|
|
Colapse all |
Post message
RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-07 Alexandre Herzog (Alexandre Herzog csnc ch) Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07 lem nikolas gmail com [SECURITY] [DSA 3369-1] zendframework security update 2015-10-06 Alessandro Ghedini (ghedo debian org) Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows) 2015-10-07 Nicholas Lemonias. (lem nikolas googlemail com) Zope Management Interface CSRF vulnerabilities 2015-10-07 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-ZOPE-CSRF.txt Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-ba [ more ] [ reply ] [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin 2015-10-06 ibeptaz gmail com Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin CVE: CVE-2015-7670 Vendor: Tim Dahlmanns Product: Support Ticket System Affected version: 1.2 Fixed version: 1.2.1 Reported by: Ibéria Medeiros Vulnerability Details: ===================== It was discovered that no pro [ more ] [ reply ] TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390 2015-10-07 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker. Name: SQL Injection Vulnerability in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : SQL Injection Severity : Critical Status : Fixed CVE-ID [ more ] [ reply ] TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391 2015-10-07 Onur Yilmaz (onur netsparker com) Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status : Fix [ more ] [ reply ] Local RedHat Enterprise Linux DoS â?? RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver) 2015-10-07 Ralf Spenneberg (info os-t de) (1 replies) OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt info (at) os-s (dot) net [email concealed] OS-S Security Advisory 2015-04 http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescri ptors-UsbvisionDriver.pdf Date: October 7th, 2015 Last Updated: October 7th, 2015 Authors: Sergej Schumilo, Hendri [ more ] [ reply ] Re: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver) 2015-10-07 Ralf Spenneberg (ralf os-t de) Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img 2015-10-06 Alexandre Herzog (Alexandre Herzog csnc ch) ############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # Product: Netgear Router Firmware N300_1.1.0.31_1.0.1.img # and N300-1.1.0.28_1.0.1.img # [ more ] [ reply ] Advisory: web-based VM detection and coarse-grained fingerprinting 2015-10-05 Amit Klein (aksecurity gmail com) Hi In three browser families researched (Edge, Internet Explorer and Firefox - all on Windows 7 or above), it is possible to extract the frequency of the Windows performance counter, using standard HTML and Javascript. With the Windows performance counter frequency, it is possible to remotely detec [ more ] [ reply ] LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow 2015-10-06 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-LANWHOIS-BUFFER-OVERFLOW-1 0062015.txt Vendor: ================================ www.lantricks.com Product: ================================ LanWhoIs.exe 1.0.1.120 LanWhoIs [ more ] [ reply ] [security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege 2015-10-05 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04718530 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04718530 Version: 2 HPSBUX03359 S [ more ] [ reply ] [slackware-security] seamonkey (SSA:2015-274-03) 2015-10-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2015-274-03) New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packag [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2015-274-01) 2015-10-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-274-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] [slackware-security] php (SSA:2015-274-02) 2015-10-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2015-274-02) New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/php-5.4.4 [ more ] [ reply ] [security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information 2015-10-02 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04779034 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04779034 Version: 2 HPSBST03418 r [ more ] [ reply ] FTGate 2009 Build 6.4.00 CSRF Vulnerabilities 2015-10-02 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-CSRF.txt Vendor: ================================ www.ftgate.com Product: ======================================== FTGate 2009 SR3 May 13 2010 Build 6.4.00 Vu [ more ] [ reply ] CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability 2015-10-02 Specto (specto custodela com) Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected (verified) versions: v7.2.2 -> v7.2.5 CVE === [ more ] [ reply ] [SYSS-2015-039] CSRF in OpenText Secure MFT 2015-10-02 adrian vollmer syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-039 Product: Secure MFT Vendor: http://www.opentext.com Affected Version(s): 2013 R3, 2014 R1/R2, 2015 R1 Tested Version(s): 2014 R2 SP4 Vulnerability Type: Cross-Site Request Forgery (CWE-352) Risk Level: Medium Solution Status [ more ] [ reply ] [ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution 2015-10-02 Pedro Ribeiro (pedrib gmail com) Hi, Yet another RCE bug in ManageEngine ServiceDesk. This was disclosed by ZDI under ID ZDI-15-396 on August 20th, and fixed in version 9103 [1]. Details below, full advisory can be obtained from my repo at [E2]. A Metasploit module that exploits this vulnerability has been submitted upstream in [ [ more ] [ reply ] Qualys Security Advisory - OpenSMTPD Audit Report 2015-10-02 Qualys Security Advisory (qsa qualys com) (Sorry for the "CVE-2015-ABCD" place-holders in the report, but OpenSMTPD's developers were ready with the patches before MITRE was ready with the CVE-IDs.) Qualys Security Advisory OpenSMTPD Audit Report ======================================================================== Contents ======== [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED] 2015-10-02 FreeBSD Security Advisories (security-advisories freebsd org) ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage 2015-10-02 jerzy patraszewski gmail com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage Author: Jerzy Patraszewski Date: 10 July 2015 Affected software : =================== ZTE GPON: F427 Version: V3.0 Firmware Image: F460_IMS_V2.30.10P [ more ] [ reply ] Reflected Cross-Site Scripting (XSS) in SourceBans 2015-10-03 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23273 Product: SourceBans Vendor: Sourcebans team Vulnerable Version(s): 1.4.11 and probably prior Tested Version: 1.4.11 Advisory Publication: October 2, 2015 [without technical details] Vendor Notification: October 2, 2015 Public Disclosure: October 23, 2015 Vulnerability Type: [ more ] [ reply ] Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin 2015-10-04 ibemed gmail com Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin CVE: CVE-2015-7666 Vendor: WordPress DWBooster Product: Payment Form for PayPal Pro Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Ibéria Medeiros Vulnerability Details: ============ [ more ] [ reply ] Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin 2015-10-04 ibemed gmail com Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin CVE: CVE-2015-7667 Vendor: WordPress web-mv Product: ResAds Affected version: 1.0.1 Fixed version: 1.0.2 Reported by: Ibéria Medeiros Vulnerability Details: ===================== It was discovered that no protectio [ more ] [ reply ] Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting 2015-10-02 appsec (appsec bmc com) Errata: This is a correction of our previous disclosure email from September 23rd, 2015. Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself. This is NOT the case, but rather the vulnerability is in how the "BIRT Viewer" was configured w [ more ] [ reply ] |
|
Privacy Statement |
Thanks for your feedback. Daniel, who discovered the issue and liaised with Netgear to get the issue patched, is in CC of this email.
Would you mind to share some further details? This may help putting pressure on Netgear to release the patch they actually developed beginning of September
[ more ] [ reply ]