------------------------------------

Sipke Mellema, July 2016

---------------------------------------------

[ more ]  [ reply ]
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress
Plugin
------------------------------------------------------------------------

Bente Schopman, July 2016

-----------------------------------------------

[ more ]  [ reply ]
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Insert PHP WordPress Plugin allows authenticated user to execute
arbitrary PHP
------------------------------------------------------------------------

Marcel Vermeulen <vermeulen.mc.at.gmail.com> & Ed van der Vlies
<ecvdvlies.

[ more ]  [ reply ]
Huawei eSpace IAD Remote Information Disclosure Vulnerability 2016-07-30
ak47464659484 gmail com
Title: Huawei eSpace IAD Remote Information Disclosure Vulnerability
Software : eSpace IAD

Software Version :
Equipment type : eSpace IAD208E(M)
PCB version : AG21CSPG VER.A
Product name : TS0801 and TS0802
Program version : V300R001C07SPC800
BIOS version : 1035

[ more ]  [ reply ]
[SECURITY] [DSA 3634-1] redis security update 2016-07-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3634-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3636-1] collectd security update 2016-07-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3636-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 30, 2016

[ more ]  [ reply ]
Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492) 2016-07-30
unlimitsec gmail com
Details
=======

Product: MTK
platform:MT6595 -- MT6797
Security Risk: High
CVE ID: CVE-2016-6492
Credit: unLimit Security Group

Introduction
============
1.
https://github.com/jawad6233/MT6795.kernel/blob/1251b008a51be5cd97ce6da9
16f34fc6afa2b1d7/alps/kernel-3.10/drivers/misc/mediatek/mach/mt6795/c

[ more ]  [ reply ]
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-038
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulne

[ more ]  [ reply ]
[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update 2016-07-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3635-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 29, 2016

[ more ]  [ reply ]
CVE-2016-5672: Intel Crosswalk SSL Prompt Issue 2016-07-29
research nightwatchcybersecurity com
[Original at: https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-cross
walk-ssl-prompt-issue/]

Summary

The Intel Crosswalk Project library for cross-platform mobile
development did not properly handle SSL errors. This behaviour could
subject applications developed using this library

[ more ]  [ reply ]
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-032
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cr

[ more ]  [ reply ]
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-031
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection agains

[ more ]  [ reply ]
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-038
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulne

[ more ]  [ reply ]
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-032
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cr

[ more ]  [ reply ]
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-031
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection agains

[ more ]  [ reply ]
[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-059
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Sp

[ more ]  [ reply ]
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-044
Product: K520 (Keyboard of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient

[ more ]  [ reply ]
[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-045
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data

[ more ]  [ reply ]
[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-047
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vu

[ more ]  [ reply ]
[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-046
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection aga

[ more ]  [ reply ]
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-044
Product: K520 (Keyboard of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient

[ more ]  [ reply ]
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities 2016-07-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1890

Release Date:
=============
2016-07-28

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting 2016-07-29
S21sec Vulnerability Research (vulns s21sec com)
##############################################################

- S21Sec Advisory -
- S21SEC-047-en.txt -

##############################################################

Title: Fotoware Fotoweb 8.0 Cross Site Scripting (XSS)
ID: S21sec-047-

[ more ]  [ reply ]
Vicon Network Cameras - Authentication Bypass 2016-07-28
reggie dodd30 gmail com
TITLE
Vicon Network Cameras - Authentication Bypass

AUTHOR
Reginald Dodd / Information Security Engineer
https://www.linkedin.com/in/reginalddodd

VENDOR
Vicon Industries Inc.
http://www.vicon-security.com
http://www.vicon-security.com/products/network-cameras/

DESCRIPTION
Remote unauthenticated u

[ more ]  [ reply ]
Saveya Bounty #1 - Bypass & Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Saveya Bounty #1 - Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1857

SaveYa ID: 56

Acknowledgements: https://www.saveya.com/white-hat-program-acknowledgements

Release Date:
======

[ more ]  [ reply ]
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1881

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1886

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1884

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[SECURITY] [DSA 3633-1] xen security update 2016-07-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3633-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 27, 2016

[ more ]  [ reply ]
CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal 2016-07-27
Grebovich, Dragan \(Dragan\) (dgrebovich avaya com)
Virtual Services Platform (VOSS) Security Vulnerability CVE-2016-2783 - Release 4.1.0.0 Vulnerable to SPB Traffic traversal

Avaya Networking was notified by Kryptos Logic and Stora, that Avaya VSP (VOSS) 4.1.0.0 has security vulnerability on November 30, 2015. Avaya R&D has confirmed the existence

[ more ]  [ reply ]
[SECURITY] [DSA 3632-1] mariadb-10.0 security update 2016-07-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3632-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2016

[ more ]  [ reply ]
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Document Title:
===============
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Wick, Ryan \(US - Chicago\) (rwick deloitte com)
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1876

Release Date:
=============
2016-07-25

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1885

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
============

[ more ]  [ reply ]
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1875

Release Date:
=============
2016-07-13

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
[SECURITY] [DSA 3631-1] php5 security update 2016-07-26
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3631-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3630-1] libgd2 security update 2016-07-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3630-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 26, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) 2016-07-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05212266

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05212266
Version: 1

HPSBST03603 r

[ more ]  [ reply ]
Silurus Classifieds XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Silurus Classifieds XSS Vulnerability
Software : Silurus Classifieds

Software Version : v2.0

Vendor: http://snowhall.com/slides/silurus

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 (at) gmail (dot) com [email concealed]
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in ColorWay WordPress Theme 2016-07-26
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in ColorWay WordPress Theme
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------------

[ more ]  [ reply ]
Dropbox 6.4.14 DLL Hijacking Vulnerability 2016-07-26
mehta himanshu21 gmail com
Aloha,

Summary
Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'DropboxInstaller.exe' improperly. And it allows an a

[ more ]  [ reply ]
Huawei ISM Professional XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484@gmail

[ more ]  [ reply ]
Crashing Browsers Remotely via Insecure Search Suggestions 2016-07-26
research nightwatchcybersecurity com
[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-br
owsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected brow

[ more ]  [ reply ]
MySQL 0days followup (CVE-2016-3477) CVSS 8.1 2016-07-26
lem nikolas gmail com
Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauth

[ more ]  [ reply ]
July 2016 - Bamboo Server - Critical Security Advisory 2016-07-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= vers

[ more ]  [ reply ]
[SECURITY] [DSA 3629-1] ntp security update 2016-07-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3629-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-07-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 1

HPSBGN03630 r

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "akey" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected So

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch 2016-07-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:25.bspatch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3628-1] perl security update 2016-07-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2016

[ more ]  [ reply ]
XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-07-25
Larry W. Cashdollar (larry0 me com)
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galler
ies/gallery-pro
Vendor: huge-it.com
Vendor Notif

[ more ]  [ reply ]
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr 2016-07-25
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.

[ more ]  [ reply ]
[SECURITY] [DSA 3627-1] phpmyadmin security update 2016-07-24
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3627-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
July 24, 2016

[ more ]  [ reply ]
Cross-Site Scripting in Code Snippets WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Code Snippets WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
(Page 19 of 525)  < Prev  14 15 16 17 18 19 20 21 22 23 24  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus