|
|
Colapse all |
Post message
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability 2016-06-13 Vulnerability Lab (research vulnerability-lab com) OpenWRT: swconfig infrastructure fails to check permissions 2016-06-10 Elliott Mitchell ehem+bugtraq (at) m5p (dot) com [email concealed] (ehem+bugtraq m5p com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Sometimes trying silly things produces interesting results. I thought this was a silly thing to try, but I tried it and got a result that is troubling. This is on a device with a heavily modified setup and kernel, but the kernel is still ultimately [ more ] [ reply ] ESA-2016-062: EMC Data Domain Multiple Vulnerabilities 2016-06-10 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-062: EMC Data Domain Multiple Vulnerabilities EMC Identifier: ESA-2016-062 CVE Identifier: CVE-2016-0911, CVE-2016-0912 Severity Rating: See below for individual scores for each CVE Affected products: EMC Data Domain OS 5.4: All [ more ] [ reply ] [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS) 2016-06-10 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05157239 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157239 Version: 2 HPSBGN03617 r [ more ] [ reply ] [SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update 2016-06-09 Moritz Muehlenhoff (jmm debian org) SimpleSAMLphp Link Injection 2016-06-10 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SIMPLESAML-PHP-LINK-INJECTION .txt [+] ISR: apparitionsec Vendor: ================= simplesamlphp.org Product: ====================== simplesamlphp < 1.14.4 [ more ] [ reply ] CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability 2016-06-09 John Kinsella (jlk apache org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability CVSS v2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vendors: The Apache Software Foundation Accelerite, Inc Versions affected: CloudStack versions 4.5.0 and newer Description: Apache Cloud [ more ] [ reply ] ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability 2016-06-08 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability EMC Identifier: ESA-2016-064 CVE Identifier: CVE-2016-0910 Severity Rating: CVSS v3 Base Score: 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) Affected products: EMC Data Domain [ more ] [ reply ] ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability 2016-06-08 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability EMC Identifier: ESA-2016-072 CVE Identifier: CVE-2016-0916 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected products: EMC NetWorker 8.2 [ more ] [ reply ] [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities 2016-06-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05166182 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05166182 Version: 1 HPSBMU03614 [ more ] [ reply ] [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-06-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05103564 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05103564 Version: 2 HPSBMU03584 r [ more ] [ reply ] [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery 2016-06-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05167176 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05167176 Version: 1 HPSBGN03618 r [ more ] [ reply ] [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands 2016-06-08 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05167126 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05167126 Version: 1 HPSBGN03624 r [ more ] [ reply ] Cisco EPC 3928 Multiple Vulnerabilities 2016-06-08 patryk bogdan secorda com # Title: Cisco EPC 3928 Multiple Vulnerabilities # Vendor: http://www.cisco.com/ # Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway # CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337 # Author: Patryk Bogdan from Secor [ more ] [ reply ] [security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164813 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164813 Version: 1 HPSBGN03623 [ more ] [ reply ] [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164408 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164408 Version: 1 HPSBGN03622 [ more ] [ reply ] [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164821 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164821 Version: 1 HPSBGN03621 [ more ] [ reply ] [CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection 2016-06-07 john fitzpatrick mwrinfosecurity com ###[IBM GPFS / Spectrum Scale Command Injection]### A command injection vulnerability in GPFS / Spectrum Scale allows attackers to escalate privileges to root * Product: IBM GPFS / Spectrum Scale * Severity: High * CVE Reference: CVE-2016-0392 * Type: Command injection * Author: John Fitzpatrick ( [ more ] [ reply ] Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1855 Release Date: ============= 2016-06-06 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Microsoft Education - Code Execution Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Microsoft Education - Code Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1669 MSRC Case: 32314 TRK: 0001002809 Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-educatio [ more ] [ reply ] Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1854 Release Date: ============= 2016-06-07 Vulnerability Laboratory ID (VL-ID): ==================== [ more ] [ reply ] Mapbox (API) - Filter Bypass & Persistent Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mapbox (API) - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1787 ID: #119802 Release Date: ============= 2016-06-06 Vulnerability Laboratory ID (VL-ID): ================== [ more ] [ reply ] [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164862 Version: 1 HPSBGN03620 r [ more ] [ reply ] [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164819 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164819 Version: 1 HPSBGN03619 r [ more ] [ reply ] [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05028479 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05028479 Version: 2 HPSBGN03442 r [ more ] [ reply ] Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion 2016-06-06 Gregory Pickett (gpickett71 yahoo com) rConfig v3.1.1 introduced whitelisting. This is how to get past that. :) Greg Verification of Vulnerability (for v3.1.1) =================== The following steps can be carried out in duplicating this vulnerability. Step 1: Enter the following into your browser address bar: http://<SERVER>/l [ more ] [ reply ] |
|
Privacy Statement |
===============
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1853
Release Date:
=============
2016-06-13
Vulnerability Laboratory ID (VL-ID):
==========================
[ more ] [ reply ]