|
|
Colapse all |
Post message
WebKitGTK+ Security Advisory WSA-2016-0001 2016-02-01 Carlos Alberto Lopez Perez (clopez igalia com) File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities 2016-02-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1695 Release Date: ============= 2016-02-01 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-02-01 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1692 Release Date: ============= 2016-01-29 Vulnerability Laboratory ID (VL-ID): =============== [ more ] [ reply ] eClinicalWorks (CCMR) - Multiple Vulnerabilities 2016-01-31 jerold v00d00sec com # Title: eClinicalWorks (CCMR) - Multiple Vulnerabilities # Vendor: https://www.eclinicalworks.com # Product: eClinicalWorks Population Health (CCMR) Client Portal Software # URL: https://www.eclinicalworks.com/products-services/population-health-ccmr/ # Credit: Jerold Hoong ---------------------- [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege 2016-01-30 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installer winima90.exe and previous versions available from <http://www.winimage.com> loads and executes CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll from its "application directory". Self-extracting executables created with WinImage load and execute CRTdll.dl [ more ] [ reply ] WP-Comment-Rating XSS Vulnerability 2016-01-30 Rahul Pratap Singh (techno rps gmail com) ## FULL DISCLOSURE #Product : wp-comment-rating #Exploit Author : Rahul Pratap Singh #Version : 1.5.0 #Home page Link : http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710 #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 30/Jan/201 [ more ] [ reply ] OpenXchange | Information Disclosure 2016-01-30 t schughart prosec-networks com Hi@all, there is an information disclosure in OpenXchange (prior 7.8). An authenticated user can enumerate all imap user folders. If you browse the PoC you get an permission denied error, but the folderâ??s name is reflected into the page in json format. About Open Xchange: Open-Xchange[2] devel [ more ] [ reply ] VMWare Zimbra Mailer |Â DKIM longterm Mail Replay vulnerability 2016-01-30 t schughart prosec-networks com Hi@all, VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions with DKIM implementation are vulnerable to longterm Mail Replay attacks. If the expiration header is not set, the signature never expires. This means, that the e-mail, perhaps catched while performing a man in the mi [ more ] [ reply ] CVE-2015-5344 - Apache Camel medium disclosure vulnerability 2016-01-30 Claus Ibsen (claus ibsen gmail com) Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks Apache Camel's camel-xstream component is vulnerable to Java object de-serialisation vulnerability. Such as de-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-s [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:11.openssl 2016-01-30 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04779492 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04779492 Version: 3 HPSBHF03419 r [ more ] [ reply ] Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network 2016-01-29 kingkaustubh me com Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management Author: Kaustubh G. Padwad Vendor: ZOHO Corp Product: ManageEngine Network Configuration Manager Tested Version: : Network Configuration Manager Build 11000 Severity: HIGH About the Product: == [ more ] [ reply ] [security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04953655 Version: 1 HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon a [ more ] [ reply ] ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation 2016-01-29 graphx sigaint org # Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation # Exploit Author: @GraphX # Vendor Homepage:http://www.manageengine.com # Version: 4.0 - 10 1. Description: The manageengine eventlog analyzer fails to properly verify user privileges when making changes via the userManagemen [ more ] [ reply ] [security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS) 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04952488 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04952488 Version: 1 HPSBOV03540 r [ more ] [ reply ] [security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS) 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04952480 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04952480 Version: 1 HPSBHF03539 r [ more ] [ reply ] [security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04949778 Version: 1 HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible [ more ] [ reply ] [security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution 2016-01-29 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04953244 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04953244 Version: 1 HPSBGN03542 r [ more ] [ reply ] Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability 2016-01-29 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1692 Release Date: ============= 2016-01-29 Vulnerability Laboratory ID (VL-ID): =============== [ more ] [ reply ] ProjectSend multiple vulnerabilities 2016-01-29 Filippo Cavallarin (filippo cavallarin wearesegment com) Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend (previously cFTP) Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference Risk level: 4 / 5 Credit: f [ more ] [ reply ] [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS) 2016-01-28 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04952467 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04952467 Version: 1 HPSBHF03538 r [ more ] [ reply ] [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-28 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04939841 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04939841 Version: 3 HPSBHF03535 r [ more ] [ reply ] CVE-2015-7521: Apache Hive authorization bug disclosure 2016-01-28 khorgath apache org (Sushanth Sowmyan) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2015-7521: Apache Hive authorization bug disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Hive 1.0.0 - 1.0.1 Apache Hive 1.1.0 - 1.1.1 Apache Hive 1.2.0 - 1.2.1 Description: Some partition-level op [ more ] [ reply ] [SECURITY] [DSA 3459-1] mysql-5.5 security update 2016-01-28 Salvatore Bonaccorso (carnil debian org) New Era Company CMS - (id) SQL Injection Vulnerability 2016-01-28 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== New Era Company CMS - (id) SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1678 Release Date: ============= 2016-01-28 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] |
|
Privacy Statement |
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------
Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Adviso
[ more ] [ reply ]