|
|
Colapse all |
Post message
Xymon: Critical security issues in all versions prior to 4.3.25 2016-02-14 Xymon Software (henrik xymon com) [SECURITY] [DSA 3475-1] postgresql-9.1 security update 2016-02-13 Salvatore Bonaccorso (carnil debian org) KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution 2016-02-12 KoreLogic Disclosures (disclosures korelogic com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution Title: Arris DG1670A Cable Modem Remote Command Execution Advisory ID: KL-001-2016-001 Publication Date: 2016.02.12 Publication URL: https://www.korelogic.com/Resources/Advisories/K [ more ] [ reply ] [SECURITY] [DSA 3476-1] postgresql-9.4 security update 2016-02-13 Salvatore Bonaccorso (carnil debian org) [ERPSCAN-15-032] SAP PCo agent â?? DoS vulnerability 2016-02-12 ERPScan inc (erpscan online gmail com) Application: SAP PCo Versions Affected: SAP PCo 2.2, 2.3, 15.0, and 15.1 Vendor URL: http://SAP.com Bugs: DoS Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2238619 Author: Mathieu Geli (ERPScan) Description 1. [ more ] [ reply ] [ERPSCAN-15-031] SAP MII â?? Encryption Downgrade vulnerability 2016-02-12 ERPScan inc (erpscan online gmail com) [SECURITY] [DSA 3474-1] libgcrypt20 security update 2016-02-12 Salvatore Bonaccorso (carnil debian org) HD Video Player v2.5 iOS - Multiple Web Vulnerabilities 2016-02-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== HD Video Player v2.5 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1719 Release Date: ============= 2016-02-11 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011) 2016-02-12 Berend-Jan Wever (berendjanwever gmail com) Hello everyone, I've recently released examples on twitter of how to trigger two security vulnerabilities in Microsoft Internet Explorer. These issue were discovered last year and reported to Microsoft through ZDI. Microsoft release security updates to address these issues last Tuesday. CVE-2016-0 [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2016-042-01) 2016-02-11 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-042-01) New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/p [ more ] [ reply ] Re: [oss-security] HTTPS Only (Open Source, Python) 2016-02-11 P J P (ppandit redhat com) +-- On Thu, 11 Feb 2016, David Leo wrote --+ | If browser tries to access HTTP address, | you will have three options: | try HTTPS, | Google Cache, | or copy-and-paste the address. | | There is no option to "temporarily bypass HTTPS Only". | You can always do that in another browser. | | Project H [ more ] [ reply ] Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-11 Securify B.V. (lists securify nl) On 11-02-16 14:14, Stefan Kanthak wrote: > "Securify B.V." <lists (at) securify (dot) nl [email concealed]> wrote: >> Microsoft released MS16-014 that fixes this vulnerability. > Such vulnerabilities can be exploited without Office or OLE > (see "Example 7" of <http://seclists.org/fulldisclosure/2013/Jun/123>): > > [snip] > > [ more ] [ reply ] Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability 2016-02-10 Ratio Sec (ratiosec gmail com) ------------------------------------------------------------------------ ----------------------- RatioSec Research Security Advisory RS-2016-002 ------------------------------------------------------------------------ ----------------------- Duplicator Wordpress Plugin Code And Database Dump Via CSRF [ more ] [ reply ] Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities 2016-02-10 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ Microsoft released MS16-014 that fixes this vulnerability. On 16-12-15 19:27, Securify B.V. wrote: > ----------------------------------------------- [ more ] [ reply ] MapsUpdateTask Task DLL side loading vulnerability 2016-02-10 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ MapsUpdateTask Task DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, November 2015 ------------------------------------------------------------------------ [ more ] [ reply ] BDA MPEG2 Transport Information Filter DLL side loading vulnerability 2016-02-10 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ BDA MPEG2 Transport Information Filter DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 ----------------------------------------------------- [ more ] [ reply ] NPS Datastore server DLL side loading vulnerability 2016-02-10 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ NPS Datastore server DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 ----------------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability 2016-02-10 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability Advisory ID: cisco-sa-20160210-asa-ike Revision 1.0 For Public Release 2016 February 10 16:00 GMT (UTC) +--------------------------------------------------- [ more ] [ reply ] Remote Code Execution in Exponent 2016-02-10 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23290 Product: Exponent Vendor: http://www.exponentcms.org/ Vulnerable Version(s): 2.3.7 and probably prior Tested Version: 2.3.7 Advisory Publication: January 13, 2016 [without technical details] Vendor Notification: January 13, 2016 Vendor Patch: January 23, 2016 Public Disclos [ more ] [ reply ] Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability 2016-02-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1536 Adobe Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb16-05.h tml http [ more ] [ reply ] MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability 2016-02-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1706 Release Date: ============= 2016-02-10 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities 2016-02-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability 2016-02-10 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Getdpd Bug Bounty #6 - (Import) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1718 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID (VL-ID): ============================== [ more ] [ reply ] VP2016-001: Remote Command Execution in File Replication Pro 2016-02-10 Vantage Point Security (lists vantagepoint sg) Vantage Point Security Advisory 2016-001 ================================ Title: File Replication Pro Remote Command Execution Vendor: File Replication Pro Vendor URL: http://www.filereplicationpro.com/ Versions affected: =< 7.2.0 Severity: High Vendor notified: Yes Reported: 29 October 2015 Public [ more ] [ reply ] SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities 2016-02-10 SEC Consult Vulnerability Lab (research sec-consult com) ManageEngine Eventlog Analyzer Privilege Escalation v10.8 2016-02-10 graphx sigaint org # ManageEngine EventLog Analyzer v10.8 # Date: 2/9/2016 # Exploit Author: @GraphX # Vendor Homepage: http://www.manageengine.com # Version: 10.8 1 Description: It is possible for a remote authenticated attacker using an unprivileged account to gain access to the admin account via parameter manipula [ more ] [ reply ] dotDefender Firewall CSRF 2016-02-10 hyp3rlinx lycos com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt Vendor: ================== www.applicure.com Product: ===================== dotDefender Firewall Versions: 5.00.12865 / 5.13-13282 dotDefender is [ more ] [ reply ] |
|
Privacy Statement |
Multiple security issues have been found in the server component of the
Xymon monitoring system. These issues affect all versions of Xymon 4.3.x
prior to 4.3.25, as well as the obsolete 4.1.x and 4.2.x versions.
All issues have been resolved in Xymon 4.3.25, released on Feb 8 2016.
It is av
[ more ] [ reply ]