|
|
Colapse all |
Post message
[slackware-security] curl (SSA:2015-302-01) 2015-10-29 Slackware Security Team (security slackware com) [slackware-security] ntp (SSA:2015-302-03) 2015-10-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2015-302-03) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches [ more ] [ reply ] [SECURITY] [DSA 3383-1] wordpress security update 2015-10-29 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3332-2] wordpress regression update 2015-10-29 Salvatore Bonaccorso (carnil debian org) [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-030] Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe -injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Clas [ more ] [ reply ] [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: [ERPSCAN-15-029] Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe -injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Cl [ more ] [ reply ] [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability 2015-10-29 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-028] Advisory URL: http://erpscan.com/advisories/erpscan-15-028-oracle-e-business-suite-xxe -injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Clas [ more ] [ reply ] Cross-Site Request Forgery on Oxwall 2015-10-29 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23266 Product: Oxwall Vendor: http://www.oxwall.org Vulnerable Version(s): 1.7.4 and probably prior Tested Version: 1.7.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: September 8, 2015 Public Disclosure: October 22 [ more ] [ reply ] CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver CVE: CVE-2015-7723 Vendor: AMD Product: fglrx-driver Affected version: 14.4.2 Fixed version: 15.7 Reported by: Tim Brown Details: It has been identified that the userla [ more ] [ reply ] CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver 2015-10-29 Portcullis Advisories (advisories portcullis-security com) Vulnerability title: Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver CVE: CVE-2015-7724 Vendor: AMD Product: fglrx-driver Affected version: 15.7 Fixed version: 15.9 Reported by: Tim Brown Details: In the process of validating the fix for [ more ] [ reply ] Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE 2015-10-28 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Mozilla's (executable) full setup packages for Windows allow arbitrary code execution resp. escalation of privilege: their SETUP.EXE loads SHFOLDER.DLL ['] from a temporary (sub)directory "%TEMP%\7zS<hex>.tmp\" created during self-extraction of the full setup packages. This vulnerability i [ more ] [ reply ] [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability 2015-10-27 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite Cross-site Scripting Advisory ID: [ERPSCAN-15-027] Advisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite -cross-site-scripting-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFO [ more ] [ reply ] [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability 2015-10-27 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: [ERPSCAN-15-026] Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql -injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Clas [ more ] [ reply ] [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability 2015-10-27 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: [ERPSCAN-15-025] Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-dat abase-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2. VULNER [ more ] [ reply ] MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) 2015-10-26 submit cxsec org /* MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC) Credit: Maksymilian Arciemowicz ( CXSECURITY ) Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - Commands such as: zip, tar, find - AntiVirus: Avast, Eset32 Let's back to an old bug, which Apple does not pat [ more ] [ reply ] MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow 2015-10-26 submit cxsec org MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow Credit: Maksymilian Arciemowicz ( CXSECURITY ) Website: http://cxsecurity.com/ http://cert.cx/ Affected software: - Commands such as: ls, find, rm - probably more Apple file system suffer for a issue recognised in FTS library. [ more ] [ reply ] Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities 2015-10-26 Secunia Research (remove-vuln secunia com) Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability 2015-10-26 Secunia Research (remove-vuln secunia com) ====================================================================== Secunia Research (now part of Flexera Software) 09/10/2015 Google Picasa Phase One Tags Processing Integer Overflow Vulnerability ====================================================================== Table of Co [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:25.ntp 2015-10-26 FreeBSD Security Advisories (security-advisories freebsd org) AlienVault OSSIM 4.3 CSRF 2015-10-26 mohammadreza mohajerani gmail com # Exploit Title: [AlienVault - OSSIM CSRF] # Date: [10-5-2015] # Exploit Author: [MohamadReza Mohajerani] # Vendor Homepage: [www.alienvault.com] # Software Link: [https://www.alienvault.com/products/ossim] # Version: [4.3] Vulnerability Details: ===================== Multiple CSRF vectors exist [ more ] [ reply ] AlienVault OSSIM 4.3 CSRF vulnerability report 2015-10-25 mohammadreza mohajerani gmail com Dear Sir/Madam, I would like to report a vulnerability in AlienVault OSSIM v4.3 products which led to CSRF attack here is the news : 1)https://packetstormsecurity.com/files/134060/alienvaultossim-xsrf.txt 2)https://www.exploit-db.com/exploits/38400/ and here is the detail of attack: # Exploit Titl [ more ] [ reply ] [SECURITY] [DSA 3379-1] miniupnpc security update 2015-10-25 Salvatore Bonaccorso (carnil debian org) Fwd: Timing attack vulnerability in most Zeus server-sides 2015-10-25 rotem kerner (nullfield gmail com) Hey list, The vulnerability I've discovered is basically a timing attack which enable a remote attacker to resolve the length in characters of the reports directory name by carefully measuring the response time of the server. While this vulnerability maybe considered as low risk, as well as found o [ more ] [ reply ] [SECURITY] [DSA 3377-1] mysql-5.5 security update 2015-10-24 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information 2015-10-23 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 1 HPSBGN03429 r [ more ] [ reply ] [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information 2015-10-23 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04863562 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863562 Version: 1 HPSBGN03428 r [ more ] [ reply ] |
|
Privacy Statement |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] curl (SSA:2015-302-01)
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patch
[ more ] [ reply ]