BugTraq Mode:
(Page 23 of 525)  < Prev  18 19 20 21 22 23 24 25 26 27 28  Next >
WSO2 SOA Enablement Server - Reflected Cross-Site Scripting 2016-05-17
Etnies (kuba25101990 gmail com)
Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting
Authors: Jakub Palaczynski, Lukasz Juszczyk
Date: 08. April 2016
CVE: CVE-2016-4327
Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable

[ more ]  [ reply ]
[security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-17
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05135617

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05135617
Version: 1

HPSBHF03594 r

[ more ]  [ reply ]
[SECURITY] [DSA 3581-1] libndp security update 2016-05-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3581-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 17, 2016

[ more ]  [ reply ]
APPLE-SA-2016-05-16-6 iTunes 12.4 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-6 iTunes 12.4

iTunes 12.4 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
have resulted in arbitrary code execution
Desc

[ more ]  [ reply ]
APPLE-SA-2016-05-16-5 Safari 9.1.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-5 Safari 9.1.1

Safari 9.1.1 is now available and addresses the following:

Safari
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan v10.11.5
Impact: A user may be unable to fully delete browsing

[ more ]  [ reply ]
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update
2016-003

OS X El Capitan 10.11.5 and Security Update 2016-003 is now available
and addresses the following:

AMD
Available for: OS X El Capitan v10.11 and later
Impact: An applicatio

[ more ]  [ reply ]
APPLE-SA-2016-05-16-3 watchOS 2.2.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-3 watchOS 2.2.1

watchOS 2.2.1 is now available and addresses the following:

CommonCrypto
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A malicious application may be able to

[ more ]  [ reply ]
APPLE-SA-2016-05-16-2 iOS 9.3.2 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-2 iOS 9.3.2

iOS 9.3.2 is now available and addresses the following:

Accessibility
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to determine kerne

[ more ]  [ reply ]
APPLE-SA-2016-05-16-1 tvOS 9.2.1 2016-05-16
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-16-1 tvOS 9.2.1

tvOS 9.2.1 is now available and addresses the following:

CFNetwork Proxies
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user informatio

[ more ]  [ reply ]
Security advisory for Bugzilla 5.0.3 and 4.4.12 2016-05-16
LpSolit gmail com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* A specially crafted bug summary could trigger XSS in dependency graphs.

All affected installations are encouraged to upgrade as

[ more ]  [ reply ]
[SECURITY] [DSA 3580-1] imagemagick security update 2016-05-16
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3580-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
May 16, 2016

[ more ]  [ reply ]
[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet 2016-05-16
ERPScan inc (erpscan online gmail com)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bugs: Cross Site Scripting (XSS)

Sent: 10.08.2015

Reported: 10.08.2015

Vendor response: 11.08.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2220571

Author: Vah

[ more ]  [ reply ]
[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability 2016-05-16
ERPScan inc (erpscan online gmail com)
Application: SAP xMII

Versions Affected: SAP MII 15.0

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 29.07.2015

Reported: 29.07.2015

Vendor response: 30.07.2015

Date of Public Advisory: 09.02.2016

Reference: SAP Security Note 2230978

Author: Dmitry Chastuhin (ERPScan)

Descr

[ more ]  [ reply ]
[SECURITY] [DSA 3579-1] xerces-c security update 2016-05-16
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3579-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 16, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3578-1] libidn security update 2016-05-14
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3578-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 14, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3577-1] jansson security update 2016-05-14
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3577-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 14, 2016

[ more ]  [ reply ]
dns_dhcp Web Interface SQL Injection 2016-05-14
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/DNS_DHCP-WEB-INTERFACE-SQL-IN
JECTION.txt

[+] ISR: apparitionsec

Vendor:
====================
tmcdos / sourceforge

Product:
======================
dns_dhcp Web Interface

Down

[ more ]  [ reply ]
eXtplorer v2.1.9 Archive Path Traversal 2016-05-14
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVER
SAL.txt

[+] ISR: apparitionsec

Vendor:
==============
extplorer.net

Product:
==================
eXtplorer v2.1.9

eXtplorer is a PH

[ more ]  [ reply ]
[SECURITY] [DSA 3576-1] icedove security update 2016-05-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3576-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2016

[ more ]  [ reply ]
[security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities 2016-05-13
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05131085

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05131085
Version: 1

HPSBMU03590

[ more ]  [ reply ]
May 2016 - HipChat Server - Critical Security Advisory 2016-05-13
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/96hMMQ .

CVE IDs:
* CVE-2016-3714 - ImageMagick - Insufficient shell characters
filtering leads to (potentially * remote) code execution
* CVE-2016-3715 -

[ more ]  [ reply ]
[security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05131044

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05131044
Version: 1

HPSBMU03589

[ more ]  [ reply ]
[security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05130958

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05130958
Version: 1

HPSBMU03591

[ more ]  [ reply ]
[SECURITY] [DSA 3575-1] libxstream-java security update 2016-05-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3575-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 12, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS) 2016-05-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05125672

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05125672
Version: 1

HPSBGN03597 r

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-132-01) 2016-05-12
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-132-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass 2016-05-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05128992

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05128992
Version: 1

HPSBST03599 r

[ more ]  [ reply ]
[security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-05-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05128937

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05128937
Version: 1

HPSBST03598 r

[ more ]  [ reply ]
[security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification 2016-05-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05128722

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05128722
Version: 1

HPSBST03586 r

[ more ]  [ reply ]
[security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities 2016-05-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05082964

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05082964
Version: 2

HPSBNS03581 r

[ more ]  [ reply ]
[security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities 2016-05-11
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05126404

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05126404
Version: 1

HPSBHF03592

[ more ]  [ reply ]
[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update 2016-05-11
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3565-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 11, 2016

[ more ]  [ reply ]
BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities 2016-05-10
Onur Yilmaz (onur netsparker com)
Information
--------------------
Advisory by Netsparker
Name: Multiple XSS Vulnerabilities in BulletProof Security
Affected Software : BulletProof Security
Affected Versions: v53.3 and possibly below
Vendor Homepage : https://wordpress.org/plugins/bulletproof-security/
Vulnerability Type : Cross-sit

[ more ]  [ reply ]
[slackware-security] imagemagick (SSA:2016-132-01) 2016-05-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] imagemagick (SSA:2016-132-01)

New imagemagick packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
[security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure 2016-05-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05115993

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05115993
Version: 1

HPSBUX03574 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access 2016-05-10
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05121842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121842
Version: 1

HPSBUX03596 r

[ more ]  [ reply ]
[SECURITY] [DSA 3574-1] libarchive security update 2016-05-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3574-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 10, 2016

[ more ]  [ reply ]
Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution 2016-05-10
support thegrideon com
+ Credits: Maxim Tomashevich from Thegrideon Software
+ Website: https://www.thegrideon.com/
+ Details: https://www.thegrideon.com/qb-internals-sql.html

Vendor:
---------------------
www.intuit.com
www.intuit.ca
www.intuit.co.uk

Product:
---------------------
QuickBooks Desktop
versions: 2007 - 2

[ more ]  [ reply ]
Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1716

Trend Micro Security ID: 1-1-1039900197

Release Date:
=============
2016-05-01

Vulner

[ more ]  [ reply ]
Stanford University - Multiple SQL Injection Vulnerabilities 2016-05-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Stanford University - Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1829

Release Date:
=============
2016-05-09

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
Notes v4.5 iOS - Arbitrary File Upload Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Notes v4.5 iOS - Arbitrary File Upload Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1832

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
==================================

[ more ]  [ reply ]
Skype Manager - (Email Change) Filter Bypass Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Skype Manager - (Email Change) Filter Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1672

MSRC Case 32353 TRK:0001002845

Release Date:
=============
2016-05-09

Vulnerability Laboratory ID (VL-I

[ more ]  [ reply ]
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-05-10
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1839

Release Date:
=============
2016-04-29

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
[security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files 2016-05-09
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05121749

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05121749
Version: 1

HPSBUX03577 S

[ more ]  [ reply ]
[SECURITY] [DSA 3573-1] qemu security update 2016-05-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3573-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3572-1] websvn security update 2016-05-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3572-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 09, 2016

[ more ]  [ reply ]
WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS 2016-05-09
mail michaelhelwig de
* Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS
* Discovery Date: 2016/03/13
* Public Disclosure Date: 2016/05/09
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net
* Vendor Homepage: http://wpeventregister

[ more ]  [ reply ]
[SECURITY] [DSA 3571-1] ikiwiki security update 2016-05-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3571-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 08, 2016

[ more ]  [ reply ]
ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection. 2016-05-06
Saif El-Sherei (saif sensepost com) (1 replies)
Heya,

Wanted to request CVE for the following issues, that have been fixed by the vendor, fix details are at: https://www.manageengine.com/products/applications_manager/release-notes
.html

[SPSA-2016-02/ManageEngine ApplicationsManager]------------------------------

SECURITY ADVISORY: SPSA-2016

[ more ]  [ reply ]
Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-05
bhadresh patel helpag com
Hello Team,

Sorry for the typo in earlier draft.

The correct CVE IDs are both year 2015.

1) Unauthorized access of router's network troubleshooting page (ping.cgi) -- CVE-2015-6023
2) Command injection vulnerability on ping.cgi -- CVE-2015-6024

Regards,
-Bhadresh

[ more ]  [ reply ]
[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities 2016-05-05
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05103564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05103564
Version: 1

HPSBMU03584 r

[ more ]  [ reply ]
[SECURITY] [DSA 3570-1] mercurial security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3570-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3569-1] openafs security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3569-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3568-1] libtasn1-6 security update 2016-05-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3568-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2016

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:17.openssl 2016-05-04
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:17.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016

Advisory ID: cisco-sa-20160504-openssl

Revision 1.0

For Public Release 2016 May 04 19:30 GMT (UTC)

+-------------------------------------------------

[ more ]  [ reply ]
ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities 2016-05-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities

EMC Identifier: ESA-2016-051

CVE Identifier: CVE-2016-0900, CVE-2016-0901, CVE-2016-0902

Severity Rating: CVSSv3 Base Score: See below for in

[ more ]  [ reply ]
[SECURITY] [DSA 3567-1] libpam-sshauth security update 2016-05-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3567-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 04, 2016

[ more ]  [ reply ]
APPLE-SA-2016-05-03-1 Xcode 7.3.1 2016-05-04
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-05-03-1 Xcode 7.3.1

Xcode 7.3.1 is now available and addresses the following:

Git
Available for: OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: A heap-based buffer overf

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability

Advisory ID: cisco-sa-20160504-fpkern

Revision 1.0

For Public Release 2016 May 4 16:00 UTC (GMT)

+----------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20160504-tpxml

Revision 1.0

For Public Release 2016 May 4 16:00 UTC (GMT)

+-----------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability 2016-05-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability

Advisory ID: cisco-sa-20160504-firepower

Revision 1.0

For Public Release 2016 May 04 16:00 GMT (UTC)

+-------------------------------------

[ more ]  [ reply ]
CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning 2016-05-04
Lab I-Tracing (lab i-tracing com)
=============================================
Web Server Cache Poisoning in CMS Made Simple
=============================================

CVE-2016-2784

Product Description
===================

CMS Made Simple is a great tool with many plugins to publish content on the Web. It aims to
be simple to

[ more ]  [ reply ]
[slackware-security] openssl (SSA:2016-124-01) 2016-05-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2016-124-01)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/o

[ more ]  [ reply ]
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting 2016-05-03
Julien Ahrens (info rcesecurity com)
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scriptin

[ more ]  [ reply ]
LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability 2016-05-03
LSE-Advisories (advisories lsexperts de)
=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 ===

OXID eShop Path Traversal Vulnerability
------------------------------------------------------------------------

Affected Versions
=================
Community Edition 4.9.7

Issue Overview
==============
Vulnerability Type: p

[ more ]  [ reply ]
[SECURITY] [DSA 3566-1] openssl security update 2016-05-03
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3566-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
May 03, 2016

[ more ]  [ reply ]
NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities 2016-05-03
bhadresh patel helpag com
Title:
====

NetCommWireless HSPA 3G10WVE Wireless Router ? Multiple vulnerabilities

Credit:
======

Name: Bhadresh Patel
Company/affiliation: HelpAG
Website: www.helpag.com

CVE:
=====

CVE-2015-6023, CVE-2016-6024

Date:
====

03-05-2016 (dd/mm/yyyy)

Vendor:
======

NetComm Wireless is a leading

[ more ]  [ reply ]
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection 2016-05-03
Timo Juhani Lindfors (timo lindfors iki fi)

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
--------------------------------------------------------------------

Affected products
=================

At least Zabbix Agent 1:3.0.1-1+wheezy from
http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions
were not

[ more ]  [ reply ]
[slackware-security] mercurial (SSA:2016-123-01) 2016-05-02
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mercurial (SSA:2016-123-01)

New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+----------------------

[ more ]  [ reply ]
ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities 2016-05-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities

EMC Identifier: ESA-2016-041

CVE Identifier: CVE-2016-0892, CVE-2016-0893, CVE-2016-0894, CVE-2016-0895

Severity Rating: CVSSv3 Base Score : Please view details below for individ

[ more ]  [ reply ]
[SECURITY] [DSA 3565-1] botan1.10 security update 2016-05-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3565-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
May 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3564-1] chromium-browser security update 2016-05-02
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3564-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
May 02, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3563-1] poppler security update 2016-05-01
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3563-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 01, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3562-1] tardiff security update 2016-05-01
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3562-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 01, 2016

[ more ]  [ reply ]
Exploit-DB Captcha Bypass 2016-05-01
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Exploit Author : Rahul Pratap Singh
#Home page Link : https://www.exploit-db.com/
#Website : https://0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 1/5/2016

----------------------------------------
Description:
-----------------------

[ more ]  [ reply ]
[slackware-security] subversion (SSA:2016-121-01) 2016-04-30
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] subversion (SSA:2016-121-01)

New subversion packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-120-02) 2016-04-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-120-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[slackware-security] ntp (SSA:2016-120-01) 2016-04-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2016-120-01)

New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution 2016-04-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04989404

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04989404
Version: 3

HPSBGN03547 r

[ more ]  [ reply ]
[SECURITY] [DSA 3561-1] subversion security update 2016-04-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3561-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 29, 2016

[ more ]  [ reply ]
SQL Injection in GLPI 2016-04-29
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23301
Product: GLPI
Vendor: INDEPNET
Vulnerable Version(s): 0.90.2 and probably prior
Tested Version: 0.90.2
Advisory Publication: April 8, 2016 [without technical details]
Vendor Notification: April 8, 2016
Vendor Patch: April 11, 2016
Public Disclosure: April 29, 2016
Vulnera

[ more ]  [ reply ]
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-29
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1839

Release Date:
=============
2016-04-29

Vulnerability Laboratory ID (VL-ID):
==========

[ more ]  [ reply ]
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream 2016-04-28
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll

despite better knowledge and MULTIPLE bug/vulnerability reports
(see <https://bugzilla.mozilla.org/show_bug.cgi?id=811557>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=809373>,
<https://bugzilla.mozilla.org/show_bug.cgi?id=579593>, ...)
Mozilla continues to ship Firefox and Thunderbird fo

[ more ]  [ reply ]
[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS) 2016-04-28
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05087821

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05087821
Version: 1

HPSBUX03583 S

[ more ]  [ reply ]
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom* 2016-04-28
Hans Jerry Illikainen (hji dyntopia com)
Details
=======

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading
zip files with the getFromIndex() and getFromName() methods of
ZipArchive, resulting in a heap overflow.

php-7.0.5/ext/zip/php_zip.c
,----
| 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int ty

[ more ]  [ reply ]
[SECURITY] [DSA 3560-1] php5 security update 2016-04-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3560-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2016

[ more ]  [ reply ]
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker

[ more ]  [ reply ]
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS 2016-04-27
Tony Homer (ajh158 gmail com)
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker

[ more ]  [ reply ]
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS 2016-04-27
Tony Homer (tony-- apache org)
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
An arbitrary plugin can be executed when a user clicks on a link.

Upgrade path:
Developers who are concerned a

[ more ]  [ reply ]
[SECURITY] [DSA 3559-1] iceweasel security update 2016-04-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3559-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 27, 2016

[ more ]  [ reply ]
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection 2016-04-27
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
------------------------------------------------------------------------

Han Sahin, November 2014

----------------------------------------------------------------

[ more ]  [ reply ]
Oracle Discoverer Viewer BI - Open Redirect Vulnerability 2016-04-27
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667

Oracle ID: S0666670

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
========

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-117-01) 2016-04-27
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-117-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3558-1] openjdk-7 security update 2016-04-26
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3558-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 26, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3557-1] mysql-5.5 security update 2016-04-26
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3557-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 26, 2016

[ more ]  [ reply ]
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability 2016-04-26
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1734

ID: 5740075

Release Date:
=============
2016-04-25

Vulnerability Laboratory ID (VL-ID):
================

[ more ]  [ reply ]
(Page 23 of 525)  < Prev  18 19 20 21 22 23 24 25 26 27 28  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus