|
|
Colapse all |
Post message
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting 2015-10-02 appsec (appsec bmc com) A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin 2015-10-04 ibemed gmail com Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7668 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Ibéria Medeiros Vulnerability Details: ===================== It was discovered that no protection again [ more ] [ reply ] Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin 2015-10-04 ibemed gmail com Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Ibéria Medeiros Vulnerability Details: ================== [ more ] [ reply ] LanSpy 2.0.0.155 Buffer Overflow 2015-10-05 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-LANSPY-BUFFER-OVERFLOW-100 52015.txt Vendor: ================================ www.lantricks.com Product: ================================ LanSpy.exe LanSpy is network secu [ more ] [ reply ] [security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities 2015-10-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04819635 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04819635 Version: 1 HPSBPV03516 [ more ] [ reply ] [security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass 2015-10-01 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04822825 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04822825 Version: 1 HPSBGN03424 r [ more ] [ reply ] [SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-001 Product: Kaspersky Endpoint Security for Windows (KES) Manufacturer: Kaspersky Lab ZAO Affected Version(s): 8.1.0.1042, 10.2.1.23 Tested Version(s): 8.1.0.1042, 10.2.1.23 Vulnerability Type: Authentication Bypass Using an Al [ more ] [ reply ] [SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass 2015-10-01 matthias deeg syss de [SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-002 Product: Kaspersky Endpoint Security for Windows (KES) Vendor: Kaspersky Lab ZAO Affected Version(s): 8.1.0.1042, 10.2.1.23 Tested Version(s): 8.1.0.1042, 10.2.1.23 Vulnerability Type: Use of a One-Way Hash without a Salt (C [ more ] [ reply ] [SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-004 Product: Kaspersky Small Office Security (KSOS) Vendor: Kaspersky Lab ZAO Affected Version(s): 13.0.4.233 Tested Version(s): 13.0.4.233 Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Low Solut [ more ] [ reply ] [SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-006 Product: Kaspersky Total Security (KTS) Vendor: Kaspersky Lab ZAO Affected Version(s): 15.0.1.415 Tested Version(s): 15.0.1.415 Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Low Solution Stat [ more ] [ reply ] [SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-008 Product: Kaspersky Internet Security (KIS) Vendor: Kaspersky Lab ZAO Affected Version(s): 15.0.2.361 Tested Version(s): 15.0.2.361 Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Low Solution S [ more ] [ reply ] [SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass 2015-10-01 matthias deeg syss de [SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt 2015-10-01 matthias deeg syss de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-010 Product: Kaspersky Anti-Virus Vendor: Kaspersky Lab ZAO Affected Version(s): 15.0.1.415 Tested Version(s): 15.0.1.415 Vulnerability Type: Use of a One-Way Hash without a Salt (CWE-759) Risk Level: Low Solution Status: Fixed [ more ] [ reply ] APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 2015-09-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loadi [ more ] [ reply ] APPLE-SA-2015-09-30-2 Safari 9 2015-09-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-2 Safari 9 Safari 9 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to user interface s [ more ] [ reply ] [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information 2015-09-30 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04822249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04822249 Version: 1 HPSBST03502 r [ more ] [ reply ] APPLE-SA-2015-09-30-01 iOS 9.0.2 2015-09-30 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-01 iOS 9.0.2 iOS 9.0.2 is now available and addresses the following: Lock Screen Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to an iOS device [ more ] [ reply ] Apache James Server 2.3.2 security vulnerability fixed 2015-09-30 Eric Charles (eric apache org) Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users shou [ more ] [ reply ] Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30 dev rarlab com (1 replies) I am WinRAR developer. We published the official comment on www.rarlab.com here: http://rarlab.com/vuln_sfx_html.htm This "vulnerability" is a non-issue. Why attempting to find some hackish esoteric way for a feature, which presents in SFX archives officially. Any SFX archive can run contained exec [ more ] [ reply ] RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30 Popovici, Alejo \(LATCO - Buenos Aires\) (apopovici DELOITTE com) (1 replies) Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability 2015-09-30 Eugene Roshal (roshal rarlab com) FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind 2015-09-29 FreeBSD Security Advisories (security-advisories freebsd org) CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23 2015-09-29 Marcello Duarte (marcello cybersightgroup com) 1. Advisory Information Title: Heap overflow in freeswitch json parser < 1.6.2 & < 1.4.23 Submitter: Marcello Duarte (marcello (at) cybersightgroup (dot) com [email concealed]) Product: freeswitch Product URL: http://freeswitch.org Affected Versions: freeswitch < 1.6.2 & < 1.4.23 Fixed Versions: 1.6.2 , 1.4.23 Link to sourc [ more ] [ reply ] ESA-2015-151: RSA® OneStep Path Traversal Vulnerability 2015-09-29 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-151: RSA® OneStep Path Traversal Vulnerability EMC Identifier: ESA-2015-151 CVE Identifier: CVE-2015-4546 Severity Rating: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Affected Products: RSA OneStep 6.9 prior to Build 5 [ more ] [ reply ] ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities 2015-09-29 Security Alert (Security_Alert emc com) |
|
Privacy Statement |
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured w
[ more ] [ reply ]