|
|
Colapse all |
Post message
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation 2015-08-18 Gregory Pickett (gpickett71 yahoo com) Title =================== Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation Summary =================== Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, is vulnerable to local privilege escalation via Command Injection. Cumu [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:20.expat 2015-08-18 FreeBSD Security Advisories (security-advisories freebsd org) [SECURITY] [DSA 3338-1] python-django security update 2015-08-18 Alessandro Ghedini (ghedo debian org) Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE 2015-08-18 rahfsk gmail com ERPSCAN Research Advisory [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 16.06.2014 Reported: 17.06.2014 Vendor response: 17.06.2014 [ more ] [ reply ] EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532) 2015-08-17 andrew panfilov tel Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see http://seclists.org/bugtraq/2015/Jul/51 New behavior introduced in CVE-2015-4532: API> ?,c,execute do_method WITH METHOD='dm_bp_transition', ARGUMENTS=' [ more ] [ reply ] sysadmin privilege in EMC Documentum Content Server 2015-08-17 andrew panfilov tel Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with sysadmin privileges to elevate their privileges to superuser (see CVE-2011-4144). O [ more ] [ reply ] Insufficient certificate validation in EMC Secure Remote Services Virtual Edition 2015-08-17 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Insufficient certificate validation in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014 ---------------------------------------------- [ more ] [ reply ] Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal 2015-08-17 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal ------------------------------------------------------------------------ Han Sahin, November 2014 --------------------------------------------------- [ more ] [ reply ] [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE 2015-08-17 ERPScan inc (erpscan online gmail com) [ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow 2015-08-17 ERPScan inc (erpscan online gmail com) ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms â?? Buffer Overflow Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015 Date of Publ [ more ] [ reply ] ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability 2015-08-17 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability EMC Identifier: ESA-2015-130 CVE Identifier: CVE-2015-4530 Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected pr [ more ] [ reply ] ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities 2015-08-17 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2015-131 CVE Identifier: CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536 Severity Rating: CVSS v2 Base Score: [ more ] [ reply ] ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities 2015-08-17 Security Alert (Security_Alert emc com) ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities 2015-08-17 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2015-081 CVE Identifier: CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537 [ more ] [ reply ] Poor security in SOHO routers, again. Changing configuration parameters with a click. 2015-08-17 DonVallejo . (j v vallejo gmail com) Hello all, i would like to share with you a security issue that i found with some Comtrend's routers and probably other manufacturer's routers. The method would let us to configure some router models when a user clicks a link created by us. I have not read about this method on the internet, sorry [ more ] [ reply ] Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco, 2015-08-16 arash yazdanfare gmail com Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE 2015-08-16 13669185678 139 com Re: [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9 2015-08-15 li0252130467 163 com Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability 2015-08-15 ahmadshafique live com vBulletin x.x.x rce "0day" 2015-08-15 Joshua Rogers (honey internot info) Not really a 0day since it's fixed in some versions, but still an exploit that doesn't seem to be "that" public. Please note, I didn't find this. vBulletin's memcache setting is vulnerable in certain versions(all before 4.2.2) to an RCE. vBulletin seem to have refused to classify it as a vulnerabil [ more ] [ reply ] [slackware-security] mozilla-firefox (SSA:2015-226-01) 2015-08-14 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2015-226-01) New mozilla-firefox packages are available for Slackware 14.1 to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozil [ more ] [ reply ] |
|
Privacy Statement |
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-0818.txt
Vendor:
================================
www.trendmicro.com
Product:
===================================
Trend Micro Deep Discovery 3.7.
[ more ] [ reply ]