BugTraq Mode:
(Page 26 of 525)  < Prev  21 22 23 24 25 26 27 28 29 30 31  Next >
Hardcoded root password in Zyxel MAX3XX series Wimax CPEs 2016-03-23
Gianni Carabelli (giannicarabelli gmail com)
########################################
#Vulnerability Title: Hardcoded root password in Zyxel MAX3XX series
Wimax CPEs
#Date: 23/03/2016
#Product: Zyxel MAX3XX series CPEs
#Vendor: www.zyxel.com
#Affected Firmware: Latest version at the time of disclosure v 2.00 and
below (tested)
#Patch: Unpatc

[ more ]  [ reply ]
CA20160323-01: Security Notice for CA Single Sign-On Web Agents 2016-03-23
Kotas, Kevin J (Kevin Kotas ca com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20160323-01: Security Notice for CA Single Sign-On Web Agents

Issued: March 23, 2016
Last Updated: March 23, 2016

CA Technologies Support is alerting customers to potential risks with CA
Single Sign-On (CA SSO), formerly known as CA SiteMinder. Mi

[ more ]  [ reply ]
CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported 2016-03-23
Ken Giusti (kgiusti redhat com)

Apache Software Foundation - Security Advisory

Apache Qpid Proton python binding silently ignores request for
'amqps' if SSL/TLS not supported.

CVE-2016-2166 CVS: 5.7

Severity: Moderate

Vendor:

The Apache Software Foundation

Versions Affected:

Apache Qpid Proton python API start

[ more ]  [ reply ]
[SECURITY] [DSA 3526-1] libmatroska security update 2016-03-23
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3526-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 23, 2016

[ more ]  [ reply ]
Remote Code Execution in DVR affecting over 70 different vendors 2016-03-23
rotem kerner (nullfield gmail com)
0day exploit affecting CCTV DVR of over 70 different vendors. Attached
is a link to the research containing the vulnerability description and
a working exploit. In addition, It discuss the problem in performing
responsible disclosure with white label products.

Full research -
http://www.kerneronsec

[ more ]  [ reply ]
[SECURITY] [DSA 3525-1] pixman security update 2016-03-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3525-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 22, 2016

[ more ]  [ reply ]
[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2 2016-03-22
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: Cross-site Scripting in Securimage 3.6.2

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.

Details
=======

Product: Securimage
Affected Versions: >=

[ more ]  [ reply ]
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update
2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available
and addresses the following:

apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10

[ more ]  [ reply ]
APPLE-SA-2016-03-21-6 Safari 9.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-6 Safari 9.1

Safari 9.1 is now available and addresses the following:

libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
OS X El Capitan v10.11 to v10.11.3
Impact: Processing maliciously crafted XML may lead

[ more ]  [ reply ]
APPLE-SA-2016-03-21-3 tvOS 9.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser
Available for: Apple TV (4th generation)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary

[ more ]  [ reply ]
APPLE-SA-2016-03-21-7 OS X Server 5.1 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-7 OS X Server 5.1

OS X Server 5.1 is now available and addresses the following:

Server App
Available for: OS X Yosemite v10.10.5 and later
Impact: An administrator may unknowingly store backups on a volume
without permissions e

[ more ]  [ reply ]
APPLE-SA-2016-03-21-4 Xcode 7.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-4 Xcode 7.3

Xcode 7.3 is now available and addresses the following:

otool
Available for: OS X El Capitan v10.11 and later
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execut

[ more ]  [ reply ]
APPLE-SA-2016-03-21-2 watchOS 2.2 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-2 watchOS 2.2

watchOS 2.2 is now available and addresses the following:

Disk Images
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: An application may be able to execute arbitr

[ more ]  [ reply ]
APPLE-SA-2016-03-21-1 iOS 9.3 2016-03-22
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2016-03-21-1 iOS 9.3

iOS 9.3 is now available and addresses the following:

AppleUSBNetworking
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An application may be able to execute arbitr

[ more ]  [ reply ]
[security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05054565

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05054565
Version: 1

HPSBMU03562 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05050545

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05050545
Version: 1

HPSBGN03560 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution 2016-03-21
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05053211

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05053211
Version: 1

HPSBGN03551 r

[ more ]  [ reply ]
AbsoluteTelnet 10.14 DLL Hijack Code Exec 2016-03-21
hyp3rlinx lycos com
[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ABSOLUTETELNET-DLL-HIJACK.txt

Vendor:
==========================
www.celestialsoftware.net

Product:
=====================
AbsoluteTelnet 10.14

AbsoluteTelnet / SSH is a telne

[ more ]  [ reply ]
[SECURITY] [DSA 3524-1] activemq security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3524-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3523-1] iceweasel security update 2016-03-20
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3523-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3522-1] squid3 security update 2016-03-20
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3522-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 20, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3521-1] git security update 2016-03-19
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3521-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 19, 2016

[ more ]  [ reply ]
[security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass 2016-03-19
HP Security Alert (hp-security-alert hp com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0503167
4

HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass

SUPPORT COMMUNICATION - SECURITY B

[ more ]  [ reply ]
[SECURITY] [DSA 3520-1] icedove security update 2016-03-18
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3520-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 18, 2016

[ more ]  [ reply ]
SQL Injection and RCE in WebsiteBaker 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23296
Product: WebsiteBaker
Vendor: WebsiteBaker Org e.V.
Vulnerable Version(s): 2.8.3-SP5 and probably prior
Tested Version: 2.8.3-SP5
Advisory Publication: February 24, 2016 [without technical details]
Vendor Notification: February 24, 2016
Vendor Patch: February 26, 2016
Publi

[ more ]  [ reply ]
Admin Password Reset & RCE via CSRF in Dating Pro 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23294
Product: Dating Pro
Vendor: DatingPro
Vulnerable Version(s): Genie (2015.7) and probably prior
Tested Version: Genie (2015.7)
Advisory Publication: February 10, 2016 [without technical details]
Vendor Notification: February 10, 2016
Vendor Patch: February 29, 2016
Public Di

[ more ]  [ reply ]
Remote Code Execution via CSRF in iTop 2016-03-18
High-Tech Bridge Security Research (advisory htbridge ch)
Advisory ID: HTB23293
Product: iTop
Vendor: Combodo
Vulnerable Version(s): 2.2.1 and probably prior
Tested Version: 2.2.1
Advisory Publication: February 10, 2016 [without technical details]
Vendor Notification: February 10, 2016
Vendor Patch: February 11, 2016
Public Disclosure: March 18, 2016

[ more ]  [ reply ]
Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished á´?á´ á´?-2016-2324 and á´?á´ á´?â??2016â??2315) 2016-03-18
Laël Cellier (lael cellier laposte net)
Oh?????????? Big mistake. I might advertised too soon.

I saw changes were pushed in master, so I thought the next version
(which was 2.7.1) would be the one which will include the fix.
But as pointed out on
https://security-tracker.debian.org/tracker/CVE-2016-2324 no versions
including the fixes

[ more ]  [ reply ]
Xoops 2.5.7.2 Directory Traversal Bypass 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-DIRECTORY-TRAVERSAL.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===========================
Directo

[ more ]  [ reply ]
Xoops 2.5.7.2 CSRF - Arbitrary User Deletions 2016-03-18
hyp3rlinx lycos com
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt

Vendor:
=============
xoops.org

Product:
================
Xoops 2.5.7.2

Vulnerability Type:
===================================
CSRF - Arbitra

[ more ]  [ reply ]
[slackware-security] mozilla-firefox (SSA:2016-077-01) 2016-03-17
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2016-077-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ]  [ reply ]
[SECURITY] [DSA 3519-1] xen security update 2016-03-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3519-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2016

[ more ]  [ reply ]
[CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability 2016-03-17
contact securifera com
Document Title:
===============
Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability

References (Source):
====================
http://www.kb.cert.org/vuls/id/897144
https://www.securifera.com/advisories/cve-2016-2345
http://www.dameware.com/products/mini-remote-control/produc

[ more ]  [ reply ]
Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-17
Derek Mahar (derek mahar gmail com)
The security advisory announcement claims that ActiveMQ 5.13.1 and
older versions are affected and that ActiveMQ 5.13.2 fixes the issues.

On 10 March 2016 at 07:45, Christopher Shannon
<christopher.l.shannon (at) gmail (dot) com [email concealed]> wrote:
> There following security vulnerability was reported against Apache
> Ac

[ more ]  [ reply ]
CVE-2016-1520: GrandStream Android VoIP App Update Redirection 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1520: GrandStream Android VoIP App Update Redirection
==============================================================

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably earlier)

Classification:

* [CWE-300 Channel Accessible by Non-Endpoint][CWE300]
* [CWE-319 Cleart

[ more ]  [ reply ]
CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability
==================================================================

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably
earlier)

Classification: [CWE-295 Improper Certificate Validation][CWE295]

## Summary

The

[ more ]  [ reply ]
CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability 2016-03-17
Georg Lukas (lukas rt-solutions de)
CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning
Vulnerability
========================================================================
====
==

Affected app: [Grandstream Wave][GSWAVE] version 1.0.1.26 (and probably
earlier)

Affected device: [Grandstream GXV3275][GXV3275] Android de

[ more ]  [ reply ]
Multiple (persistent) XSS in ProjectSend 2016-03-17
mail michaelhelwig de

* Exploit Title: Multiple (persistent) XSS in ProjectSend
* Discovery Date: 2016/02/19
* Public Disclosure Date: 2016/03/17
* Exploit Author: Michael Helwig
* Contact: https://twitter.com/c0dmtr1x
* Project Homepage: http://www.projectsend.org/
* Software Link: http://www.projectsend.org/download/1

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:15.sysarch Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:14.openssh 2016-03-16
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:14.openssh Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
CORE Advisories Team (advisories coresecurity com) (1 replies)
1. Advisory Information

Title: FreeBSD Kernel amd64_set_ldt Heap Overflow
Advisory ID: CORE-2016-0005
Advisory URL: http://www.coresecurity.com/content/freebsd-kernel-amd64_set_ldt-heap-ov
erflow
Date published: 2016-03-16
Date of last update: 2016-03-14
Vendors contacted: FreeBSD
Release mode: Coor

[ more ]  [ reply ]
Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow 2016-03-16
jungle Boogie (jungleboogie0 gmail com)
[security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information 2016-03-16
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05048753

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05048753
Version: 1

HPSBGN03558 r

[ more ]  [ reply ]
[SECURITY] [DSA 3518-1] spip security update 2016-03-16
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3518-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 16, 2016

[ more ]  [ reply ]
Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS 2016-03-16
rsrathoreravi gmail com
Product: Litecart CMS
Vendor: Litecart
Vendor Homepage: https://www.litecart.net/
Vulnerable Versions: 1.3.4 and probably prior
Tested Version: 1.3.4
Issue Reported: Feb 24, 2016
Vendor Fix: Feb 28, 2016
Public Disclosure: June 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: M

[ more ]  [ reply ]
[slackware-security] seamonkey (SSA:2016-075-02) 2016-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] seamonkey (SSA:2016-075-02)

New seamonkey packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/seam

[ more ]  [ reply ]
[slackware-security] git (SSA:2016-075-01) 2016-03-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] git (SSA:2016-075-01)

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches

[ more ]  [ reply ]
[ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases 2016-03-15
Romain Manni-Bucau (rmannibucau apache org)
The Apache Team Team is pleased to announce the availability of:

Apache TomEE 7.0.0-M3 and 1.7.4

When downloading, please verify signatures using the KEYS file available at:
http://www.apache.org/dist/tomee

Maven artifacts are also available in the central Maven repository.

The releases are prim

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing 2016-03-15
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

this multipart post does not require a MIME-compliant MUA.-)

Part 0:
~~~~~~~

On Windows 7 (other versions of Windows not tested for this
vulnerability, but are likely vulnerable too) all executable
installers/self-extractors based on Microsoft's SFXCAB [*]
load and execute a rogue CryptDl

[ more ]  [ reply ]
[security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution 2016-03-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05048452

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05048452
Version: 1

HPSBGN03556 r

[ more ]  [ reply ]
Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-15
vdronov redhat com
CVE-2016-2188 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-15
vdronov redhat com
CVE-2016-2186 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-15
vdronov redhat com
CVE-2016-2185 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-15
vdronov redhat com
CVE-2016-2184 was assigned to this security flaw. Please, use it in the public communications regarding this flaw, thank you.

[ more ]  [ reply ]
Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences 2016-03-15
vdronov redhat com
CVE-2016-3139 was assigned to this flaw, please, use it in the related communications,
http://seclists.org/oss-sec/2016/q1/623

This security flaw is specific for Red Hat Enterprise Linux 7 (RHEL7).

[ more ]  [ reply ]
Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference 2016-03-15
vdronov redhat com
CVE-2016-3140 was assigned to this flaw, please, use it in the related communications,
http://seclists.org/oss-sec/2016/q1/624

[ more ]  [ reply ]
Re: OS-S 2016-08 Linux mct_u232 Nullpointer Dereference 2016-03-15
vdronov redhat com
CVE-2016-3136 was assigned to this flaw, please, use it in the related communications,
see http://seclists.org/oss-sec/2016/q1/620

[ more ]  [ reply ]
Re: OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference 2016-03-15
vdronov redhat com
CVE-2016-3137 was assigned to this flaw, please, use it in the related communications,
see http://seclists.org/oss-sec/2016/q1/621

[ more ]  [ reply ]
Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference 2016-03-15
vdronov redhat com
CVE-2016-3138 was assigned to this flaw, please, use it in the related communications,
see http://seclists.org/oss-sec/2016/q1/622

[ more ]  [ reply ]
[security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information 2016-03-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04743784

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04743784
Version: 2

HPSBMU03377 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information 2016-03-14
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c04740527

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04740527
Version: 2

HPSBGN03373 r

[ more ]  [ reply ]
Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1781

Release Date:
=============
2016-03-07

Vulnerability Laboratory ID (VL-ID):
=================================

[ more ]  [ reply ]
Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1781

Release Date:
=============
2016-03-14

Vulnerability Laboratory ID (VL-ID):
==========================

[ more ]  [ reply ]
ChitaSoft (Web-Application) - SQL Injection Vulnerability 2016-03-14
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
ChitaSoft (Web-Application) - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1782

Release Date:
=============
2016-03-14

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
Reflected Cross-Site Scripiting in CuteEditor 2016-03-14
adrmm outlook com
# Exploit Title: Reflected Cross-Site Scripiting in CuteEditor
# Google Dork: inurl:/CuteSoft_Client/CuteEditor/ Template.aspx
# Date: 2016/03/14
# CVSS Score: 5.8
# CVSS v2 Vector (AV:N/AC:M/Au:N/C:P/I:P/A:N)
# CVSS https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:
N/C:P/I:N/A

[ more ]  [ reply ]
ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability 2016-03-14
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2016-012: EMC Documentum xCP ? User Information Disclosure Vulnerability

EMC Identifier: ESA-2016-012

CVE Identifier: CVE-2016-0886

Severity Rating: CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected products:

? E

[ more ]  [ reply ]
Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-14
amaris redhat com
This was assigned CVE-2016-2184, the same for:

http://seclists.org/bugtraq/2016/Mar/88
http://seclists.org/bugtraq/2016/Mar/89

[ more ]  [ reply ]
[SECURITY] [DSA 3516-1] wireshark security update 2016-03-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3516-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 13, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3515-1] graphite2 security update 2016-03-13
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3515-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 13, 2016

[ more ]  [ reply ]
Soundy Background Music XSS Vulnerability 2016-03-12
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Soundy Background Music
#Exploit Author : Rahul Pratap Singh
#Version : 3.1
#Home page Link : https://wordpress.org/plugins/soundy-background-music/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 12/3/2016

XSS Vu

[ more ]  [ reply ]
[SECURITY] [DSA 3514-1] samba security update 2016-03-12
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3514-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 12, 2016

[ more ]  [ reply ]
WebKitGTK+ Security Advisory WSA-2016-0002 2016-03-11
Carlos Alberto Lopez Perez (clopez igalia com)
------------------------------------------------------------------------

WebKitGTK+ Security Advisory WSA-2016-0002
------------------------------------------------------------------------

Date reported : March 11, 2016
Advisory ID : WSA-2016-0002
Advisory

[ more ]  [ reply ]
DW Question Answer Stored XSS Vulnerability 2016-03-11
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : DW Question Answer
#Exploit Author : Rahul Pratap Singh
#Version : 1.4.2.2
#Home page Link : https://wordpress.org/plugins/dw-question-answer/
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 11/3/2016

XSS Vulnerab

[ more ]  [ reply ]
[slackware-security] openssh (SSA:2016-070-01) 2016-03-11
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssh (SSA:2016-070-01)

New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-18
Linux ati_remote2 multiple Nullpointer Dereferences

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel

[ more ]  [ reply ]
oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-17
Linux snd-usb-audio Multiple Free

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple
free) o

[ more ]  [ reply ]
oss-2016-16: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-16
Linux snd-usb-audio Nullpointer Dereference

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on inval

[ more ]  [ reply ]
oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-15
Linux iowarrior Nullpointer Dereference

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid

[ more ]  [ reply ]
oss-2016-14: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-10
Linux visor (treo_attach) Nullpointer Dereference

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: CVE-2016-2782
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on in

[ more ]  [ reply ]
oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver) 2016-03-10
Ralf Spenneberg (info os-t de)
OS-S Security Advisory 2016-13
Linux powermate Nullpointer Dereference

Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid

[ more ]  [ reply ]
[SECURITY] [DSA 3513-1] chromium-browser security update 2016-03-10
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3513-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
March 10, 2016

[ more ]  [ reply ]
[ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking 2016-03-10
Christopher Shannon (christopher l shannon gmail com)
There following security vulnerability was reported against Apache
ActiveMQ 5.13.1 and older versions.

Please check the following document and see if youâ??re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announ
cement.txt

Apache ActiveMQ 5.13.2 and newer

[ more ]  [ reply ]
[ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting 2016-03-10
Christopher Shannon (christopher l shannon gmail com)
There following security vulnerability was reported against Apache
ActiveMQ 5.13.0 and older versions.

Please check the following document and see if youâ??re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announ
cement.txt

Apache ActiveMQ 5.13.1 and newer

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:12.openssl 2016-03-10
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:12.openssl Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
FreeBSD Security Advisory FreeBSD-SA-16:13.bind 2016-03-10
FreeBSD Security Advisories (security-advisories freebsd org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

========================================================================
=====
FreeBSD-SA-16:13.bind Security Advisory
The FreeBSD Project

Topic:

[ more ]  [ reply ]
[slackware-security] mozilla-nss (SSA:2016-069-02) 2016-03-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-nss (SSA:2016-069-02)

New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/pa

[ more ]  [ reply ]
[slackware-security] bind (SSA:2016-069-01) 2016-03-10
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] bind (SSA:2016-069-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch

[ more ]  [ reply ]
Microsoft Edge CDOMTextNode::get_data type confusion 2016-03-11
Berend-Jan Wever (berendjanwever gmail com)
Hey,

Last Tuesday, Microsoft fixed a security issue in Microsoft Edge that I
was aware of, but had not had time to report. (i.e. I was waiting for
vulnerability contributor programs to look over my analysis and make me
an offer for the information). Since this issue has been fixed, I have
published

[ more ]  [ reply ]
[SE-2012-01] Broken security fix in Oracle Java SE 7/8/9 2016-03-10
Security Explorations (contact security-explorations com)

Hello All,

On Mar 07, 2016 Security Explorations modified its Disclosure Policy [1].
As a result, we do not tolerate broken fixes any more. If an instance
of a broken fix for a vulnerability we already reported to the vendor
is encountered, it gets disclosed by us without any prior notice.

The ve

[ more ]  [ reply ]
[SECURITY] [DSA 3512-1] libotr security update 2016-03-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3512-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 09, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3511-1] bind9 security update 2016-03-09
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3511-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
March 09, 2016

[ more ]  [ reply ]
[CORE-2016-0003] - Samsung SW Update Tool MiTM 2016-03-09
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: Samsung SW Update Tool MiTM
Advisory ID: CORE-2016-0003
Advisory URL: http://www.coresecurity.com/advisories/samsung-sw-update-tool-mitm
Date published: 2016-03-07
Date of last update: 2016-03-04
Vendors contacted: Samsung
Release mode: Coordinated release

2. Vulnera

[ more ]  [ reply ]
[SECURITY] [DSA 3509-1] rails security update 2016-03-09
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3509-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Luciano Bello
March 09, 2016

[ more ]  [ reply ]
[SECURITY] [DSA 3510-1] iceweasel security update 2016-03-09
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3510-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 09, 2016

[ more ]  [ reply ]
Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability 2016-03-09
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability

Advisory ID: cisco-sa-20160309-csc

Revision 1.0

For Public Release 2016 March 09 16:00 GMT (UTC)

+---------------------------

[ more ]  [ reply ]
[CORE-2016-0004] - SAP Download Manager Password Weak Encryption 2016-03-09
CORE Advisories Team (advisories coresecurity com)
1. Advisory Information

Title: SAP Download Manager Password Weak Encryption
Advisory ID: CORE-2016-0004
Advisory URL: http://www.coresecurity.com/advisories/sap-download-manager-password-wea
k-encryption
Date published: 2016-03-08
Date of last update: 2016-03-07
Vendors contacted: SAP
Release mode:

[ more ]  [ reply ]
Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr" 2016-03-09
X41 D-Sec GmbH Advisories (advisories x41-dsec de)

X41 D-Sec GmbH Security Advisory: X41-2016-001

Memory Corruption Vulnerability in "libotr"
===========================================

Overview
--------
Severity Rating: high
Confirmed Affected Version: 4.1.0 and below
Confirmed Patched Version: libotr 4.1.1
Vendor: OTR Development Team
Vendor UR

[ more ]  [ reply ]
(Page 26 of 525)  < Prev  21 22 23 24 25 26 27 28 29 30 31  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus