SecurityFocus

[SECURITY] [DSA 3507-1] chromium-browser security update 2016-03-05
Michael Gilbert (mgilbert debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3507-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
March 05, 2016

[ more ] [ reply ]

Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege 2016-03-06
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

the executable installer clamwin-0.99-setup.exe (available from
<http://www.clamwin.com/download>) loads and executes DWMAPI.dll
or UXTheme.dll from its "application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" direct

[ more ] [ reply ]

Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege 2016-03-06
Stefan Kanthak (stefan kanthak nexgo de)

Hi @ll,

Malwarebytes executable installers mbam-setup-2.2.0.1024.exe
and mbae-setup-1.08.1.1189.exe (available from
<https://downloads.malwarebytes.org/file/mbam_current/> and
<https://downloads.malwarebytes.org/file/mbae_current/>) load
and execute UXTheme.dll and DWMAPI.dll from their "applicatio

[ more ] [ reply ]

McAfee VirusScan Enterprise security restrictions bypass 2016-03-04
Agazzini Maurizio (inode mediaservice net)

Security Advisory @ Mediaservice.net Srl
(#01, 13/04/2016) Data Security Division

Title: McAfee VirusScan Enterprise security restrictions bypass
Application: McAfee VirusScan Enterprise 8.8 and prior versions
Platform: Microsoft Windows
Description: A local Windows admi

[ more ] [ reply ]

[SECURITY] [DSA 3504-1] bsh security update 2016-03-04
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3504-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 04, 2016

[ more ] [ reply ]

[SECURITY] [DSA 3505-1] wireshark security update 2016-03-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3505-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2016

[ more ] [ reply ]

[SECURITY] [DSA 3506-1] libav security update 2016-03-04
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3506-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2016

[ more ] [ reply ]

[SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-058
Product: Thru Managed File Transfer Portal
Manufacturer: Thru
Affected Version(s): 9.0.2
Tested Version(s): 9.0.2
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: Medium
Solution Status: Fixed
Manu

[ more ] [ reply ]

[SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-059
Product: Thru Managed File Transfer Portal
Manufacturer: Thru
Affected Version(s): 9.0.2
Tested Version(s): 9.0.2
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: Medium
Solution Status: Fixed
Manu

[ more ] [ reply ]

[SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED) 2016-03-04
erlijn vangenuchten syss de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-060
Product: Thru Managed File Transfer Portal
Manufacturer: Thru
Affected Version(s): 9.0.2
Tested Version(s): 9.0.2
Vulnerability Type: Improperly Implemented Security Check for Standard
(CWE-358)
Risk Lev

[ more ] [ reply ]

[SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED) 2016-03-04
erlijn vangenuchten syss de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-064
Product: Thru Managed File Transfer Portal
Manufacturer: Thru
Affected Version(s): 9.0.2
Tested Version(s): 9.0.2
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: Medium
Solution Status: Fixed
Manu

[ more ] [ reply ]

[SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service 2016-03-04
disclosure syss de

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-053
Product: innovaphone IP222/IP232
Manufacturer: innovaphone AG
Affected Version(s): 11r1s r2
Tested Version(s): 11r1s r2
Vulnerability Type: Denial of Service (CWE-730)
Risk Level: Medium
Solution Status: Fixed
Manufacturer N

[ more ] [ reply ]

[security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information 2016-03-03
HP Security Alert (hp-security-alert hp com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0503035
3

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05030353
Version: 1

HPSBPI03546 rev.1 - HP Lase

[ more ] [ reply ]

[security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service 2016-03-03
HP Security Alert (hp-security-alert hp com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0501246
9

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05012469
Version: 1

HPSBHF03439 rev.1 - HP Comm

[ more ] [ reply ]

[security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information 2016-03-03
security-alert hpe com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05026202

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05026202
Version: 2

HPSBGN03550 r

[ more ] [ reply ]

[SECURITY] [DSA 3503-1] linux security update 2016-03-03
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3503-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Ben Hutchings
March 03, 2016

[ more ] [ reply ]

[SECURITY] [DSA 3426-2] ctdb regression update 2016-03-03
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3426-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2016

[ more ] [ reply ]

[SECURITY] [DSA 3502-1] roundup security update 2016-03-03
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3502-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
March 03, 2016

[ more ] [ reply ]

[slackware-security] mailx (SSA:2016-062-01) 2016-03-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mailx (SSA:2016-062-01)

New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pat

[ more ] [ reply ]

[slackware-security] openssl (SSA:2016-062-02) 2016-03-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] openssl (SSA:2016-062-02)

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+

[ more ] [ reply ]

[slackware-security] php (SSA:2016-062-03) 2016-03-03
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2016-062-03)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.1

[ more ] [ reply ]

WordPress Bulk Delete Plugin [Privilege Escalation] 2016-03-03
Panagiotis Vagenas (pan vagenas gmail com)

ï»¿* Exploit Title: Bulk Delete [Privilege Escalation]
* Discovery Date: 2016-02-10
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: http://bulkwp.com/
* Software Link: https://wordpress.org/plugins/bulk-delete/
* Version: 5.5.3
* Tested on: WordP

[ more ] [ reply ]

[security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges 2016-03-03
HP Security Alert (hp-security-alert hp com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c0501826
5

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05018265
Version: 1

HPSBHF03436 rev.1 - HP Thin

[ more ] [ reply ]

Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability 2016-03-03
David Coomber (davidcoomber infosec gmail com)

Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability
--
http://www.info-sec.ca/advisories/Panda-Security-SM-Manager.html

Overview

"Panda Systems Management is the new way to manage and monitor IT systems."

"Inventory, monitoring, management, remote control and reporting...
All fr

[ more ] [ reply ]

Open-Xchange Security Advisory 2016-03-02 2016-03-02
Martin Heiland (martin heiland lists open-xchange com)

Product: Open-Xchange Guard
Vendor: Open-Xchange GmbH

Internal reference: 42847 (Bug ID)
Vulnerability type: Information exposure (CWE-200)
Vulnerable version: 2.0, 2.2.0
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Fixed version: 2.0.0-rev16, 2.2.0-re

[ more ] [ reply ]

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016 2016-03-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability 2016-03-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability 2016-03-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability 2016-03-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

Cisco Security Advisory: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability 2016-03-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)