SecurityFocus

[SECURITY] [DSA 3350-1] bind9 security update 2015-09-02
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3350-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
September 02, 2015

[ more ] [ reply ]

FreeBSD Security Advisory FreeBSD-SA-15:23.bind 2015-09-02
FreeBSD Security Advisories (security-advisories freebsd org)

[SECURITY] [DSA 3348-1] qemu security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3348-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 02, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3349-1] qemu-kvm security update 2015-09-02
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3349-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
September 02, 2015

[ more ] [ reply ]

Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability 2015-09-02
Cisco Systems Product Security Incident Response Team (psirt cisco com)

[SECURITY] [DSA 3347-1] pdns security update 2015-09-02
SÃ©bastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3347-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
September 02, 2015

[ more ] [ reply ]

ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability 2015-09-02
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability

EMC Identifier: ESA-2015-137

CVE Identifier: CVE-2015-4538

Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:S/C:C/I:N/A:P)

Affected products:

EMC Atmos 2.3.0 and e

[ more ] [ reply ]

Cross-Site Request Forgery in Cerb 2015-09-02
High-Tech Bridge Security Research (advisory htbridge ch)

Advisory ID: HTB23269
Product: Cerb
Vendor: Webgroup Media LLC
Vulnerable Version(s): 7.0.3 and probably prior
Tested Version: 7.0.3
Advisory Publication: August 12, 2015 [without technical details]
Vendor Notification: August 12, 2015
Vendor Patch: August 14, 2015
Public Disclosure: September 2

[ more ] [ reply ]

[slackware-security] gdk-pixbuf2 (SSA:2015-244-01) 2015-09-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] gdk-pixbuf2 (SSA:2015-244-01)

New gdk-pixbuf2 packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
pa

[ more ] [ reply ]

CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection 2015-09-02
David Black (dblack atlassian com)

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/IcBKLg .

CVE ID: CVE-2015-5603
Product: JIRA and the HipChat for JIRA plugin.
Affected HipChat For JIRA plugin versions: 1.3.2 <= version < 6.30.0
Affected JIRA product versions: 6.3.5 <= version < 6.4.11

[ more ] [ reply ]

KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation 2015-09-01
KoreLogic Disclosures (disclosures korelogic com)

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation 2015-09-01
KoreLogic Disclosures (disclosures korelogic com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege
Escalation

Title: SiS Windows VGA Display Manager Multiple Privilege Escalation
Advisory ID: KL-001-2015-003
Publication Date: 2015.09.01
Publication URL:
https://www.korelogic.com/

[ more ] [ reply ]

[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities 2015-09-01
CORE Advisories Team (advisories coresecurity com)

1. Advisory Information

Title: FortiClient Antivirus Multiple Vulnerabilities
Advisory ID: CORE-2015-0013
Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vu
lnerabilities
Date published: 2015-09-01
Date of last update: 2015-09-01
Vendors contacted: Fortinet
Releas

[ more ] [ reply ]

[security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code 2015-09-01
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04692147

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04692147
Version: 1

HPSBMU03339 r

[ more ] [ reply ]

[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information 2015-08-31
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773256

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773256
Version: 1

HPSBGN03403 r

[ more ] [ reply ]

[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information 2015-08-31
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04770140

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04770140
Version: 1

HPSBMU03401 r

[ more ] [ reply ]

Dogma India dogmaindia CMS - Auth Bypass Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
Dogma India dogmaindia CMS - Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1583

Release Date:
=============
2015-08-25

Vulnerability Laboratory ID (VL-ID):
================================

[ more ] [ reply ]

Jenkins 1.626 - Cross Site Request Forgery / Code Execution 2015-08-28
smash devilteam pl

#Title: Jenkins 1.626 - Cross Site Request Forgery / Code Execution
#Date: 27.08.15
#Affected versions: => 1.626 (current)
#Vendor: jenkins-ci.org
#Contact: smash [at] devilteam.pl

Cross site request forgery vulnerability in Jenkins 1.626 allows remote attackers to hjiack the authentication of use

[ more ] [ reply ]

LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1585

Release Date:
=============
2015-08-26

Vulnerability Laboratory ID (VL-ID):
===============================

[ more ] [ reply ]

PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability 2015-08-28
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1588

Video: http://www.vulnerability-lab.com/get_content.php?id=1587

Vulnerability Magazine: http://mag

[ more ] [ reply ]

[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information 2015-08-28
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773119

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773119
Version: 1

HPSBGN03407 r

[ more ] [ reply ]

[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access 2015-08-28
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04756070

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04756070
Version: 1

HPSBGN03387 r

[ more ] [ reply ]

[SECURITY] [DSA 3346-1] drupal7 security update 2015-08-31
Alessandro Ghedini (ghedo debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3346-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
August 31, 2015

[ more ] [ reply ]

[security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information 2015-08-28
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04776510

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04776510
Version: 1

HPSBMU03416 r

[ more ] [ reply ]

[SECURITY] [DSA 3345-1] iceweasel security update 2015-08-29
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3345-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
August 29, 2015

[ more ] [ reply ]

[slackware-security] mozilla-firefox (SSA:2015-241-01) 2015-08-29
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] mozilla-firefox (SSA:2015-241-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/p

[ more ] [ reply ]

Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host 2015-08-30
kev r yahoo com

May you teach me how to hack

[ more ] [ reply ]

[SECURITY] [DSA 3344-1] php5 security update 2015-08-27
Sebastien Delafond (seb debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3344-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
August 27, 2015

[ more ] [ reply ]

[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information 2015-08-27
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04772190

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04772190
Version: 2

HPSBGN03402 r

[ more ] [ reply ]