|
|
Colapse all |
Post message
[SECURITY] [DSA 3444-1] wordpress security update 2016-01-13 Salvatore Bonaccorso (carnil debian org) Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability 2016-01-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability Advisory ID: cisco-sa-20160113-air Revision 1.0 For Public Release 2016 January 13 16:00 UTC (GMT) +------------------------------------------------------------- [ more ] [ reply ] [security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities 2016-01-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04939841 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04939841 Version: 1 HPSBHF03535 r [ more ] [ reply ] Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 2016-01-14 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 ======================================================================== Contents ======================================================================== Summary Information Leak (CVE-2016-0777) - Anal [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 3445-1] pygments security update 2016-01-13 Salvatore Bonaccorso (carnil debian org) WP Symposium Pro Social Network Plugin XSS Vulnerability 2016-01-12 Rahul Pratap Singh (techno rps gmail com) ##FULL DISCLOSURE #Product : WP Symposium Pro Social Network plugin #Exploit Author : Rahul Pratap Singh #Home page Link : https://wordpress.org/plugins/wp-symposium-pro #Version : 16.1 #Website : 0x62626262.wordpress.com #Twitter : @0x62626262 #Linkedin : https://in.linkedin.com/in/rahulprataps [ more ] [ reply ] [security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities 2016-01-13 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04941487 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04941487 Version: 1 HPSBGN03532 r [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:02.ntp 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module 2016-01-13 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Version(s): 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnera [ more ] [ reply ] [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ... 2016-01-13 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, IExpress (<https://msdn.microsoft.com/en-us/library/dd346760.aspx>) creates executable installers [°] or self-extracting archives for Windows by embedding a .CAB archive and some strings as resources into a copy of the program %SystemRoot%\System32\WExtract.exe. These self-extracting archi [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-16:03.linux 2016-01-14 FreeBSD Security Advisories (security-advisories freebsd org) Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability 2016-01-13 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability Advisory ID: cisco-sa-20160113-ise Revision: 1.0 For Public Release 2016 January 13 16:00 GMT +------------------------------------------------------------ [ more ] [ reply ] Commentator Wordpress Plugin 2.5.2 XSS Vulnerability 2016-01-13 Rahul Pratap Singh (techno rps gmail com) ## Full Disclosure #Product : Commentator Wordpress Plugin #Exploit Author : Rahul Pratap Singh #Version : 2.5.2 #Home page Link : http://codecanyon.net/item/commentator-wordpress-plugin/6425752 #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Dat [ more ] [ reply ] [SECURITY] [DSA 3431-2] ganeti regression update 2016-01-14 Salvatore Bonaccorso (carnil debian org) SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems 2016-01-12 SEC Consult Vulnerability Lab (research sec-consult com) SEC Consult Vulnerability Lab released a new whitepaper titled: "Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems" - the dinosaurs want their vuln back Link to blog overview: ---------------------- Including slides from presentations on this topic (with details & demos [ more ] [ reply ] Exploiting XXE vulnerabilities in AMF libraries 2016-01-11 Nicolas Grégoire (nicolas gregoire agarri fr) Hello, AMF (aka "Action Message Format") is a binary format used by Flash applications communicating with server-side components. A few data types supported by AMF deal with XML content (for example the "XML Document" type in AMF0). In 2015, several AMF libraries (including BlazeDS and PyAMF) were [ more ] [ reply ] Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability 2016-01-11 Reed Loden (reed reedloden com) Again, how is that any different from you saving the contents of that <script> call to foo.html and opening that in Firefox? It's not even a self-XSS where you're impacting some other domain, as the null principal is loaded (as per https://bugzilla.mozilla.org/show_bug.cgi?id=656433), so it doesn't [ more ] [ reply ] Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode) 2016-01-10 fgghy dodo com #!/usr/bin/python # Buffer Overflow (Long transporting mode) Vulnerability Exploit # This is just a DoS exploiting code # Tested on Windows xp SP2 # # Requires python and impacket # # Coded by Liu Qixu Of NCNIPC import socket import sys host = '192.168.1.11' port = 69 try: s = socke [ more ] [ reply ] OpenBravo Hibernate HQL Injection 2016-01-11 Ng, Sam \(Fortify\) (samn hpe com) Title: OpenBravo Hibernate HQL Injection Vulnerability Author: Sam Ng, HPE Software Security Research Team Vendor Patch: 3.0PR15Q3.4 and 3.0PR15Q4.1 Vendor Reference: https://issues.openbravo.com/view.php?id=31577, http://wiki.openbravo.com/wiki/Release_Notes/3.0PR15Q3.4, http://wiki.openbravo.com/w [ more ] [ reply ] [SECURITY] [DSA 3437-1] gnutls26 security update 2016-01-09 Salvatore Bonaccorso (carnil debian org) |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3444-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2016
[ more ] [ reply ]