|
|
Colapse all |
Post message
[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-10-15 security-alert hp com Freemake Video Downloader 3.7.1 - Code Execution Vulnerability 2015-10-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Freemake Video Downloader 3.7.1 - Code Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1617 Release Date: ============= 2015-10-12 Vulnerability Laboratory ID (VL-ID): ======================== [ more ] [ reply ] PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability 2015-10-15 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1509 EIBBP-31983 (P2) Video: http://www.vulnerability-lab.com/get_content.php?id=1615 Vulnerability Magazine [ more ] [ reply ] Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow 2015-10-14 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-BLAT-MAILER-BUFFER-OVERFLO W.txt Vendor: ================================ www.blat.net http://sourceforge.net/projects/blat/ Product: ================================ Blat v [ more ] [ reply ] US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research 2015-10-14 Nicholas Lemonias. (lem nikolas googlemail com) [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability 2015-10-14 Myria (myriachan gmail com) Vulnerability title (Microsoft): Trusted Boot Security Feature Bypass Vulnerability CVE: CVE-2015-2552 Vendor: Microsoft Product: Windows NT series 8.0+ Affected versions: See "systems affected". Reported by: "Myria" Vulnerability Summary: ===================== An attacker with administrative acces [ more ] [ reply ] [security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information 2015-10-13 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04845334 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04845334 Version: 1 HPSBGN03515 r [ more ] [ reply ] Boolean-based SQL injection Vulnerability in K2 Platforms 2015-10-13 wissam bashour helpag com Title: Boolean-based SQL injection Vulnerability in K2 Platforms. Author: Wissam Bashour - Help AG Middle East Vendor: K2 Product: SmartForms, BlackPearl, K2 for sharepoint Version: 4.6.7 Tested Version: Version 4.6.7 Severity: HIGH CVE Reference: CVE-2015-7299 # About the Product: K2 smartforms c [ more ] [ reply ] AdobeWorkgroupHelper Stack Based Buffer Overflow 2015-10-13 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ADOBE-WRKGRP-BUFFER-OVERFL OW.txt Vendor: ================================ www.adobe.com Product: ================================= AdobeWorkgroupHelper.exe v2.8.3.3 Part o [ more ] [ reply ] CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin 2015-10-12 grajalerts gmail com Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22 Description ================ An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read [ more ] [ reply ] CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin 2015-10-12 grajalerts gmail com Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89 Description ================ Two blind SQL injection vulnerabilities in Pie Register 2.0.18 all [ more ] [ reply ] CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin 2015-10-12 grajalerts gmail com Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7377 (Pending) CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Description ================ An unauthenticated reflected XSS vulnerability in Pie Register [ more ] [ reply ] Multiple Remote Code Execution found in ZHONE 2015-10-12 lyon yang s gmail com Vantage Point Security Advisory 2015-003 ======================================== Title: Multiple Remote Code Execution found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S3. [ more ] [ reply ] [SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection 2015-10-12 matthias deeg syss de [SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials 2015-10-12 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-037 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s): 7.4.4 Build 2247 Tested Version(s): 7.4.4 Build 2247 Vulnerability Type: Insufficiently Protected Credentials (CWE-522) [ more ] [ reply ] Multiple Vulnerabilities found in ZHONE 2015-10-12 lyon yang s gmail com Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A (24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models) Versions affected: < S3.0.501 [ more ] [ reply ] ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities 2015-10-11 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities EMC Identifier:ESA-2015-153 CVE Identifier:CVE-2015-6843 CVE-2015-6844 CVE-2015-6845 CVE-2015-6846 Severity Rating: CVSS Base Score:See NVD (htt [ more ] [ reply ] Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-09 Nicholas Lemonias. (lem nikolas googlemail com) . =========================================================== Advanced Information Security Corporation Security Advisory =========================================================== a888b. d888888b. 8P"YP"Y88 8|o||o|88 8' - .88 8`._.' Y8. d/ `8b. dP . Y8b. d8:' " `::88b d8" 'Y88b :8 [ more ] [ reply ] FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability 2015-10-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1613 Release Date: ============= 2015-10-06 Vulnerability Laboratory ID (VL-ID): ====================== [ more ] [ reply ] W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability 2015-10-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1612 Release Date: ============= 2015-10-06 Vulnerability Laboratory ID (VL-ID): ==== [ more ] [ reply ] PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability 2015-10-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1610 Release Date: ============= 2015-10-01 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability 2015-10-09 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1614 Release Date: ============= 2015-10-07 Vulnerability Laboratory ID (VL-ID): ==================================== [ more ] [ reply ] [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass 2015-10-08 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Buffalo LinkStation Authentication Bypass An authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the s [ more ] [ reply ] Potential vulnerabilites in PayPal Beacons 2015-10-08 securityresearch shaftek biz Original at: http://securityresearch.shaftek.biz/2015/10/potential-vulnerabilites-in- paypal-beacons.html Overview Hardware beacons made by PayPal have some potential vulnerabilities. However, because we have been unable to obtain a physical beacon for testing, these remain theoretical. Background [ more ] [ reply ] Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost 2015-10-07 Nicholas Lemonias. (lem nikolas googlemail com) [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities 2015-10-07 Matteo Beccati (matteo beccati com) A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE 2015-10-07 Pierre Kim (pierre kim sec gmail com) Hello, Please find a text-only version below sent to security mailing-lists. The html version on analysing the vulnerabilities in Huawei 3G routers is posted here: https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to -multiple-threats.html === text-version of the advisory [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04832246
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04832246
Version: 1
HPSBUX03512 S
[ more ] [ reply ]