SecurityFocus

CSNC-2018-002 totemomail Encryption Gateway - JSONP hijacking 2018-05-15
Advisories (advisories compass-security com)

########################################################################
########
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
########################################################################
########
#
# Product: totemomail Encryption Gateway
# Vend

[ more ] [ reply ]

CSNC-2018-003 totemomail Encryption Gateway - Cross-Site Request Forgery 2018-05-15
Advisories (advisories compass-security com)

CVE-2018-10994: HTML tag injection in Signal-desktop 2018-05-14
Alfredo Ortega (ortegaalfredo gmail com)

Title: HTML tag injection in Signal-desktop

Date Published: 14-05-2018

CVE Name: CVE-2018-10994

Class: Code injection

Remotely Exploitable: Yes

Locally Exploitable: No

Vendors contacted: Signal.org

Vulnerability Description:

Signal-desktop is the standalone desktop version of the secure Sign

[ more ] [ reply ]

[SECURITY] [DSA 4200-1] kwallet-pam security update 2018-05-14
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4200-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 14, 2018

[ more ] [ reply ]

SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-14
SEC Consult Vulnerability Lab (research sec-consult com) (1 replies)

SEC Consult Vulnerability Lab Security Advisory < 20180514-0 >
=======================================================================
title: Arbitrary File Upload & Cross-site scripting
product: MyBiz MyProcureNet
vulnerable version: 5.0.0
fixed version: unknown

[ more ] [ reply ]

Re: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet 2018-05-15
SEC Consult Vulnerability Lab (research sec-consult com)

Vulnerabilities in IBMs Flashsystems and Storwize Products 2018-05-11
Sebastian Neuner (sneuner google com)

Vulnerabilities in IBMs Flashsystems and Storwize Products
------------------------------------------------------------------------
-

Introduction
============
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem
900 and IBM Storwize V7000. These were discovered during a black

[ more ] [ reply ]

[slackware-security] mariadb (SSA:2018-130-01) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mariadb (SSA:2018-130-01)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0

[ more ] [ reply ]

[security bulletin] MFSBGN03807 rev.1 - HP Service Manager Software, SQL Injection 2018-05-10
cyber-psrt microfocus com

[SECURITY] [DSA 4199-1] firefox-esr security update 2018-05-10
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4199-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 10, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information 2018-05-10
cyber-psrt microfocus com

[slackware-security] mozilla-firefox (SSA:2018-129-01) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2018-129-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]

[slackware-security] wget (SSA:2018-129-02) 2018-05-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] wget (SSA:2018-129-02)

New wget packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------

[ more ] [ reply ]

[security bulletin] MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information 2018-05-09
cyber-psrt microfocus com

[SECURITY] [DSA 4197-1] wavpack security updaze 2018-05-09
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4197-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4198-1] prosody security update 2018-05-09
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4198-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 09, 2018

[ more ] [ reply ]

[security bulletin] MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities 2018-05-09
cyber-psrt microfocus com

t2'18: Call For Papers 2018 (Helsinki, Finland) 2018-05-09
Tomi Tuominen (tomi tuominen t2 fi)

#
# t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018
#

Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket
sales are now open.

To truly appreciate the full spectrum of cyber, one simply needs to visit
Helsinki. Sooner or later you need a break from the sun

[ more ] [ reply ]

[ADV170017] Defense in depth -- the Microsoft way (part 54): escalation of privilege during installation of Microsoft Office 20xy 2018-05-08
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

during installation of Microsoft Office 2003 and newer versions
as well as single components of Microsoft Office products, the
executable of the "Office Source Engine", ose.exe, is copied as
"%TEMP%\ose00000.exe" and then executed with elevated privileges.

%TEMP% is writable by unprivilege

[ more ] [ reply ]

[SECURITY] [DSA 4196-1] linux security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4196-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-18:06.debugreg 2018-05-08
FreeBSD Security Advisories (security-advisories freebsd org)

APPLE-SA-2018-05-08-1 Additional information for APPLE-SA-2018-04-24-2 Security Update 2018-001 2018-05-08
Apple Product Security (product-security-noreply lists apple com)

[SECURITY] [DSA 4195-1] wget security update 2018-05-08
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4195-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 08, 2018

[ more ] [ reply ]

WebKitGTK+ Security Advisory WSA-2018-0004 2018-05-07
Michael Catanzaro (mcatanzaro igalia com)

------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2018-0004
------------------------------------------------------------------------

Date reported : May 07, 2018
Advisory ID : WSA-2018-0004
Advisory UR

[ more ] [ reply ]

[SECURITY] [DSA 4194-1] lucene-solr security update 2018-05-06
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4194-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 06, 2018

[ more ] [ reply ]

[SECURITY] [DSA 4193-1] wordpress security update 2018-05-05
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4193-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
May 05, 2018

[ more ] [ reply ]

CANADIAN JOB VACANCY!!! 2018-05-06
SUNCOR ENERGY (info suncor-recruitments com)

SUNCOR ENERGY
HEAD OFFICE ADDRESS
CORPORATE LEGAL DEPARTMENT
150 - 6TH AVENUE S.W.,
P.O. BOX 38. CALGARY, ALBERTA
T2P 3E3, CANADA.
TELL: (816) 774-1034
FAX : (403) 724-3460

ATTN: JOB SEEKER.

WE ARE USING THIS MEDIA TO ANNOUNCE THAT SUNCOR ENERGY CURRENTLY SEEKING AN EXPERIENCE AND ENTHUSIASTIC 13

[ more ] [ reply ]

[SECURITY] [DSA 4192-1] libmad security update 2018-05-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4192-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
May 04, 2018

[ more ] [ reply ]

[slackware-security] python (SSA:2018-124-01) 2018-05-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] python (SSA:2018-124-01)

New python packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packag

[ more ] [ reply ]