BugTraq Mode:
(Page 22 of 525)  < Prev  17 18 19 20 21 22 23 24 25 26 27  Next >
Cisco EPC 3928 Multiple Vulnerabilities 2016-06-08
patryk bogdan secorda com
# Title: Cisco EPC 3928 Multiple Vulnerabilities
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
# CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337
# Author: Patryk Bogdan from Secor

[ more ]  [ reply ]
[SECURITY] [DSA 3598-1] vlc security update 2016-06-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3598-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 07, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05164813

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05164813
Version: 1

HPSBGN03623

[ more ]  [ reply ]
[security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05164408

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05164408
Version: 1

HPSBGN03622

[ more ]  [ reply ]
[security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05164821

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05164821
Version: 1

HPSBGN03621

[ more ]  [ reply ]
[CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection 2016-06-07
john fitzpatrick mwrinfosecurity com
###[IBM GPFS / Spectrum Scale Command Injection]###

A command injection vulnerability in GPFS / Spectrum Scale allows attackers to escalate privileges to root

* Product: IBM GPFS / Spectrum Scale
* Severity: High
* CVE Reference: CVE-2016-0392
* Type: Command injection
* Author: John Fitzpatrick (

[ more ]  [ reply ]
[SECURITY] [DSA 3597-1] expat security update 2016-06-07
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3597-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
June 07, 2016

[ more ]  [ reply ]
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability 2016-06-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1855

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Microsoft Education - Code Execution Vulnerability 2016-06-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Microsoft Education - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1669

MSRC Case: 32314
TRK: 0001002809

Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-educatio

[ more ]  [ reply ]
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability 2016-06-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1854

Release Date:
=============
2016-06-07

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Mapbox (API) - Filter Bypass & Persistent Vulnerability 2016-06-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Mapbox (API) - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1787

ID: #119802

Release Date:
=============
2016-06-06

Vulnerability Laboratory ID (VL-ID):
==================

[ more ]  [ reply ]
[security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05164862

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05164862
Version: 1

HPSBGN03620 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05164819

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05164819
Version: 1

HPSBGN03619 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-06-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05028479

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05028479
Version: 2

HPSBGN03442 r

[ more ]  [ reply ]
Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion 2016-06-06
Gregory Pickett (gpickett71 yahoo com)
rConfig v3.1.1 introduced whitelisting. This is how to get past that. :)

Greg

Verification of Vulnerability (for v3.1.1)
===================
The following steps can be carried out in duplicating this vulnerability.

Step 1:
Enter the following into your browser address bar:

http://<SERVER>/l

[ more ]  [ reply ]
[SECURITY] [DSA 3596-1] spice security update 2016-06-06
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3596-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 06, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3595-1] mariadb-10.0 security update 2016-06-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3595-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3548-3] samba regression update 2016-06-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3548-3 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3594-1] chromium-browser security update 2016-06-04
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3594-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 04, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:24.ntp 2016-06-04
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:24.ntp Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2016-155-01) 2016-06-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2016-155-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER 2016-06-03
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0515855
5

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158555
Version: 1

HPSBHF3548 - Linux Kernel F

[ more ]  [ reply ]
[security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access 2016-06-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05162399

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05162399
Version: 2

HPSBUX03616 S

[ more ]  [ reply ]
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability 2016-06-03
Brian Demers (bdemers apache org)
Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
1.0.0-incubating - 1.2.4

Description:
A default cipher key is used for the "remember me" feature when not
explicitly configured. A request that included a specially crafted
request parameter could be used to execute ar

[ more ]  [ reply ]
Notilus v2012 R3 - SQL injection 2016-06-03
alex_haynes outlook com
Exploit Title: Notilus SQL injection
Product: Notilus travel solution software
Vulnerable Versions: 2012 R3
Tested Version: 2012 R3
Advisory Publication: 03/06/2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
C

[ more ]  [ reply ]
[SECURITY] [DSA 3593-1] libxml2 security update 2016-06-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3593-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 02, 2016

[ more ]  [ reply ]
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability 2016-06-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-060

CVE Identifier: CVE-2016-0908

Severity Rating: CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected products:

? EMC

[ more ]  [ reply ]
Zoho OpManager < v12 2016-06-02
d_fens redbrick dcu ie
Reported these 27/08/2015 these were eventually fixed in version 12 because the entire application is based on emberjs now. There are no CVEs for these issues assigned nor is there any acknowledgement of the issues in any patches. Therefore only version 12 fixes these.

Multiple stored and reflected

[ more ]  [ reply ]
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) 2016-06-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157667

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157667
Version: 1

HPSBMU03607 r

[ more ]  [ reply ]
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway 2016-06-02
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20160602-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Ubee EVW3226 Advanced wireless voice gateway
vulnerable version: Firmware EVW3226_1.0.20

[ more ]  [ reply ]
XML External Entity XXE vulnerability in OpenID component of Liferay 2016-06-02
Sandro Gauci (sandro enablesecurity com)
# XML External Entity XXE vulnerability in OpenID component of Liferay

- Author: Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Vulnerable version: Liferay 6.2.3 CE GA4 and earlier
- Liferay reference: LPS-58014
- Advisory URL:
<https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-life
ray

[ more ]  [ reply ]
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158380

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158380
Version: 1

HPSBMU03612

[ more ]  [ reply ]
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05158626

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05158626
Version: 1

HPSBOV03615 r

[ more ]  [ reply ]
[SECURITY] [DSA 3592-1] nginx security update 2016-06-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3592-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
June 01, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20160601-prime3

Revision 1.0

For Public Release 2016 June 1 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summa

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability 2016-06-01
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160601-prime

Version 1.0: Final

For public release: 2016 June 1 16:00 GMT

+--------------------------------

[ more ]  [ reply ]
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) 2016-06-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05157423

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157423
Version: 1

HPSBGN03609 r

[ more ]  [ reply ]
[SECURITY] [DSA 3591-1] imagemagick security update 2016-06-01
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3591-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
June 01, 2016

[ more ]  [ reply ]
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU
TION.txt

[+] ISR: apparitionsec

Vendor:
==========
sourceforge.net
smsid

download linx:
sourceforge.net/projects/ajax-explorer/files/

Product:
=

[ more ]  [ reply ]
[SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3590-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
June 01, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:20.linux Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:22.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:23.libarchive Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:21.43bsd Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
may Lead to Remote Command Execution

A vulnerability within the Relay Ajax Directory Manager web application
allows unauthenticated attackers to upload arbitrary files to the web
server running the web application.

De

[ more ]  [ reply ]
[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Websockify: Remote Code Execution via Buffer Overflow

RedTeam Pentesting discovered a buffer overflow vulnerability in the C
implementation of Websockify, which allows attackers to execute
arbitrary code.

Details
=======

Product: Websockify C implementation
Affected Versions: all versi

[ more ]  [ reply ]
[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor 2016-05-31
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monit

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-152-02) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-152-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] imagemagick (SSA:2016-152-01) 2016-05-31
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] imagemagick (SSA:2016-152-01)

New imagemagick packages are available for Slackware 14.0, 14.1, and -current
to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] Lorex ECO DVR Hard coded password 2016-05-30
andrew hofmans gmail com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1. ADVISORY INFORMATION
=======================
Product: Lorex ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard coded password [CWE-259]
Date found: 2016-05-04
Date published: 2016-05-30
CVE: -

2. CREDITS
==========
This vulnerability

[ more ]  [ reply ]
[SECURITY] [DSA 3589-1] gdk-pixbuf security update 2016-05-30
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3589-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2016

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0004 2016-05-30
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory UR

[ more ]  [ reply ]
[oCERT 2016-001] Jetty path sanitization issues 2016-05-30
Daniele Bianco (danbia ocert org)

Description:

Jetty is a Java HTTP (Web) server and Servlet container.

The Jetty path normalization mechanism suffers of an implementation issue
when parsing the request URLs.

The path normalization logic implemented in the PathResource class and
introduced in Jetty versions 9.3.x can be defeate

[ more ]  [ reply ]
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router 2016-05-28
mohitreload gmail com
Intex Wireless N150 Easy Setup Router
Vulnerabilities
1. Overview
Intex Wireless N150 Easy Setup Router, firmware version: V5.07.51_en_INX01, uses default credentials, vulnerable to cross-site request forgery, clear text Transmission of Sensitive Information and other attacks.
2. Vulnerabilities
1

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-148-03) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-148-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[SECURITY] [DSA 3588-1] symfony security update 2016-05-29
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3588-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
May 29, 2016

[ more ]  [ reply ]
[slackware-security] libxslt (SSA:2016-148-02) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxslt (SSA:2016-148-02)

New libxslt packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/

[ more ]  [ reply ]
[slackware-security] libxml2 (SSA:2016-148-01) 2016-05-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libxml2 (SSA:2016-148-01)

New libxml2 packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway 2016-05-27
Daniel Schliebner (DSchliebner persicon com)
PERSICON Security Advisory
=======================================================================
Title: Login Form Hijacking vulnerability
Product: Citrix Netscaler
Vulnerable Version: 11.0 Build 64.35
Fixed Version: 11.0 Build 66.11

[ more ]  [ reply ]
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass 2016-05-27
Keith W (keith wall gmail com)
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.2 and earlier

Description:

The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and
0-10 connections contains a

[ more ]  [ reply ]
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability 2016-05-27
Lorenz Quack (quack lorenz gmail com)
CVE-2016-3094: Apache Qpid Java Broker denial of service vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2

Description: A malformed authentication attempt may cause the broker to
terminate. The Qpid Java

[ more ]  [ reply ]
[SECURITY] [DSA 3587-1] libgd2 security update 2016-05-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3587-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 27, 2016

[ more ]  [ reply ]
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability 2016-05-27
Andreas Lehmkuehler (lehmi apache org)
CVE-2016-2175: Apache PDFBox XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache PDFBox 1.8.0 to 1.8.11
Apache PDFBox 2.0.0
Earlier, unsupported Apache PDFBox versions may be affected as well

Description:
Apache PDFBox parses di

[ more ]  [ reply ]
[CVE-2016-4434] Apache Tika XML External Entity vulnerability 2016-05-26
Tim Allison (tallison apache org)
CVE-2016-4434: Apache Tika XML External Entity vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Tika 0.10 to 1.12

Description:
Apache Tika parses XML within numerous file formats. In some instances[1], the initialization ofthe XML parser or

[ more ]  [ reply ]
ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability 2016-05-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability

EMC Identifier: ESA-2016-061

CVE Identifier: CVE-2016-0907

Severity Rating: CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected products:

EMC IsilonSD Edge One

[ more ]  [ reply ]
[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-26
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05149345

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149345
Version: 1

HPSBGN03610 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150888

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150888
Version: 1

HPSBMU03611

[ more ]  [ reply ]
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS) 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150736

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150736
Version: 1

HPSBMU03600

[ more ]  [ reply ]
[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150442

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150442
Version: 1

HPSBUX03606 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05150800

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05150800
Version: 1

HPSBMU03601

[ more ]  [ reply ]
VMWare vSphere Web Client Flash XSS 2016-05-25
apparitionsec gmail com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt

[+] ISR: apparitionsec

Vendor:
===============
www.vmware.com

Product:
====================================
VMWare vSphere Web Cli

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability 2016-05-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160525-ipv6

Revision 1.0

For Public Release 2016 May 25 16:00 UTC (GMT)

+----------------------------------------------------------------

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-05-25 2016-05-25
Martin Heiland (martin heiland lists open-xchange com)
Product: OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 44542 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.0 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versions: 7.6.2-rev40, 7.6.3-r

[ more ]  [ reply ]
[slackware-security] libarchive (SSA:2016-145-01) 2016-05-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libarchive (SSA:2016-145-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/l

[ more ]  [ reply ]
[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information 2016-05-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05149290

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149290
Version: 1

HPSBGN03605 r

[ more ]  [ reply ]
AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection 2016-05-23
mehmet ince invictuseurope com
1. ADVISORY INFORMATION
========================================
Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection
Application: AfterLogic WebMail Pro ASP.NET
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: AfterLogic WebMail

[ more ]  [ reply ]
[SECURITY] [DSA 3586-1] atheme-services security update 2016-05-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3586-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2016

[ more ]  [ reply ]
[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections 2016-05-23
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/

[ more ]  [ reply ]
[SECURITY] [DSA 3585-1] wireshark security update 2016-05-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3585-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 22, 2016

[ more ]  [ reply ]
[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries 2016-05-21
Julien Ahrens (info rcesecurity com)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Postfix Admin
Vendor URL: sourceforge.net/projects/postfixadmin/
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2016-04-23
Date published: 2016-05-21
CVSSv3 S

[ more ]  [ reply ]
[slackware-security] curl (SSA:2016-141-01) 2016-05-20
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] curl (SSA:2016-141-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patc

[ more ]  [ reply ]
[security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-05-19
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05063986

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05063986
Version: 1

HPSBGN03564

[ more ]  [ reply ]
[SECURITY] [DSA 3584-1] librsvg security update 2016-05-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3584-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 19, 2016

[ more ]  [ reply ]
[ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: SQL injection

Send: 04.12.2015

Reported: 04.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2101079

A

[ more ]  [ reply ]
[ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability 2016-05-19
ERPScan inc (erpscan online gmail com)
Application:SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: information disclosure

Sent: 15.09.2015

Reported: 15.09.2015

Vendor response: 16.09.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2256846

Author:

[ more ]  [ reply ]
TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4 2016-05-19
mandy madison-gurkha com
Madison Gurkha Security Advisory

Advisory: TYPO3 circumvent RemoveXSS.php cross site scripting using BASE64 encoding

1. DETAILS
----------
Product: Typo3 CMS
Vendor URL: typo3.org
Type: Cross-site Scripting[CWE-79]
Date found: 2016-03-09
Date published: 2016-05-19

2. AFFECTED VERSIONS
-----------

[ more ]  [ reply ]
[SECURITY] [DSA 3583-1] swift-plugin-s3 security update 2016-05-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3583-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information 2016-05-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05141083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05141083
Version: 1

HPSBGN03602 r

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance Connection Denial of Service Vulnerability

Advisory ID: cisco-sa-20160518-wsa4

Revision 1.0

For Public Release 2016 May 18 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability

Advisory ID: cisco-sa-20160518-wsa3

Revision 1.0

For Public Release 2016 May 18 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability

Advisory ID: cisco-sa-20160518-wsa2

Revision 1.0

For Public Release 2016 May 18 16:00 UTC (GMT)

+---------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability 2016-05-18
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability

Advisory ID: cisco-sa-20160518-wsa1

Revision 1.0

For Public Release 2016 May 18 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary

[ more ]  [ reply ]
[security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05143554

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05143554
Version: 1

HPSBHF03579

[ more ]  [ reply ]
[security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities 2016-05-18
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05140858

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05140858
Version: 1

HPSBHF03578

[ more ]  [ reply ]
[SECURITY] [DSA 3582-1] expat security update 2016-05-18
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3582-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 18, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg 2016-05-17
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:19.sendmsg Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd 2016-05-17
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:18.atkbd Security Advisory
The FreeBSD Project

Topic: B

[ more ]  [ reply ]
[security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information 2016-05-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05141441

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05141441
Version: 1

HPSBGN03587 r

[ more ]  [ reply ]
(Page 22 of 525)  < Prev  17 18 19 20 21 22 23 24 25 26 27  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus