|
|
Colapse all |
Post message
[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information 2015-08-05 security-alert hp com Re: [FD] Mozilla extensions: a security nightmare 2015-08-05 Stefan Kanthak (stefan kanthak nexgo de) (1 replies) "Mario Vilas" <mvilas (at) gmail (dot) com [email concealed]> wrote: > %APPDATA% is within the user's home directory - by default it should > not be writeable by other users. Did I mention OTHER users? Clearly not, so your "argument" is moot. > If this is the case then the problem is one of bad file permissions, > not the lo [ more ] [ reply ] Re: [FD] Mozilla extensions: a security nightmare 2015-08-05 Ansgar Wiechers (bugtraq planetcobalt net) SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network 2015-08-05 SEC Consult Vulnerability Lab (research sec-consult com) Mozilla extensions: a security nightmare 2015-08-04 Stefan Kanthak (stefan kanthak nexgo de) Hi @ll, Mozilla Thunderbird 38 and newer installs and activates per default the 'Lightning' extension. Since extensions live in the (Firefox and) Thunderbird profiles (which are stored beneath %APPDATA% in Windows) and 'Lightning' comes (at least for Windows) with a DLL and some Javascript, Thunde [ more ] [ reply ] [SECURITY] [DSA 3326-1] ghostscript security update 2015-08-02 Salvatore Bonaccorso (carnil debian org) Multiple XSS vulnerabilities in FortiSandbox WebUI 2015-08-01 hyp3rlinx lycos com [+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt Vendor: ================================ www.fortinet.com PSIRT ID: 1418018 Product: ================================== FortiSandbox 3000 [ more ] [ reply ] [SECURITY] [DSA 3322-1] ruby-rack security update 2015-07-31 Salvatore Bonaccorso (carnil debian org) phpFileManager 0.9.8 Remote Command Execution 2015-07-31 hyp3rlinx lycos com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt Vendor: ================================ phpfm.sourceforge.net Product: ================================ phpFileManager version 0.9.8 [ more ] [ reply ] HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators 2015-07-31 roberto logsat com HP ArcSight Logger is a log management software used to collect and analyze logs from multiple sources to aid in investigations and audit. There are several flaws in the search capabilities in the software that cause it to provide invalid search results for any query that uses boolean expressions. [ more ] [ reply ] viagra generic singapore 2015-07-30 info fast-isotretinoin com Symptoms will be treated as appropriate. <a href=http://cialisfor.com>Buy Cialis Online</a> underSemen and urine culture in the diagnosis of chronic bacterial prostatitis. <a href=http://cheapgenericcialiss.com>Buy Cialis Online</a> However in severe CHF preload does not result in cardiac output see [ more ] [ reply ] Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability 2015-07-30 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20150730-asr1k Revision 1.0 For Public Release 2015 July 30 16:00 UTC (GMT) +----------------------- [ more ] [ reply ] Dell Netvault Backup Remote Denial of Service 2015-07-30 epoide gmail com Product: Dell Netvault Backup Link: http://software.dell.com/products/netvault-backup/ Vendor: Dell Vulnerable Version(s): 10.0.1.24 and probably prior Tested Version: Version 10.0.1.24 Advisory Publication: July 30, 2015 Vendor Notification: January 9, 2015 Public Disclosure: July 30, 2015 Vulnera [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED] 2015-07-30 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information 2015-07-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04726896 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04726896 Version: 1 HPSBGN03366 re [ more ] [ reply ] Cross-Site Scripting (XSS) in qTranslate WordPress Plugin 2015-07-29 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23265 Product: qTranslate WordPress plugin Vendor: Qian Qin Vulnerable Version(s): 2.5.39 and probably prior Tested Version: 2.5.39 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Public Disclosure: July 29, 2015 Vulnerability T [ more ] [ reply ] [security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information 2015-07-29 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04727082 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04727082 Version: 1 HPSBGN03367 re [ more ] [ reply ] phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability 2015-07-29 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0729.txt Vendor: ================================ phpfm.sourceforge.net Product: ============================ phpFileManager version 0.9.8 Vul [ more ] [ reply ] [slackware-security] bind (SSA:2015-209-01) 2015-07-28 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-209-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patc [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:17.bind 2015-07-28 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-15:16.openssh 2015-07-28 FreeBSD Security Advisories (security-advisories freebsd org) FreeBSD Security Advisory FreeBSD-SA-15:15.tcp 2015-07-28 FreeBSD Security Advisories (security-advisories freebsd org) |
|
Privacy Statement |
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04760669
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04760669
Version: 1
HPSBUX03388 S
[ more ] [ reply ]