|
|
Colapse all |
Post message
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities 2015-12-10 SEC Consult Vulnerability Lab (research sec-consult com) Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products 2015-12-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products Advisory ID: cisco-sa-20151209-java-deserialization Revision 1.0 For Public Release: 2015 December 9 16:00 GMT +----------------------------------------------- [ more ] [ reply ] APPLE-SA-2015-12-08-6 Xcode 7.2 2015-12-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-6 Xcode 7.2 Xcode 7.2 is now available and addresses the following: Git Available for: OS X Yosemite v10.10.5 or later Impact: Multiple vulnerabilities existed in Git Description: Multiple vulnerabilities existed in Git versi [ more ] [ reply ] Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability 2015-12-08 Secunia Research (remove-vuln secunia com) APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 2015-12-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008 OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following: apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: [ more ] [ reply ] [security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution 2015-12-09 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04916783 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04916783 Version: 1 HPSBHF03432 r [ more ] [ reply ] APPLE-SA-2015-12-08-2 tvOS 9.1 2015-12-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-2 tvOS 9.1 tvOS 9.1 is now available and addresses the following: AppleMobileFileIntegrity Available for: Apple TV (4th generation) Impact: A malicious application may be able to execute arbitrary code with system privileges De [ more ] [ reply ] Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability 2015-12-09 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability Advisory ID: cisco-sa-20151209-pca Revision 1.0 For Public Release 2015 December 9 16:00 UTC (GMT) +-------------------------------------------- [ more ] [ reply ] [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference 2015-12-09 CORE Advisories Team (advisories coresecurity com) 1. Advisory Information Title: Microsoft Windows Media Center link file incorrectly resolved reference Advisory ID: CORE-2015-0014 Advisory URL: http://www.coresecurity.com/advisories/microsoft-windows-media-center-li nk-file-incorrectly-resolved-reference Date published: 2015-12-08 Date of last upd [ more ] [ reply ] [security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information 2015-12-09 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04918839 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04918839 Version: 1 HPSBHF03433 S [ more ] [ reply ] APPLE-SA-2015-12-08-5 Safari 9.0.2 2015-12-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-5 Safari 9.0.2 Safari 9.0.2 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website [ more ] [ reply ] APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-09 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access t [ more ] [ reply ] APPLE-SA-2015-12-08-1 iOS 9.2 2015-12-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-1 iOS 9.2 iOS 9.2 is now available and addresses the following: AppleMobileFileIntegrity Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious application may be able t [ more ] [ reply ] [security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information 2015-12-09 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04918653 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04918653 Version: 1 HPSBMU03520 [ more ] [ reply ] Path Traversal via CSRF in bitrix.xscan Bitrix Module 2015-12-09 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Version(s): 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Vendor Patch: November 24, 2015 Public Disclos [ more ] [ reply ] APPLE-SA-2015-12-08-4 watchOS 2.1 2015-12-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-12-08-4 watchOS 2.1 watchOS 2.1 is now available and addresses the following: AppSandbox Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: A malicious application may maintain access t [ more ] [ reply ] Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) 2015-12-08 securityresearch shaftek biz Original: http://securityresearch.shaftek.biz/2015/12/goarro-and-other-taxi-hailin g-apps-did-not-use-ssl.html CERT Advisory: https://www.kb.cert.org/vuls/id/439016 Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge) Overview Arro and possibly over 100 other Andro [ more ] [ reply ] [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 2015-12-09 Vogt, Thomas (Thomas Vogt secunet com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secunet Security Networks AG Security Advisory Advisory: SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities 1. DETAILS - ---------- Product: SECURE DATA SPACE Vendor URL: www.ssp-europe.eu Type: Cross-site [ more ] [ reply ] XSS vulnerability in Intellect Core banking software - Polaris 2015-12-09 msahu controlcase com [+] Credits: Mayank Sahu [+] Email: msahu (at) controlcase (dot) com [email concealed] Vendor: ==================== Intellect Design Arena (Polaris) Product: =================== Intellect Core banking software (Armar module) Vulnerability Type: ========================== Cross site scripting - XSS CVE Reference: ========== [ more ] [ reply ] PHP File Inclusion in bitrix.mpbuilder Bitrix Module 2015-12-09 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Version(s): 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 [without technical details] Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015 [ more ] [ reply ] WordPress Users Ultra Plugin [Blind SQL injection] - Update 2015-12-08 Panagiotis Vagenas (pan vagenas gmail com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Exploit Title: WordPress Users Ultra Plugin [Blind SQL injection] * Discovery Date: 2015/10/19 * Public Disclosure Date: 2015/12/01 * Exploit Author: Panagiotis Vagenas * Contact: https://twitter.com/panVagenas * Vendor Homepage: http://usersultra.co [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege 2015-12-09 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers [°] of Google Chrome are vulnerable: 1. ChromeStandaloneSetup.exe and ChromeSetup.exe load and execute a rogue/bogus/malicious CryptBase.dll (under Windows NT6.x) from their "application directory" [']. For software downloaded with a web browser this is [ more ] [ reply ] MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow 2015-12-08 submit cxsec org Hi @ll, Today Apple fixed buffer overflow issue in LIBC/FTS (CVE-2015-7039). Patch available for: - OS X El Capitan v10.11 and v10.11.1 - iPhone 4s and later, - Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes - Apple TV (4th generation) Impact: Processing a malicious [ more ] [ reply ] [SECURITY] [DSA 3415-1] chromium-browser security update 2015-12-10 Michael Gilbert (mgilbert debian org) Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup 2015-12-07 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, executable installers [°] created with JRSoft InnoSetup (see <http://jrsoftware.org/isinfo.php>; this includes of course InnoSetup itself too) are vulnerable: 1. They load and execute a rogue/bogus/malicious UXTheme.dll ['] eventually found in the directory they are started from (the [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege 2015-12-07 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, the executable installers [°] of the videolan client (VLC, see <http://www.videolan.org/>) are vulnerable: 1. They load and execute a rogue/bogus/malicious ShFolder.dll ['][²] (and other DLLs like SetupAPI.dll or UXTheme.dll too) eventually found in the directory they are started fro [ more ] [ reply ] Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege 2015-12-07 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, executable (un)installers [°] created with Nullsoft Scriptable Install System (NSIS, see <http://nsis.sourceforge.net/>; for some of its victims see <http://nsis.sourceforge.net/users>) are vulnerable: 1. They load and execute a rogue/bogus/malicious ShFolder.dll ['][²] (and other DLLs [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA256
SEC Consult Vulnerability Lab Security Advisory < 20151210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Skybox Platform
vulnerable version: <=7.0.611
[ more ] [ reply ]