BugTraq Mode:
(Page 25 of 525)  < Prev  20 21 22 23 24 25 26 27 28 29 30  Next >
Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1811

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities 2016-04-07
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web
Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1816

Release Date:
=============
2016-04-06

Vulnerability Laboratory ID (VL-ID):
===

[ more ]  [ reply ]
Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1812

Release Date:
=============
2016-04-06

Vulnerability Laboratory ID (VL-ID):
=================

[ more ]  [ reply ]
Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability 2016-04-07
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
[security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF) 2016-04-06
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05073670

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05073670
Version: 1

HPSBST03568 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-06
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05068681

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05068681
Version: 2

HPSBGN03569 r

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160406-remcode

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+--------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability

Advisory ID: cisco-sa-20160406-privauth

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+----------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service
Vulnerability

Advisory ID: cisco-sa-20160406-cts2

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+--------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability

Advisory ID: cisco-sa-20160406-ucs

Revision 1.0

For Public Release 2016 April 06 16:00 GMT (UTC)

+---------------------------------------------------------------------

Summ

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability

Advisory ID: cisco-sa-20160406-cts1

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+---------------------------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability 2016-04-06
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

Advisory ID: cisco-sa-20160406-cts

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+--------------------------------------------------------------

[ more ]  [ reply ]
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR 2016-04-06
Hector Marco-Gisbert (hecmargi upv es)
Hi everyone,

We have fixed an old and very known weakness in the Linux ASLR implementation.

The weakness allowed any user able to running 32-bit applications in a x86
machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited.

This is a very old trick to disable ASLR, but unfortun

[ more ]  [ reply ]
SQL Injection in SocialEngine 2016-04-06
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23286
Product: SocialEngine
Vendor: Webligo
Vulnerable Version(s): 4.8.9 and probably prior
Tested Version: 4.8.9
Advisory Publication: December 21, 2015 [without technical details]
Vendor Notification: December 21, 2015
Public Disclosure: April 6, 2016
Vulnerability Type: SQL In

[ more ]  [ reply ]
[slackware-security] subversion (SSA:2016-097-01) 2016-04-06
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] subversion (SSA:2016-097-01)

New subversion packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pack

[ more ]  [ reply ]
op5 v7.1.9 Remote Command Execution 2016-04-06
apparitionsec gmail com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/OP5-REMOTE-CMD-EXECUTION.txt

Vendor:
============
www.op5.com

Product:
===========
op5 v7.1.9

op5 Monitor is a software product for server, Network monitoring and management

[ more ]  [ reply ]
CA20160405-01: Security Notice for CA API Gateway 2016-04-05
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160405-01: Security Notice for CA API Gateway

Issued: April 5, 2016
Last Updated: April 5, 2016

CA Technologies Support is alerting customers to a Medium risk
vulnerability with CA API Gateway (formerly known as Layer7 API
Gateway). A vulnerabil

[ more ]  [ reply ]
[SECURITY] [DSA 3543-1] oar security update 2016-04-05
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3543-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 05, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3542-1] mercurial security update 2016-04-05
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3542-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 05, 2016

[ more ]  [ reply ]
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability 2016-04-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass
Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1814

Release Date:
=============
2016-04-05

Vulnerability Laboratory ID (VL-ID):
==

[ more ]  [ reply ]
[SECURITY] [DSA 3541-1] roundcube security update 2016-04-05
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3541-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
April 05, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information 2016-04-04
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05068681

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05068681
Version: 1

HPSBGN03569 r

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-095-01) 2016-04-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-095-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit 2016-04-04
lists (at) exploits4coins (dot) com [email concealed] (lists exploits4coins com)
## Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit ##

This particular vulnerability makes it possible to force a Stratum Mining
Pool to accept "invalid" shares by the thousands for each mining pool
round. It is possible to make pure money from this vulnerability. The
exploit is real but

[ more ]  [ reply ]
ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability 2016-04-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability

EMC Identifier: ESA-2016-034

CVE Identifier: CVE-2016-0888

Severity Rating: CVSS v3 Base Score: 8.8(AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected products:

? Documentum D

[ more ]  [ reply ]
[SE-2012-01] Broken security fix in IBM Java 7/8 2016-04-04
Security Explorations (contact security-explorations com) (1 replies)

Hello All,

Those concerned about security of IBM Java [1] may find this post
interesting.

We discovered that a fix for a security vulnerability (Issue 67)
[2] we reported to the company in May 2013 didn't address the
problem properly.

This is the 6th instance of a broken patch we encountered fro

[ more ]  [ reply ]
Re: [SE-2012-01] Broken security fix in IBM Java 7/8 2016-04-05
Security Explorations (contact security-explorations com)
CVE-2016-2191: optipng: invalid write 2016-04-04
Hans Jerry Illikainen (hji dyntopia com)
An invalid write may occur in optipng before version 0.7.6 while
processing bitmap images due to `crt_row' being (inc|dec)remented
without any boundary checking when encountering delta escapes.

optipng-0.7.5/src/pngxtern/pngxrbmp.c:
,----
| 210 static size_t
| 211 bmp_read_rows(png_bytepp begin_row

[ more ]  [ reply ]
ManageEngine Password Manager Pro Multiple Vulnerabilities 2016-04-04
Sebastian Perez (s3bap3 gmail com)
[Systems Affected]
Product : ManageEngine Password Manager Pro
Company : ZOHO Corp.
Build Number : 8.1 to 8.3 and probably earlier versions
Affected Versions : 8102 to 8302 and probably earlier versions

[Product Description]
Password Manager Pro is a secure vault for storing and man

[ more ]  [ reply ]
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com) (1 replies)
Document Title:
===============
FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename)
Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Date:
=============
2016-04-04

[ more ]  [ reply ]
Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Techsoft Web Solutions CMS (2016 Q2) - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1810

Release Date:
=============
2016-04-04

Vulnerability Laboratory ID (VL-ID):
===============

[ more ]  [ reply ]
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability 2016-04-04
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1808

Release Date:
=============
2016-04-01

Vulnerability Laboratory ID (VL-ID):
=========

[ more ]  [ reply ]
Bugcrowd CSV injection vulnerability 2016-04-04
Hack Ex (hackexfan gmail com)
Description:

A vulnerability in the file upload feature allows attackers to send
malicious csv files. By using the Microsoft Excel DDE function an
attacker can launch arbritary commands on the victims system.

Many companies don't allow xslx or docx files to be uploaded by
security testers, because

[ more ]  [ reply ]
[SECURITY] [DSA 3540-1] lhasa security update 2016-04-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3540-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
April 03, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3539-1] srtp security update 2016-04-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3539-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
April 02, 2016

[ more ]  [ reply ]
Open-Xchange Security Advisory 2016-04-02 2016-04-02
Martin Heiland (martin heiland lists open-xchange com)
Product: Open-Xchange Server 6 / OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 44409 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.0 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version

[ more ]  [ reply ]
[security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS) 2016-04-02
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05068676

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05068676
Version: 1

HPSBGN03565 r

[ more ]  [ reply ]
[slackware-security] mercurial (SSA:2016-092-01) 2016-04-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mercurial (SSA:2016-092-01)

New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+-----------------------

[ more ]  [ reply ]
[slackware-security] php (SSA:2016-092-02) 2016-04-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-092-02)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.2

[ more ]  [ reply ]
[security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities 2016-04-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 3

HPSBHF03431 r

[ more ]  [ reply ]
[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files 2016-04-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054964

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054964
Version: 1

HPSBUX03561 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-04-01
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05064889

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05064889
Version: 1

HPSBGN03567 r

[ more ]  [ reply ]
[security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files 2016-04-01
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0505471
4

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054714
Version: 1

HPSBGN3547 rev.1 - HP Devic

[ more ]  [ reply ]
APPLE-SA-2016-03-31-1 iBooks Author 2.4.1 2016-03-31
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-31-1 iBooks Author 2.4.1

iBooks Author 2.4.1 is now available and addresses the following:

iBooks Author
Available for: OS X Yosemite v10.10 or later
Impact: Parsing a maliciously crafted iBooks Author file may lead to
disclosure

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0003 2016-03-31
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0003
------------------------------------------------------------------------

Date reported : March 31, 2016
Advisory ID : WSA-2016-0003
Advisory

[ more ]  [ reply ]
Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1806

Release Date:
=============
2016-03-31

Vulnerability Laboratory ID (VL-ID):
====================

[ more ]  [ reply ]
Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1694

Trand Micro ID: 1-1-1035080936

Release Date:
=============
2016-03-31

Vulnerability Laboratory

[ more ]  [ reply ]
Docker UI v0.10.0 - Multiple Persistent Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Docker UI v0.10.0 - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1803

Release Date:
=============
2016-03-29

Vulnerability Laboratory ID (VL-ID):
==============================

[ more ]  [ reply ]
Dorsa Web CMS - Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Dorsa Web CMS - Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1807

Release Date:
=============
2016-03-31

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ]  [ reply ]
Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web
Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1802

Release Date:
=============
2016-03-28

Vulnerability Laboratory ID (VL-ID):

[ more ]  [ reply ]
WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1788

Release Date:
=============
2016-03-23

Vulnerability Laboratory ID (VL-ID):
===================

[ more ]  [ reply ]
Hi Technology & Services CMS - SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Hi Technology & Services CMS - SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1785

Release Date:
=============
2016-03-22

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
Patron Info System - SQL Injection Vulnerability 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Patron Info System - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1784

Release Date:
=============
2016-03-21

Vulnerability Laboratory ID (VL-ID):
====================================

[ more ]  [ reply ]
Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities 2016-03-31
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1804

Release Date:
=============
2016-03-30

Vulnerability Laboratory ID (VL-ID):
=========================

[ more ]  [ reply ]
[SECURITY] [DSA 3538-1] libebml security update 2016-03-31
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3538-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3537-1] imlib2 security update 2016-03-31
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3537-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3536-1] libstruts1.2-java security update 2016-03-31
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3536-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 31, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability 2016-03-30
Cisco Systems Product Security Incident Response Team (psirt cisco com) (1 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Firepower Malware Block Bypass Vulnerability

Advisory ID: cisco-sa-20160330-fp

Revision 1.0

For Public Release 2016 March 30 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerabili

[ more ]  [ reply ]
[CVE-2016-0784] Apache OpenMeetings ZIP file path traversal 2016-03-30
Maxim Solodovnik (solomax666 gmail com)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0

Description:
The Import/Export System Backups functionality in the OpenMeetings
Administration
menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path
traversal via sp

[ more ]  [ reply ]
Multiple Vulnerabilities in CubeCart 2016-03-30
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23298
Product: CubeCart
Vendor: CubeCart Limited
Vulnerable Version(s): 6.0.10 and probably prior
Tested Version: 6.0.10
Advisory Publication: March 2, 2016 [without technical details]
Vendor Notification: March 2, 2016
Vendor Patch: March 16, 2016
Public Disclosure: March 30, 20

[ more ]  [ reply ]
CVE-2016-2385 Kamailio SEAS module heap buffer overflow 2016-03-30
Stelios Tsampas (stelios census-labs com)
Kamailio (successor of former OpenSER and SER) is an Open Source SIP
Server released under GPL. It can be used to build large platforms for
VoIP and realtime communications, presence, WebRTC, Instant messaging
and other applications.

A heap overflow was found in Kamailio version 4.3.4 (possibly aff

[ more ]  [ reply ]
Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities 2016-03-30
kyle Lovett (krlovett gmail com)
EHCP Easy Hosting Control Panel
Multiple Vulnerabilities -
Clear Text MySQL Root Password
Insufficiently Protected Sensitive Data
Authentication Bypass
Unauthenticated Arbitrary File Upload

Software Links:
https://launchpad.net/ehcp
http://www.ehcp.net
https://sourceforge.net/p/ehcp/wiki/
---------

[ more ]  [ reply ]
[SECURITY] [DSA 3535-1] kamailio security update 2016-03-29
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3535-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 29, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information 2016-03-29
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05030906

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05030906
Version: 2

HPSBGN03444 r

[ more ]  [ reply ]
[SECURITY] [DSA 3534-1] dhcpcd security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3534-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2016

[ more ]  [ reply ]
Fireware XTM Web UI - Open Redirect 2016-03-29
Manuel Mancera (mmancera a2secure com)
================================================================
Fireware XTM Web UI - Open Redirect
================================================================

Information
--------------------
Name: Fireware XTM Web UI - Open Redirect
Affected Software : Fireware XTM Web UI
Affected Versions:

[ more ]  [ reply ]
[SECURITY] [DSA 3533-1] openvswitch security update 2016-03-29
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3533-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2016

[ more ]  [ reply ]
BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543) 2016-03-28
appsec (appsec bmc com)
------------------------------------------------------------------------

Unauthorized password reset vulnerability in BMC Server Automation (BSA)
Unix/Linux RSCD Agent

BMC Identifier: BMC-2015-0011
CVE Identifier: CVE-2016-1543
---------------------------------------------------------------------

[ more ]  [ reply ]
BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542) 2016-03-28
appsec (appsec bmc com)
------------------------------------------------------------------------

User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux
RSCD Agent

BMC Identifier: BMC-2015-0010
CVE Identifier: CVE-2016-1542
------------------------------------------------------------------------

By BMC A

[ more ]  [ reply ]
Validation Bypass in C2Box application : CVE - 2015-4626 2016-03-28
harish ramadoss helpag com
#####################################
Title: Validation Bypass in C2Box application allows user to input negative value
Author: Harish Ramadoss
Vendor: boxautomation(B.A.S)
Product: C2Box
Version: All versions below 4.0.0(r19171)
Tested Version: Version 4.0.0(r19171)
Severity: Medium
CVE Reference:

[ more ]  [ reply ]
[SECURITY] [DSA 3532-1] quagga security update 2016-03-27
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3532-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 27, 2016

[ more ]  [ reply ]
TrendMicro DDI Cross Site Request Forgerys 2016-03-26
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt

Vendor:
====================
www.trendmicro.com

Product:
=========================================
Trend Micro Deep Discovery Inspector

[ more ]  [ reply ]
[SECURITY] [DSA 3531-1] chromum-browser security update 2016-03-26
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3531-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
March 25, 2016

[ more ]  [ reply ]
[slackware-security] mozilla-thunderbird (SSA:2016-085-02) 2016-03-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-thunderbird (SSA:2016-085-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
p

[ more ]  [ reply ]
[slackware-security] libevent (SSA:2016-085-01) 2016-03-25
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] libevent (SSA:2016-085-01)

New libevent packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libeve

[ more ]  [ reply ]
[SECURITY] [DSA 3530-1] tomcat6 security update 2016-03-25
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3530-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 25, 2016

[ more ]  [ reply ]
[CVE-2016-2163] Stored Cross Site Scripting in Event description 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When creating an event, it is possible to create clickable URL links in
the event description. These links will be present inside the event details
once a participant enters

[ more ]  [ reply ]
[CVE-2016-2164] Arbitrary file read via SOAP API 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When attempting to upload a file via the API using the
importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary
files from the s

[ more ]  [ reply ]
[CVE-2016-0783] Predictable password reset token 2016-03-25
Maxim Solodovnik (solomax apache org)
Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0

Description:
The hash generated by the external password reset function is
generated by concatenating the user name and the current system time,
and then hashing it using MD5. This is hi

[ more ]  [ reply ]
[security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information 2016-03-25
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05052990

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05052990
Version: 1

HPSBGN03563 r

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-24
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 2

HPSBMU03562 r

[ more ]  [ reply ]
[SYSS-2016-016] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-016
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: High
Solution Status: Fixed
Manufacturer No

[ more ]  [ reply ]
[SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-018
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Restriction of Excessive Authentication
Attempts (CWE-307)
R

[ more ]  [ reply ]
[SYSS-2016-017] innovaphone IP222 - Improper Input Validation 2016-03-24
sven freund syss de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-017
Product: innovaphone IP222
Manufacturer: innovaphone AG
Affected Version(s): 11r2 sr9
Tested Version(s): 11r2 sr9
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: High
Solution Status: Fixed
Manufacturer No

[ more ]  [ reply ]
[SECURITY] [DSA 3527-1] inspircd security update 2016-03-24
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3527-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 24, 2016

[ more ]  [ reply ]
XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section 2016-03-24
netizen01k gmail com
* Exploit Title: XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section
* Discovery Date: 2016/02/19
* Public Disclosure Date: 2016/03/24
* Exploit Author: Imran Khan
* Contact: netizen01k [at] gmail.com
* Vendor link: http://www.lithium.com/
* Te

[ more ]  [ reply ]
[SECURITY] [DSA 3529-1] redmine security update 2016-03-23
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3529-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3528-1] pidgin-otr security update 2016-03-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3528-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 23, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-l4f

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+---------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-lisp

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+-----------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-smi

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+-----------------------------------------------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-ios-ikev2

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+---------------

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability

Advisory ID: cisco-sa-20160323-sip

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+----

[ more ]  [ reply ]
Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability 2016-03-23
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability

Advisory ID: cisco-sa-20160323-dhcpv6

Revision 1.0

For Public Release 2016 March 23 16:00 GMT

+---------------------------------------------------

[ more ]  [ reply ]
Hardcoded root password in Zyxel MAX3XX series Wimax CPEs 2016-03-23
Gianni Carabelli (giannicarabelli gmail com)
########################################
#Vulnerability Title: Hardcoded root password in Zyxel MAX3XX series
Wimax CPEs
#Date: 23/03/2016
#Product: Zyxel MAX3XX series CPEs
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure v 2.00 and
below (tested)
#Patch: Unpatc

[ more ]  [ reply ]
CA20160323-01: Security Notice for CA Single Sign-On Web Agents 2016-03-23
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160323-01: Security Notice for CA Single Sign-On Web Agents

Issued: March 23, 2016
Last Updated: March 23, 2016

CA Technologies Support is alerting customers to potential risks with CA
Single Sign-On (CA SSO), formerly known as CA SiteMinder. Mi

[ more ]  [ reply ]
CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported 2016-03-23
Ken Giusti (kgiusti redhat com)

Apache Software Foundation - Security Advisory

Apache Qpid Proton python binding silently ignores request for
'amqps' if SSL/TLS not supported.

CVE-2016-2166 CVS: 5.7

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid Proton python API start

[ more ]  [ reply ]
[SECURITY] [DSA 3526-1] libmatroska security update 2016-03-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3526-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 23, 2016

[ more ]  [ reply ]
(Page 25 of 525)  < Prev  20 21 22 23 24 25 26 27 28 29 30  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus