|
|
Colapse all |
Post message
AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection 2016-05-23 mehmet ince invictuseurope com [SECURITY] [DSA 3586-1] atheme-services security update 2016-05-23 Moritz Muehlenhoff (jmm debian org) [RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections 2016-05-23 Julien Ahrens (info rcesecurity com) [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries 2016-05-21 Julien Ahrens (info rcesecurity com) [slackware-security] curl (SSA:2016-141-01) 2016-05-20 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2016-141-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patc [ more ] [ reply ] [security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution 2016-05-19 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05063986 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05063986 Version: 1 HPSBGN03564 [ more ] [ reply ] [ERPSCAN-16-011] SAP NetWeaver AS JAVA â?? SQL injection vulnerability 2016-05-19 ERPScan inc (erpscan online gmail com) [ERPSCAN-16-010] SAP NetWeaver AS JAVA â?? information disclosure vulnerability 2016-05-19 ERPScan inc (erpscan online gmail com) Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: information disclosure Sent: 15.09.2015 Reported: 15.09.2015 Vendor response: 16.09.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2256846 Author: [ more ] [ reply ] TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4 2016-05-19 mandy madison-gurkha com Madison Gurkha Security Advisory Advisory: TYPO3 circumvent RemoveXSS.php cross site scripting using BASE64 encoding 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site Scripting[CWE-79] Date found: 2016-03-09 Date published: 2016-05-19 2. AFFECTED VERSIONS ----------- [ more ] [ reply ] [SECURITY] [DSA 3583-1] swift-plugin-s3 security update 2016-05-18 Moritz Muehlenhoff (jmm debian org) [security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05141083 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05141083 Version: 1 HPSBGN03602 r [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Connection Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa4 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary = [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa3 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa2 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability 2016-05-18 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability Advisory ID: cisco-sa-20160518-wsa1 Revision 1.0 For Public Release 2016 May 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary [ more ] [ reply ] [security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05143554 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05143554 Version: 1 HPSBHF03579 [ more ] [ reply ] [security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities 2016-05-18 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05140858 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05140858 Version: 1 HPSBHF03578 [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd 2016-05-17 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information 2016-05-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05141441 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05141441 Version: 1 HPSBGN03587 r [ more ] [ reply ] WSO2 SOA Enablement Server - Reflected Cross-Site Scripting 2016-05-17 Etnies (kuba25101990 gmail com) Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting Authors: Jakub Palaczynski, Lukasz Juszczyk Date: 08. April 2016 CVE: CVE-2016-4327 Affected Software: ================== WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 Probably other versions are also vulnerable [ more ] [ reply ] [security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-17 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c05135617 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05135617 Version: 1 HPSBHF03594 r [ more ] [ reply ] APPLE-SA-2016-05-16-6 iTunes 12.4 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-6 iTunes 12.4 iTunes 12.4 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Running the iTunes installer in an untrusted directory may have resulted in arbitrary code execution Desc [ more ] [ reply ] APPLE-SA-2016-05-16-5 Safari 9.1.1 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-5 Safari 9.1.1 Safari 9.1.1 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.5 Impact: A user may be unable to fully delete browsing [ more ] [ reply ] APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 2016-05-16 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses the following: AMD Available for: OS X El Capitan v10.11 and later Impact: An applicatio [ more ] [ reply ] |
|
Privacy Statement |
========================================
Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection
Application: AfterLogic WebMail Pro ASP.NET
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: AfterLogic WebMail
[ more ] [ reply ]