BugTraq Mode:
(Page 21 of 525)  < Prev  16 17 18 19 20 21 22 23 24 25 26  Next >
WebCalendar v1.2.7 PHP Code Injection 2016-07-04
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-I
NJECTION.txt

[+] ISR: ApparitionSec

Vendor:
==========================
www.k5n.us/webcalendar.php

Product:
==================
WebC

[ more ]  [ reply ]
[FD]CVE ID request : SQL injection in 24Online Client 2016-07-03
rahullraz gmail com
Software name: 24 online
Version: 8.3.6 build 9.0
Vendor website: http://24onlinebilling.com

Potentially others versions older than this are vulnerable too.

Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The invoiceid GET parameter

[ more ]  [ reply ]
[SECURITY] [DSA 3614-1] tomcat7 security update 2016-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3614-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3615-1] wireshark security update 2016-07-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3615-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
July 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3613-1] libvirt security update 2016-07-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3613-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016

[ more ]  [ reply ]
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage 2016-07-02
Robbie Gemmell (robbie apache org)
[CVE-2016-4974] Apache Qpid: deserialization of untrusted input while
using JMS ObjectMessage

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Qpid AMQP 0-x JMS client 6.0.3 and earlier
Qpid JMS (AMQP 1.0) client 0.9.0 and earlier

Description:
When applications call g

[ more ]  [ reply ]
[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information 2016-07-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05193347

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193347
Version: 1

HPSBGN03627 r

[ more ]  [ reply ]
[SECURITY] [DSA 3612-1] gimp security update 2016-07-01
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3612-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
July 01, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam 2016-07-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05193083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05193083
Version: 1

HPSBGN03626 r

[ more ]  [ reply ]
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability 2016-07-01
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability

Title: SQLite Tempdir Selection Vulnerability
Advisory ID: KL-001-2016-003
Publication Date: 2016.07.01
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt

1. Vulnerability Details

Affected Vendor: SQLi

[ more ]  [ reply ]
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking 2016-07-01
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable installer for Microsoft's Visual Studio 2015
Community Edition, available from <https://www.visualstudio.com/>,
is vulnerable to DLL hijacking: on a fully patched Windows 7 SP1
it loads the following DLLs from its "application directory"
instead of Windows' "system directory"

[ more ]  [ reply ]
Logic security flaw in TP-LINK - tplinklogin.net 2016-07-01
Info cybermoon cc
TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration.

The domain is available to buy via escort service, so potential attacker can get it, it's all about money.

There is unknown holder who have the domai

[ more ]  [ reply ]
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/s390/char/sclp_ctl.c, and crafted user space data change under race condition will lead to consequenc

[ more ]  [ reply ]
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c 2016-06-30
wpengfeinudt gmail com
I found this double-fetch vulnerability when I was doing my research on double-fetch issue analysis, and I?d like to make an anouncement here.

This was found in Linux kernel file Linux-4.5/drivers/misc/mic/host/mic_virtio.c, and crafted user space data change under race condition will lead to cons

[ more ]  [ reply ]
CA20160627-01: Security Notice for Release Automation 2016-06-30
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160627-01: Security Notice for Release Automation

Issued: June 27, 2016
Last Updated: June 27, 2016

CA Technologies Support is alerting customers to multiple potential risks
with CA Release Automation. Three vulnerabilities exist that can allow

[ more ]  [ reply ]
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update 2016-06-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3611-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 30, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3610-1] xerces-c security update 2016-06-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3610-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 29, 2016

[ more ]  [ reply ]
BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs 2016-06-29
Blue Frost Security Research Lab (research bluefrostsecurity de)
________________________________________________________________________

Vendor: Huawei, www.huawei.com
Affected Product: HiSuite for Windows
Affected Version: <= 4.0.3.301
CVE ID: CVE-2016-5821
OVE ID: OVE-20160624-0001
Severity: High
Author: Benjamin Gnahm (@mitp0sh), Blue Frost Security GmbH
Tit

[ more ]  [ reply ]
[SECURITY] [DSA 3608-1] libreoffice security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3608-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3609-1] tomcat8 security update 2016-06-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3609-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 29, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability

Advisory ID: cisco-sa-20160629-piauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+-----------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160629-cpcpauthbypass

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability 2016-06-29
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower System Software Static Credential Vulnerability

Advisory ID: cisco-sa-20160629-fp

Revision 1.0

For Public Release 2016 June 29 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A

[ more ]  [ reply ]
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD 2016-06-29
Cantor, Scott (cantor 2 osu edu)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fail

[ more ]  [ reply ]
Symantec SEPM v12.1 Multiple Vulnerabilities 2016-06-29
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.
txt

[+] ISR: ApparitionSec

Vendor:
================
www.symantec.com

Product:
===========
SEPM
Symantec Endpoint Protection Manage

[ more ]  [ reply ]
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution 2016-06-28
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution

Title: Ubiquiti Administration Portal CSRF to Remote Command Execution
Advisory ID: KL-001-2016-002
Publication Date: 2016.06.28
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt

1.

[ more ]  [ reply ]
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-------
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
------------------------------------------------------------------------
-------

[-] Software Link:

https://www.concrete5.org/

[-] Affec

[ more ]  [ reply ]
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------
-

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

Ver

[ more ]  [ reply ]
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities 2016-06-28
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
--
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
------------------------------------------------------------------------
--

[-] Software Link:

https://www.concrete5.org/

[-] Affected Versions:

[ more ]  [ reply ]
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1862

CWE-89
CWE-79
CWE-264

http://cwe.mitre.org/data/definitions/89
http://cwe.mitre.org/data/definitions/

[ more ]  [ reply ]
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1863

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
===================================

[ more ]  [ reply ]
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1858

Release Date:
=============
2016-06-21

Vulnerability Laboratory ID (VL-ID):
================================

[ more ]  [ reply ]
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability 2016-06-28
Vulnerability Lab (research vulnerability-lab com)


Document Title:
===============
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1849

Release Date:
=============
2016-06-27

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
[SECURITY] [DSA 3607-1] linux security update 2016-06-28
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3607-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 28, 2016

[ more ]  [ reply ]
Craft CMS affected by server side template injection 2016-06-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Craft CMS affected by server side template injection
------------------------------------------------------------------------

Nelson Berg & Jurgen Kloosterman, June 2016

--------------------------------------------------------

[ more ]  [ reply ]
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability 2016-06-27
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
Application: BigTree CMS
Remotely Exploitable: Yes
Versions Affected: < 4.2.11
Vendor URL: https://www.bigtreecms.org
Bugs: SQL Injection
Author: Mehmet Ince
Dat

[ more ]  [ reply ]
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection 2016-06-27
Matt Bush (matt 3xocyte net)
Product:

https://www.untangle.com/untangle-ng-firewall/

Description:

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

The Untangle NGFW <= 12.1.0 web interface is prone to a command injection vulnerability, allowing non-root users to execute arbitrary

[ more ]  [ reply ]
MyLittleForum v2.3.5 PHP Command Injection 2016-06-27
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTI
ON.txt

[+] ISR: APPARITIONSEC

Vendor:
=================
mylittleforum.net

Download:
github.com/ilosuna/mylittleforum/releases/tag/v2.3.5

Product

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-176-01) 2016-06-24
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-176-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3606-1] libpdfbox security update 2016-06-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3606-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2016

[ more ]  [ reply ]
#146416 Ruby:HTTP Header injection in 'net/http' 2016-06-24
redrain root (rootredrain gmail com)
TIMELINE
rootredrain submitted a report to Ruby.

show raw
Jun 22nd

Hi,

I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.

PoC

require 'net/http'
http = Net::HTTP.new('192.168.30.

[ more ]  [ reply ]
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure 2016-06-24
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
=======================================================================
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736
fixed version

[ more ]  [ reply ]
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
-----
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
------------------------------------------------------------------------
-----

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Vers

[ more ]  [ reply ]
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
---------------------------------------------------------
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
---------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[-] Vulnerabi

[ more ]  [ reply ]
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities 2016-06-23
Egidio Romano (research karmainsecurity com)
--------------------------------------------------------------
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
--------------------------------------------------------------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected Versions:

Version 6.5.18 CE and prior versions.

[ more ]  [ reply ]
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability 2016-06-23
Egidio Romano (research karmainsecurity com)
------------------------------------------------------------------------
------
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
------------------------------------------------------------------------
------

[-] Software Link:

http://www.sugarcrm.com/

[-] Affected V

[ more ]  [ reply ]
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability 2016-06-22
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability

EMC Identifier: ESA-2016-069

CVE Identifier: CVE-2016-0914

Severity Rating: CVSS v3 Base Score: 5.0 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-06-22 2016-06-22
Martin Heiland (martin heiland open-xchange com)
Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-r

[ more ]  [ reply ]
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

A

[ more ]  [ reply ]
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them 2016-06-21
Berend-Jan Wever (berendjanwever gmail com)
(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not al

[ more ]  [ reply ]
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author

[ more ]  [ reply ]
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 29.09.2015

Reported: 30.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238765

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability 2016-06-21
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author:

[ more ]  [ reply ]
[slackware-security] pcre (SSA:2016-172-02) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] pcre (SSA:2016-172-02)

New pcre packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/pcre-8.39-i486

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2016-172-01) 2016-06-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2016-172-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/li

[ more ]  [ reply ]
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7 2016-06-20
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and
7.7.7

AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available
and addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extr

[ more ]  [ reply ]
Symphony CMS v2.6.7 Session Fixation 2016-06-20
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION
.txt

[+] ISR: APPARITIONSEC

Vendor:
====================
www.getsymphony.com

Product:
==================
Symphony CMS v2.6.7

Downlo

[ more ]  [ reply ]
[SECURITY] [DSA 3605-1] libxslt security update 2016-06-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3605-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2016

[ more ]  [ reply ]
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS 2016-06-19
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt

[+] ISR: APPARITIONSEC

Vendor:
============
snewscms.com

Product:
================
sNews CMS v1.7.1

Vulnerability Type:
===========================

[ more ]  [ reply ]
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion 2016-06-17
Berend-Jan Wever (berendjanwever gmail com)
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
========================================================================
====
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-

[ more ]  [ reply ]
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author:

[ more ]  [ reply ]
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (

[ more ]  [ reply ]
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability 2016-06-17
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan

[ more ]  [ reply ]
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player 2016-06-17
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

the executable (un)installers for Flash Player before version
22.0.0.192 and 18.0.0.360 (both released on 2016-06-15) are
vulnerable to DLL hijacking: they load and execute multiple
Windows system DLLs from their "application directory" instead
of Windows' "system directory" %SystemRoot%\Sy

[ more ]  [ reply ]
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense 2016-06-16
Remco Sprooten (remco sprooten org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I. VULNERABILITY
- -------------------------
Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
Version 2.3.1-RELEASE-p1

II. BACKGROUND
- -------------------------
The pfSense project is a free network firewall distribution, based on the
F

[ more ]  [ reply ]
User enumeration in Skype for Business 2013 2016-06-17
nyxgeek (nyxgeek rslabs co)
# Exploit Title: Skype for Business 2013 user enumeration timing attack
# Date: 2016-06-08
# Exploit Author: nyxgeek
# Vendor Homepage: https://www.microsoft.com
# Version: Skype for Business 2013
#
#
# Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration
#
#

[ more ]  [ reply ]
[SECURITY] [DSA 3604-1] drupal7 security update 2016-06-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3604-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2016

[ more ]  [ reply ]
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176765

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176765
Version: 1

HPSBNS03625 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties 2016-06-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05176716

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05176716
Version: 1

HPSBGN03553 r

[ more ]  [ reply ]
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0) 2016-06-15
iancling gmail com
[+] Credits: Ian Ling
[+] Website: iancaling.com

Vendor:
=================
www.ceragon.com

Product:
======================
-FibeAir IP-10

Vulnerability Type:
===================
Default Root Account

CVE Reference:
==============
N/A

Vulnerability Details:
=====================
Ceragon FibeAir I

[ more ]  [ reply ]
[MWR-2016-0002] DDN Default SSH Keys 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Default SSH Keys]###

DDN SFA devices have default SSH keys in place

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002
* Type: Default Credentials
* Author: John Fitzpatrick
* Date: 2016-06-15

## Descript

[ more ]  [ reply ]
[MWR-2016-0001] DDN Insecure Update Mechanism 2016-06-15
john fitzpatrick mwrinfosecurity com
###[DDN Insecure Update Process]###

An insecure update mechanism on DDN SFA devices allows for privilege escalation

* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0001)
* Type: Insecure update mechanism
* Author: J

[ more ]  [ reply ]
Microsoft Visio multiple DLL side loading vulnerabilities 2016-06-15
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Microsoft Visio multiple DLL side loading vulnerabilities
------------------------------------------------------------------------

Yorick Koster, August 2015

--------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability 2016-06-15
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20160615-rv

Revision 1.0

For Public Release 2016 June 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Su

[ more ]  [ reply ]
BookingWizz < 5.5 Multiple Vulnerability 2016-06-15
mehmet mehmetince net
1. ADVISORY INFORMATION
========================================
Title: BookingWizz < 5.5 Multiple Vulnerability
Application: BookingWizz
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: < 5.5
Vendor URL: http://codecanyon.net/item/booking-system/87919
Bugs: Def

[ more ]  [ reply ]
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability 2016-06-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fort

[ more ]  [ reply ]
Joomla com_enmasse - SQL Injection 2016-06-15
hamedizadi gmail com
# Exploit Title: Joomla com_enmasse - SQL Injection

# Author: [ Hamed Izadi ]

#IRAN

# Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/
en-masse
# Category: [ Webapps ]
# Tested on: [ Win ]
# Versions: 5.1-6.4
# Date: 2016/06/15
# Google Dork: inurl

[ more ]  [ reply ]
NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue 2016-06-15
VMware Security Response Center (security vmware com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2016-0009
Synopsis: VMware vCenter Server updates address an important
reflective cross-site scripting issue
Issue date

[ more ]  [ reply ]
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers 2016-06-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> should
have fixed CVE-2014-1520 in Mozilla's executable installers for
Windows ... but does NOT!

JFTR: this type of vulnerability (really: a bloody stupid trivial
beginner's error!) is well-known and well-documented as
<http

[ more ]  [ reply ]
[SECURITY] [DSA 3603-1] libav security update 2016-06-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3603-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 14, 2016

[ more ]  [ reply ]
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability 2016-06-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1852

Release Date:
=============
2016-05-25

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
[SECURITY] [DSA 3602-1] php5 security update 2016-06-14
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3602-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3601-1] icedove security update 2016-06-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3601-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 13, 2016

[ more ]  [ reply ]
Oracle Orakill.exe Buffer Overflow 2016-06-14
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-ORAKILL.EXE-BUFFER-OVE
RFLOW.txt

[+] ISR: apparitionsec

Vendor:
==============
www.oracle.com

Product:
===================
orakill.exe v11.2.0

The orakill utility is

[ more ]  [ reply ]
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability 2016-06-13
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2016-047

CVE Identifier: CVE-2016-0899

Severity Rating: CVSS v3 Base Score: 6.3 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Produc

[ more ]  [ reply ]
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability 2016-06-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1856

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability 2016-06-13
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853

Release Date:
=============
2016-06-13

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
OpenWRT: swconfig infrastructure fails to check permissions 2016-06-10
Elliott Mitchell ehem+bugtraq (at) m5p (dot) com [email concealed] (ehem+bugtraq m5p com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sometimes trying silly things produces interesting results. I thought
this was a silly thing to try, but I tried it and got a result that is
troubling. This is on a device with a heavily modified setup and kernel,
but the kernel is still ultimately

[ more ]  [ reply ]
ESA-2016-062: EMC Data Domain Multiple Vulnerabilities 2016-06-10
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-062: EMC Data Domain Multiple Vulnerabilities

EMC Identifier: ESA-2016-062

CVE Identifier: CVE-2016-0911, CVE-2016-0912

Severity Rating: See below for individual scores for each CVE

Affected products:

EMC Data Domain OS 5.4: All

[ more ]  [ reply ]
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) 2016-06-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157239

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157239
Version: 2

HPSBGN03617 r

[ more ]  [ reply ]
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update 2016-06-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3600-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2016

[ more ]  [ reply ]
SimpleSAMLphp Link Injection 2016-06-10
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION
.txt

[+] ISR: apparitionsec

Vendor:
=================
simplesamlphp.org

Product:
======================
simplesamlphp < 1.14.4

[ more ]  [ reply ]
[SECURITY] [DSA 3599-1] p7zip security update 2016-06-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3599-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2016

[ more ]  [ reply ]
CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability 2016-06-09
John Kinsella (jlk apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

CVSS v2:
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Vendors:
The Apache Software Foundation
Accelerite, Inc

Versions affected:
CloudStack versions 4.5.0 and newer

Description:
Apache Cloud

[ more ]  [ reply ]
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability 2016-06-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability

EMC Identifier: ESA-2016-064

CVE Identifier: CVE-2016-0910

Severity Rating: CVSS v3 Base Score: 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Affected products:

EMC Data Domain

[ more ]  [ reply ]
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability 2016-06-08
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability

EMC Identifier: ESA-2016-072

CVE Identifier: CVE-2016-0916

Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:

EMC NetWorker 8.2

[ more ]  [ reply ]
[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05166182

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05166182
Version: 1

HPSBMU03614

[ more ]  [ reply ]
[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05103564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05103564
Version: 2

HPSBMU03584 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05167176

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05167176
Version: 1

HPSBGN03618 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands 2016-06-08
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05167126

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05167126
Version: 1

HPSBGN03624 r

[ more ]  [ reply ]
(Page 21 of 525)  < Prev  16 17 18 19 20 21 22 23 24 25 26  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus