|
|
Colapse all |
Post message
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code 2016-07-11 security-alert hpe com Persistent Cross-Site Scripting in WordPress Activity Log plugin 2016-07-11 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in WordPress Activity Log plugin ------------------------------------------------------------------------ Han Sahin, July 2016 ------------------------------------------------------------------- [ more ] [ reply ] [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting 2016-07-11 Julien Ahrens (info rcesecurity com) [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries 2016-07-11 Julien Ahrens (info rcesecurity com) Persistent Cross-Site Scripting in WP Live Chat Support plugin 2016-07-11 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in WP Live Chat Support plugin ------------------------------------------------------------------------ Han Sahin, July 2016 --------------------------------------------------------------------- [ more ] [ reply ] Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin 2016-07-10 Summer of Pwnage (lists securify nl) ------------------------------------------------------------------------ Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin ------------------------------------------------------------------------ David Vaartjes, July 2016 ------------------------------------------------------- [ more ] [ reply ] BMW - (Token) Client Side Cross Site Scripting Vulnerability 2016-07-08 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== BMW - (Token) Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1737 Release Date: ============= 2016-07-06 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] BMW ConnectedDrive - (Update) VIN Session Vulnerability 2016-07-08 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== BMW ConnectedDrive - (Update) VIN Session Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1736 Release Date: ============= 2016-07-07 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] Microsoft Process Kill Utility "kill.exe" Buffer Overflow 2016-07-08 hyp3rlinx lycos com [+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFL OW.txt [+] ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ========================================= Microsoft Process K [ more ] [ reply ] Microsoft WinDbg logviewer.exe Buffer Overflow DOS 2016-07-08 hyp3rlinx lycos com [+] Credits: HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDBG-LOGVIEWER-BUFFER-OV ERFLOW.txt [+] ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ==================== WinDbg logviewer.exe LogViewer (log [ more ] [ reply ] [slackware-security] samba (SSA:2016-189-01) 2016-07-07 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2016-189-01) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] [security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information 2016-07-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05194709 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05194709 Version: 1 HPSBGN03628 r [ more ] [ reply ] [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability 2016-07-07 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ --- IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability ------------------------------------------------------------------------ --- [-] Software Link: https://invisionpower.com/ [-] Affected Versions [ more ] [ reply ] Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) 2016-07-06 David Coomber (davidcoomber infosec gmail com) Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648) -- http://www.info-sec.ca/advisories/Acer-Portal.html Overview "Acer BYOCâ??s suite of Apps allows you to start building your own cloud to connect and share everything in your life between your smart devices and y [ more ] [ reply ] Re: Putty (beta 0.67) DLL Hijacking Vulnerability 2016-07-06 wsachin092 gmail com Can you please assign the CVE for http://seclists.org/bugtraq/2016/Jul/26 1. Create malicious dll file and save it as UxTheme.dll or ntmarta.dll in your "Downloads" directory. 2. Download https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe and save it in your "Downloads" directory. 3. Ex [ more ] [ reply ] ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability 2016-07-06 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability EMC Identifier: ESA-2016-054 CVE Identifier: CVE-2016-0906 Severity Rating: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected products: [ more ] [ reply ] Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability 2016-07-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1872 Release Date: ============= 2016-07-06 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] Teampass 2.1.26 - Authenticated File Upload Vulnerability 2016-07-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Teampass 2.1.26 - Authenticated File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1866 Release Date: ============= 2016-07-06 Vulnerability Laboratory ID (VL-ID): ============================= [ more ] [ reply ] IBM BlueMix Cloud - (API) Persistent Web Vulnerability 2016-07-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== IBM BlueMix Cloud - (API) Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1846 IBM Security Tracking ID: 5377-12593283 Release Date: ============= 2016-07-04 Vulnerability Laboratory ID [ more ] [ reply ] [security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access 2016-07-05 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05184351 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05184351 Version: 1 HPSBHF03613 r [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2016-187-01) 2016-07-05 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-187-01) New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and - -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +-------------------- [ more ] [ reply ] Putty (beta 0.67) DLL Hijacking Vulnerability 2016-07-05 wsachin092 gmail com /* Exploit Title: Putty DLL Hijacking Exploit ( UxTheme.dll or ntmarta.dll ) Vendor Homepage:https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe Author: Sachin Wagh (@tiger_tigerboy) Linkedin: https://in.linkedin.com/in/sachin-wagh-95b17555 Affected Version: beta 0.67 Tested on: Windows 7 Ulti [ more ] [ reply ] Apple Safari for Mac OS X SVG local XXE 2016-07-05 Filippo Cavallarin (filippo cavallarin wearesegment com) Advisory ID: SGMA16-003 Title: Apple Safari for Mac OS X SVG local XXE Product: Apple Safari for Mac OS X Version: 9.1.1 and probably prior Vendor: apple.com Vulnerability type: XXE Risk level: Medium Credit: Filippo Cavallarin - wearesegment.com CVE: N/A Vendor notification: 2015-04-08 Vendor fix: [ more ] [ reply ] Syslog Server "npriority" field remote Denial of Service vulnerability 2016-07-04 chaoyi huang connect polyu hk Title: Syslog Server "npriority" field remote Denial of Service vulnerability Software : Syslog Server Software Version : Syslog Server 1.2.3 Vendor: https://sourceforge.net/p/syslog-server/ Vulnerability Published : 2016-07-02 Vulnerability Update Time : Status : Impact : Medium(CVSS2 Base : [ more ] [ reply ] [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c 2016-07-04 wpengfeinudt gmail com I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here. This was found in Linux kernel file Linux-4.6/kernel/auditsc.c, and crafted user space data change under race condition will make control strings processe [ more ] [ reply ] OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability 2016-07-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1868 Release Date: ============= 2016-07-04 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability 2016-07-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1867 Release Date: ============= 2016-07-01 Vulnerability Laboratory ID (VL-ID): =============== [ more ] [ reply ] [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c 2016-07-04 wpengfeinudt gmail com I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an announcement here. This was found in Linux kernel file Linux-4.6/drivers/platform/chrome/cros_ec_dev.c, and crafted user space data change under race condition will lead to [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05200601
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05200601
Version: 1
HPSBHF03608 r
[ more ] [ reply ]