BugTraq Mode:
(Page 19 of 524)  < Prev  14 15 16 17 18 19 20 21 22 23 24  Next >
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1887

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
==============

[ more ]  [ reply ]
FortiManager (Series) - Multiple Web Vulnerabilities 2016-08-02
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager (Series) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1684

Fortinet PSIRT ID: 1624459

Release Notes 1: http://docs.fortinet.com/uploaded/files/2910/fortimanager-v5.4.0-rel

[ more ]  [ reply ]
[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-08-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05063986

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05063986
Version: 2

HPSBGN03564 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information 2016-08-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05216368

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05216368
Version: 1

HPSBUX03632 S

[ more ]  [ reply ]
[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c 2016-08-01
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here.

This was found in Linux kernel file Linux-4.5/drivers/scsi/aacraid/commctrl.c, and crafted user space data change under race condition will lead to over-b

[ more ]  [ reply ]
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231) 2016-08-01
David Coomber (davidcoomber infosec gmail com)
Kaspersky Safe Browser iOS Application - MITM SSL Certificate
Vulnerability (CVE-2016-6231)
--
http://www.info-sec.ca/advisories/Kaspersky-Safe-Browser.html

Overview

"Stay safe from malicious links, suspicious content and identity theft
while you surfing the Internet."

"Our Safe Browser covers th

[ more ]  [ reply ]
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-08-01
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/

[ more ]  [ reply ]
Cross-Site Scripting in Contact Bank WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Contact Bank WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

------------------------------------------------------------------------

A

[ more ]  [ reply ]
SQL injection vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

SQL injection vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

--------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin 2016-08-01
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------

Edwin Molenaar, July 2016

-------------------------------------------------------

[ more ]  [ reply ]
[SECURITY] [DSA 3637-1] chromium-browser security update 2016-07-31
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3637-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
July 31, 2016

[ more ]  [ reply ]
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Multiple vulnerabilities in All In One WP Security & Firewall plugin
login CAPTCHA
------------------------------------------------------------------------

Sipke Mellema, July 2016

---------------------------------------------

[ more ]  [ reply ]
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress
Plugin
------------------------------------------------------------------------

Bente Schopman, July 2016

-----------------------------------------------

[ more ]  [ reply ]
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP 2016-07-31
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Insert PHP WordPress Plugin allows authenticated user to execute
arbitrary PHP
------------------------------------------------------------------------

Marcel Vermeulen <vermeulen.mc.at.gmail.com> & Ed van der Vlies
<ecvdvlies.

[ more ]  [ reply ]
Huawei eSpace IAD Remote Information Disclosure Vulnerability 2016-07-30
ak47464659484 gmail com
Title: Huawei eSpace IAD Remote Information Disclosure Vulnerability
Software : eSpace IAD

Software Version :
Equipment type : eSpace IAD208E(M)
PCB version : AG21CSPG VER.A
Product name : TS0801 and TS0802
Program version : V300R001C07SPC800
BIOS version : 1035

[ more ]  [ reply ]
[SECURITY] [DSA 3634-1] redis security update 2016-07-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3634-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3636-1] collectd security update 2016-07-30
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3636-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 30, 2016

[ more ]  [ reply ]
Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492) 2016-07-30
unlimitsec gmail com
Details
=======

Product: MTK
platform:MT6595 -- MT6797
Security Risk: High
CVE ID: CVE-2016-6492
Credit: unLimit Security Group

Introduction
============
1.
https://github.com/jawad6233/MT6795.kernel/blob/1251b008a51be5cd97ce6da9
16f34fc6afa2b1d7/alps/kernel-3.10/drivers/misc/mediatek/mach/mt6795/c

[ more ]  [ reply ]
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-038
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulne

[ more ]  [ reply ]
[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update 2016-07-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3635-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 29, 2016

[ more ]  [ reply ]
CVE-2016-5672: Intel Crosswalk SSL Prompt Issue 2016-07-29
research nightwatchcybersecurity com
[Original at: https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-cross
walk-ssl-prompt-issue/]

Summary

The Intel Crosswalk Project library for cross-platform mobile
development did not properly handle SSL errors. This behaviour could
subject applications developed using this library

[ more ]  [ reply ]
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-032
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cr

[ more ]  [ reply ]
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-031
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection agains

[ more ]  [ reply ]
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-038
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vulne

[ more ]  [ reply ]
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-032
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cr

[ more ]  [ reply ]
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-031
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection agains

[ more ]  [ reply ]
[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-059
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Sp

[ more ]  [ reply ]
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-044
Product: K520 (Keyboard of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient

[ more ]  [ reply ]
[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-045
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data

[ more ]  [ reply ]
[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-047
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Cryptographic Issues (CWE-310)
Keystroke Injection Vu

[ more ]  [ reply ]
[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-046
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection aga

[ more ]  [ reply ]
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks 2016-07-29
matthias deeg syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-044
Product: K520 (Keyboard of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient

[ more ]  [ reply ]
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities 2016-07-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1890

Release Date:
=============
2016-07-28

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting 2016-07-29
S21sec Vulnerability Research (vulns s21sec com)
##############################################################

- S21Sec Advisory -
- S21SEC-047-en.txt -

##############################################################

Title: Fotoware Fotoweb 8.0 Cross Site Scripting (XSS)
ID: S21sec-047-

[ more ]  [ reply ]
Vicon Network Cameras - Authentication Bypass 2016-07-28
reggie dodd30 gmail com
TITLE
Vicon Network Cameras - Authentication Bypass

AUTHOR
Reginald Dodd / Information Security Engineer
https://www.linkedin.com/in/reginalddodd

VENDOR
Vicon Industries Inc.
http://www.vicon-security.com
http://www.vicon-security.com/products/network-cameras/

DESCRIPTION
Remote unauthenticated u

[ more ]  [ reply ]
Saveya Bounty #1 - Bypass & Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Saveya Bounty #1 - Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1857

SaveYa ID: 56

Acknowledgements: https://www.saveya.com/white-hat-program-acknowledgements

Release Date:
======

[ more ]  [ reply ]
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1881

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
=======================

[ more ]  [ reply ]
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1886

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability 2016-07-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1884

Release Date:
=============
2016-07-27

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
[SECURITY] [DSA 3633-1] xen security update 2016-07-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3633-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 27, 2016

[ more ]  [ reply ]
CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal 2016-07-27
Grebovich, Dragan \(Dragan\) (dgrebovich avaya com)
Virtual Services Platform (VOSS) Security Vulnerability CVE-2016-2783 - Release 4.1.0.0 Vulnerable to SPB Traffic traversal

Avaya Networking was notified by Kryptos Logic and Stora, that Avaya VSP (VOSS) 4.1.0.0 has security vulnerability on November 30, 2015. Avaya R&D has confirmed the existence

[ more ]  [ reply ]
[SECURITY] [DSA 3632-1] mariadb-10.0 security update 2016-07-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3632-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2016

[ more ]  [ reply ]
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Document Title:
===============
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability 2016-07-27
Wick, Ryan \(US - Chicago\) (rwick deloitte com)
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1876

Release Date:
=============
2016-07-25

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1885

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
============

[ more ]  [ reply ]
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability 2016-07-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1875

Release Date:
=============
2016-07-13

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
[SECURITY] [DSA 3631-1] php5 security update 2016-07-26
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3631-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3630-1] libgd2 security update 2016-07-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3630-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 26, 2016

[ more ]  [ reply ]
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS) 2016-07-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05212266

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05212266
Version: 1

HPSBST03603 r

[ more ]  [ reply ]
Silurus Classifieds XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Silurus Classifieds XSS Vulnerability
Software : Silurus Classifieds

Software Version : v2.0

Vendor: http://snowhall.com/slides/silurus

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 (at) gmail (dot) com [email concealed]
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in ColorWay WordPress Theme 2016-07-26
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in ColorWay WordPress Theme
------------------------------------------------------------------------

Yorick Koster, July 2016

-----------------------------------------------------------------

[ more ]  [ reply ]
Dropbox 6.4.14 DLL Hijacking Vulnerability 2016-07-26
mehta himanshu21 gmail com
Aloha,

Summary
Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by 'DropboxInstaller.exe' improperly. And it allows an a

[ more ]  [ reply ]
Huawei ISM Professional XSS Vulnerability 2016-07-26
ak47464659484 gmail com
Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484@gmail

[ more ]  [ reply ]
Crashing Browsers Remotely via Insecure Search Suggestions 2016-07-26
research nightwatchcybersecurity com
[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-br
owsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected brow

[ more ]  [ reply ]
MySQL 0days followup (CVE-2016-3477) CVSS 8.1 2016-07-26
lem nikolas gmail com
Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits unauth

[ more ]  [ reply ]
July 2016 - Bamboo Server - Critical Security Advisory 2016-07-26
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= vers

[ more ]  [ reply ]
[SECURITY] [DSA 3629-1] ntp security update 2016-07-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3629-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution 2016-07-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 1

HPSBGN03630 r

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "akey" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected Softw

[ more ]  [ reply ]
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability 2016-07-25
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 25/07/2016

Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================

Table of Contents

Affected So

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch 2016-07-25
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:25.bspatch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[SECURITY] [DSA 3628-1] perl security update 2016-07-25
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3628-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2016

[ more ]  [ reply ]
XSS and SQLi in huge IT gallery v1.1.5 for Joomla 2016-07-25
Larry W. Cashdollar (larry0 me com)
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galler
ies/gallery-pro
Vendor: huge-it.com
Vendor Notif

[ more ]  [ reply ]
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr 2016-07-25
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.

[ more ]  [ reply ]
[SECURITY] [DSA 3627-1] phpmyadmin security update 2016-07-24
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3627-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
July 24, 2016

[ more ]  [ reply ]
Cross-Site Scripting in Code Snippets WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Code Snippets WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

[ more ]  [ reply ]
Neoscreen v4.5 Cross-site scripting 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Detail

[ more ]  [ reply ]
Neoscreen v4.5 Blind SQL injection 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [C

[ more ]  [ reply ]
Neoscreen v4.5 Authentication bypass 2016-07-24
alex_haynes outlook com
Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

[ more ]  [ reply ]
[SECURITY] [DSA 3626-1] openssh security update 2016-07-24
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3626-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016

[ more ]  [ reply ]
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1 2016-07-23
mgill c0ffee me
Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context.

Proof of Concept:
The fol

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design 2016-07-23
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking 2016-07-23
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.

Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~

1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-w

[ more ]  [ reply ]
[slackware-security] bind (SSA:2016-204-01) 2016-07-22
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Contact Form to Email WordPress Plugin 2016-07-24
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Contact Form to Email WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

-----------------------------------------------------------------

[ more ]  [ reply ]
CA20160721-01: Security Notice for CA eHealth 2016-07-22
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CV

[ more ]  [ reply ]
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example 2016-07-22
Tim Allison (tallison apache org)
CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and

[ more ]  [ reply ]
MySQL zero-day vulnerabilities (July 2016 CPU) 2016-07-22
lem nikolas gmail com
MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google, Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to identify and mitigate tho

[ more ]  [ reply ]
[SECURITY] [DSA 3625-1] squid3 security update 2016-07-22
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3625-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
July 22, 2016

[ more ]  [ reply ]
Dreammail 5 mail client XSS Vulnerability 2016-07-22
wwiinngd gmail com
Title: Dreammail 5 mail client XSS Vulnerability
Software : Dreammail

Software Version : v5.16

Vendor: www.dreammail.org

Vulnerability Published : 2016-03-21

Author:zhenwei_qi
Email:wwiinngd (at) gmail (dot) com [email concealed]
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
Dream

[ more ]  [ reply ]
[slackware-security] gimp (SSA:2016-203-01) 2016-07-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gimp (SSA:2016-203-01)

New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-203-02) 2016-07-21
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-203-02)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS) 2016-07-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05204371

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05204371
Version: 1

HPSBGN03631 r

[ more ]  [ reply ]
MySQL zero-day vulnerabilities (July 2016 CPU) 2016-07-21
lem nikolas gmail com
MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google, Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to identify and mitigate thos

[ more ]  [ reply ]
[SECURITY] [DSA 3624-1] mysql-5.5 security update 2016-07-21
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3624-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 21, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products 2016-07-21
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

Advisory ID: cisco-sa-20160721-asn1c

Revision: 1.0

For Public Release: 2016 July 21 19:00 GMT

+---------------------------------------------------

[ more ]  [ reply ]
CVE-2016-5399: php: out-of-bounds write in bzread() 2016-07-21
Hans Jerry Illikainen (hji dyntopia com)
PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in
its `bzread()' function:

php-7.0.8/ext/bz2/bz2.c
,----
| 364 static PHP_FUNCTION(bzread)
| 365 {
| ...
| 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data));
| 383 ZSTR_VAL(data)[ZSTR_LEN(data)

[ more ]  [ reply ]
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF) 2016-07-20
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in WooCommerce using image metadata
(EXIF)
------------------------------------------------------------------------

Han Sahin, July 2016

---------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin 2016-07-20
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress
Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability 2016-07-20
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Advisory ID: cisco-sa-20160720-ucsperf

Revision 1.0

For Public Release 2016 July 20 16:00 GMT (UTC)

+--------------------------------------

[ more ]  [ reply ]
[SEARCH-LAB advisory] UPC Hungary network problems 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
UPC network problems
--------------------

Platforms / Firmware confirmed affected:
- UPC Hungary network

Problems
--------
Network and device configuration problems
Administration password is sent to the device in plain in the
configuration file
Administration password, which is used also for the

[ more ]  [ reply ]
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
Compal CH7465LG-LC modem/router multiple vulnerabilities
--------------------------------------------------------

The following vulnerabilities are the result of a quick check (~3 hours)
of the Mercury modem. We performed a systematic and deeper evaluation of
this device also, which result will be

[ more ]  [ reply ]
[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
Hitron CGNV4 modem/router multiple vulnerabilities
--------------------------------------------------

Platforms / Firmware confirmed affected:
- Hitron CGNV4, 4.3.9.9-SIP-UPC
- Product page: http://www.hitrontech.com/en/cable_detail.php?id=62

Vulnerabilities
---------------
Insecure session manage

[ more ]  [ reply ]
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
Technicolor TC7200 modem/router multiple vulnerabilities
--------------------------------------------------------

Platforms / Firmware confirmed affected:
- Technicolor TC7200, STD6.02.11
- Product page:
http://www.technicolor.com/en/solutions-services/connected-home/broadban
d-devices/cable-modems-

[ more ]  [ reply ]
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities 2016-07-20
Gergely Eberhardt (gergely eberhardt search-lab hu)
Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
-----------------------------------------------------------------

Platforms / Firmware confirmed affected:
- Cisco EPC3925, ESIP-12-v302r125573-131230c_upc

Vulnerabilities
---------------
Default SSID and passphrase can be calculate

[ more ]  [ reply ]
[SECURITY] [DSA 3623-1] apache2 security update 2016-07-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3623-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2016

[ more ]  [ reply ]
(Page 19 of 524)  < Prev  14 15 16 17 18 19 20 21 22 23 24  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus