|
|
Colapse all |
Post message
[security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164813 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164813 Version: 1 HPSBGN03623 [ more ] [ reply ] [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164408 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164408 Version: 1 HPSBGN03622 [ more ] [ reply ] [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164821 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164821 Version: 1 HPSBGN03621 [ more ] [ reply ] [CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection 2016-06-07 john fitzpatrick mwrinfosecurity com ###[IBM GPFS / Spectrum Scale Command Injection]### A command injection vulnerability in GPFS / Spectrum Scale allows attackers to escalate privileges to root * Product: IBM GPFS / Spectrum Scale * Severity: High * CVE Reference: CVE-2016-0392 * Type: Command injection * Author: John Fitzpatrick ( [ more ] [ reply ] Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1855 Release Date: ============= 2016-06-06 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] Microsoft Education - Code Execution Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Microsoft Education - Code Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1669 MSRC Case: 32314 TRK: 0001002809 Research Article: http://www.kieranclaessens.be/uncategorized/microsoft-educatio [ more ] [ reply ] Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1854 Release Date: ============= 2016-06-07 Vulnerability Laboratory ID (VL-ID): ==================== [ more ] [ reply ] Mapbox (API) - Filter Bypass & Persistent Vulnerability 2016-06-07 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Mapbox (API) - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1787 ID: #119802 Release Date: ============= 2016-06-06 Vulnerability Laboratory ID (VL-ID): ================== [ more ] [ reply ] [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164862 Version: 1 HPSBGN03620 r [ more ] [ reply ] [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05164819 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05164819 Version: 1 HPSBGN03619 r [ more ] [ reply ] [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-06-07 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05028479 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05028479 Version: 2 HPSBGN03442 r [ more ] [ reply ] Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion 2016-06-06 Gregory Pickett (gpickett71 yahoo com) rConfig v3.1.1 introduced whitelisting. This is how to get past that. :) Greg Verification of Vulnerability (for v3.1.1) =================== The following steps can be carried out in duplicating this vulnerability. Step 1: Enter the following into your browser address bar: http://<SERVER>/l [ more ] [ reply ] [SECURITY] [DSA 3595-1] mariadb-10.0 security update 2016-06-05 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3594-1] chromium-browser security update 2016-06-04 Michael Gilbert (mgilbert debian org) FreeBSD Security Advisory FreeBSD-SA-16:24.ntp 2016-06-04 FreeBSD Security Advisories (security-advisories freebsd org) [slackware-security] ntp (SSA:2016-155-01) 2016-06-04 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2016-155-01) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER 2016-06-03 HP Security Alert (hp-security-alert hp com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0515855 5 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158555 Version: 1 HPSBHF3548 - Linux Kernel F [ more ] [ reply ] [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access 2016-06-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05162399 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05162399 Version: 2 HPSBUX03616 S [ more ] [ reply ] [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability 2016-06-03 Brian Demers (bdemers apache org) Severity: Important Vendor: The Apache Software Foundation Versions Affected: 1.0.0-incubating - 1.2.4 Description: A default cipher key is used for the "remember me" feature when not explicitly configured. A request that included a specially crafted request parameter could be used to execute ar [ more ] [ reply ] Notilus v2012 R3 - SQL injection 2016-06-03 alex_haynes outlook com Exploit Title: Notilus SQL injection Product: Notilus travel solution software Vulnerable Versions: 2012 R3 Tested Version: 2012 R3 Advisory Publication: 03/06/2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89] CVE Reference: NONE C [ more ] [ reply ] ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability 2016-06-02 Security Alert (Security_Alert emc com) Zoho OpManager < v12 2016-06-02 d_fens redbrick dcu ie Reported these 27/08/2015 these were eventually fixed in version 12 because the entire application is based on emberjs now. There are no CVEs for these issues assigned nor is there any acknowledgement of the issues in any patches. Therefore only version 12 fixes these. Multiple stored and reflected [ more ] [ reply ] [security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF) 2016-06-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05157667 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157667 Version: 1 HPSBMU03607 r [ more ] [ reply ] SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway 2016-06-02 SEC Consult Vulnerability Lab (research sec-consult com) XML External Entity XXE vulnerability in OpenID component of Liferay 2016-06-02 Sandro Gauci (sandro enablesecurity com) # XML External Entity XXE vulnerability in OpenID component of Liferay - Author: Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Vulnerable version: Liferay 6.2.3 CE GA4 and earlier - Liferay reference: LPS-58014 - Advisory URL: <https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-life ray [ more ] [ reply ] [security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05158380 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158380 Version: 1 HPSBMU03612 [ more ] [ reply ] [security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05158626 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05158626 Version: 1 HPSBOV03615 r [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability 2016-06-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability Advisory ID: cisco-sa-20160601-prime3 Revision 1.0 For Public Release 2016 June 1 16:00 UTC (GMT) +--------------------------------------------------------------------- Summa [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability 2016-06-01 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability Advisory ID: cisco-sa-20160601-prime Version 1.0: Final For public release: 2016 June 1 16:00 GMT +-------------------------------- [ more ] [ reply ] [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS) 2016-06-01 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05157423 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05157423 Version: 1 HPSBGN03609 r [ more ] [ reply ] AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS 2016-06-01 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECU TION.txt [+] ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx: sourceforge.net/projects/ajax-explorer/files/ Product: = [ more ] [ reply ] [SECURITY] [DSA 3590-1] chromium-browser security update 2016-06-01 Michael Gilbert (mgilbert debian org) FreeBSD Security Advisory FreeBSD-SA-16:20.linux 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd 2016-05-31 FreeBSD Security Advisories (security-advisories freebsd org) [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution 2016-05-31 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution A vulnerability within the Relay Ajax Directory Manager web application allows unauthenticated attackers to upload arbitrary files to the web server running the web application. De [ more ] [ reply ] [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow 2016-05-31 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Websockify: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered a buffer overflow vulnerability in the C implementation of Websockify, which allows attackers to execute arbitrary code. Details ======= Product: Websockify C implementation Affected Versions: all versi [ more ] [ reply ] [RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor 2016-05-31 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor Authenticated users who can create new HTTP XML/REST Value sensors in PRTG Network Monitor can read local files on the PRTG host system via XML external entity expansion. Details ======= Product: Paessler PRTG Network Monit [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2016-152-02) 2016-05-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-152-02) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] imagemagick (SSA:2016-152-01) 2016-05-31 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] imagemagick (SSA:2016-152-01) New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] [SECURITY] Lorex ECO DVR Hard coded password 2016-05-30 andrew hofmans gmail com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1. ADVISORY INFORMATION ======================= Product: Lorex ECO DVR Vendor URL: https://www.lorextechnology.com/ Type: Hard coded password [CWE-259] Date found: 2016-05-04 Date published: 2016-05-30 CVE: - 2. CREDITS ========== This vulnerability [ more ] [ reply ] [SECURITY] [DSA 3589-1] gdk-pixbuf security update 2016-05-30 Salvatore Bonaccorso (carnil debian org) WebKitGTK+ Security Advisory WSA-2016-0004 2016-05-30 Carlos Alberto Lopez Perez (clopez igalia com) [oCERT 2016-001] Jetty path sanitization issues 2016-05-30 Daniele Bianco (danbia ocert org) Description: Jetty is a Java HTTP (Web) server and Servlet container. The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeate [ more ] [ reply ] Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router 2016-05-28 mohitreload gmail com Intex Wireless N150 Easy Setup Router Vulnerabilities 1. Overview Intex Wireless N150 Easy Setup Router, firmware version: V5.07.51_en_INX01, uses default credentials, vulnerable to cross-site request forgery, clear text Transmission of Sensitive Information and other attacks. 2. Vulnerabilities 1 [ more ] [ reply ] [slackware-security] php (SSA:2016-148-03) 2016-05-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-148-03) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.6.2 [ more ] [ reply ] [slackware-security] libxslt (SSA:2016-148-02) 2016-05-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxslt (SSA:2016-148-02) New libxslt packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/ [ more ] [ reply ] [slackware-security] libxml2 (SSA:2016-148-01) 2016-05-27 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxml2 (SSA:2016-148-01) New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/l [ more ] [ reply ] [CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway 2016-05-27 Daniel Schliebner (DSchliebner persicon com) [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass 2016-05-27 Keith W (keith wall gmail com) [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: Qpid Java Broker versions 6.0.2 and earlier Description: The code responsible for handling incoming AMQP 0-8, 0-9, 0-91, and 0-10 connections contains a [ more ] [ reply ] [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability 2016-05-27 Lorenz Quack (quack lorenz gmail com) CVE-2016-3094: Apache Qpid Java Broker denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Qpid Java Broker versions 6.0.0, 6.0.1, and 6.0.2 Description: A malformed authentication attempt may cause the broker to terminate. The Qpid Java [ more ] [ reply ] [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability 2016-05-27 Andreas Lehmkuehler (lehmi apache org) CVE-2016-2175: Apache PDFBox XML External Entity vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache PDFBox 1.8.0 to 1.8.11 Apache PDFBox 2.0.0 Earlier, unsupported Apache PDFBox versions may be affected as well Description: Apache PDFBox parses di [ more ] [ reply ] [CVE-2016-4434] Apache Tika XML External Entity vulnerability 2016-05-26 Tim Allison (tallison apache org) CVE-2016-4434: Apache Tika XML External Entity vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tika 0.10 to 1.12 Description: Apache Tika parses XML within numerous file formats. In some instances[1], the initialization ofthe XML parser or [ more ] [ reply ] ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability 2016-05-26 Security Alert (Security_Alert emc com) [security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-26 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05149345 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05149345 Version: 1 HPSBGN03610 r [ more ] [ reply ] [security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities 2016-05-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05150888 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05150888 Version: 1 HPSBMU03611 [ more ] [ reply ] [security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS) 2016-05-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05150736 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05150736 Version: 1 HPSBMU03600 [ more ] [ reply ] [security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities 2016-05-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05150442 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05150442 Version: 1 HPSBUX03606 r [ more ] [ reply ] [security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities 2016-05-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05150800 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05150800 Version: 1 HPSBMU03601 [ more ] [ reply ] VMWare vSphere Web Client Flash XSS 2016-05-25 apparitionsec gmail com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/VMWARE-VSPHERE-FLASH-XSS.txt [+] ISR: apparitionsec Vendor: =============== www.vmware.com Product: ==================================== VMWare vSphere Web Cli [ more ] [ reply ] Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability 2016-05-25 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20160525-ipv6 Revision 1.0 For Public Release 2016 May 25 16:00 UTC (GMT) +---------------------------------------------------------------- [ more ] [ reply ] Open-Xchange Security Advisory 2016-05-25 2016-05-25 Martin Heiland (martin heiland lists open-xchange com) Product: OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 44542 (Bug ID) Vulnerability type: Cross Site Scripting (CWE-80) Vulnerable version: 7.8.0 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed versions: 7.6.2-rev40, 7.6.3-r [ more ] [ reply ] [slackware-security] libarchive (SSA:2016-145-01) 2016-05-25 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libarchive (SSA:2016-145-01) New libarchive packages are available for Slackware 14.1 and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/l [ more ] [ reply ] [security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information 2016-05-25 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05149290 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05149290 Version: 1 HPSBGN03605 r [ more ] [ reply ] AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection 2016-05-23 mehmet ince invictuseurope com 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail [ more ] [ reply ] [SECURITY] [DSA 3586-1] atheme-services security update 2016-05-23 Moritz Muehlenhoff (jmm debian org) [RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections 2016-05-23 Julien Ahrens (info rcesecurity com) [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries 2016-05-21 Julien Ahrens (info rcesecurity com) [slackware-security] curl (SSA:2016-141-01) 2016-05-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2016-141-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patc [ more ] [ reply ] [security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-05-19 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05063986 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05063986 Version: 1 HPSBGN03564 [ more ] [ reply ] [ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability 2016-05-19 ERPScan inc (erpscan online gmail com) [ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability 2016-05-19 ERPScan inc (erpscan online gmail com) Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: [ more ] [ reply ] TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4 2016-05-19 mandy madison-gurkha com Madison Gurkha Security Advisory Advisory: TYPO3 circumvent RemoveXSS.php cross site scripting using BASE64 encoding 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site Scripting[CWE-79] Date found: 2016-03-09 Date published: 2016-05-19 2. AFFECTED VERSIONS ----------- [ more ] [ reply ] [SECURITY] [DSA 3583-1] swift-plugin-s3 security update 2016-05-18 Moritz Muehlenhoff (jmm debian org) [security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05141083 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05141083 Version: 1 HPSBGN03602 r [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Connection Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa4 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary = [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa3 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa2 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa1 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] [security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05143554 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05143554 Version: 1 HPSBHF03579 [ more ] [ reply ] [security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05140858 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05140858 Version: 1 HPSBHF03578 [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information 2016-05-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05141441 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05141441 Version: 1 HPSBGN03587 r [ more ] [ reply ] |
|
Privacy Statement |
# Vendor: http://www.cisco.com/
# Vulnerable Version(s): Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway
# CVE References: CVE-2015-6401 / CVE-2015-6402 / CVE-2016-1328 / CVE-2016-1336 / CVE-2016-1337
# Author: Patryk Bogdan from Secor
[ more ] [ reply ]