|
|
Colapse all |
Post message
FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch 2015-07-28 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information 2015-07-28 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04739254 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04739254 Version: 1 HPSBGN03372 re [ more ] [ reply ] SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities 2015-07-28 SEC Consult Vulnerability Lab (research sec-consult com) Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne 2015-07-28 Samuel Lavitt - CVE-2015-0942 (CVE-2015-0942 precipice fi) English: Multiple vulnerabilities in Basware Banking/Maksuliikenne software that were reported already 08/2012 may still enable undetectable economic crimes against user organizations (companies) Finnish: Basware Banking/Maksuliikenne -ohjelmiston haavoittuvuudet, joista raportoitiin jo 08/2012, saa [ more ] [ reply ] Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability 2015-07-27 Federico Fazzi (federico fazzi gmail com) -------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- Found another Stored Cross-site Scrip [ more ] [ reply ] Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability 2015-07-27 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1512 Apple Security ID: 623920272 Video: http://www.vulnerability-lab.com/get_content.php?id=15 [ more ] [ reply ] Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class 2015-07-25 Securify B.V. (lists securify nl) ------------------------------------------------------------------------ Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class ------------------------------------------------------------------------ Yorick Koster, May 2015 --------------------------------------------- [ more ] [ reply ] Hawkeye-G v3.0.1 Persistent XSS & Information Leakage 2015-07-25 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0725.txt Vendor: ================================ www.hexiscyber.com Product: ================================ Hawkeye-G v3.0.1.4912 Hawkeye G is an [ more ] [ reply ] Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED] 2015-07-24 apparitionsec gmail com ***[UPDATED CORRECTION] *** [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt Vulnerability Type: =================== CSRF CVE Reference: ============== CVE-2015-2878 Vendor: ============== [ more ] [ reply ] [SECURITY] [DSA 3315-1] chromium-browser security update 2015-07-24 Michael Gilbert (mgilbert debian org) Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878 2015-07-24 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt Vulnerability Type: =================== CSRF CVE Reference: ============== CVE-2015-2878 Vendor: =================== www.hexiscyber.com P [ more ] [ reply ] Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser 2015-07-23 Qualys Security Advisory (qsa qualys com) Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and our exploit attached. Qualys Security Advisory CVE-2015-3245 userhelper chfn() newline filtering CVE-2015-3246 libuser passwd file handling --[ Summary [ more ] [ reply ] ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability 2015-07-23 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1555 Release Date: ============= 2015-07-23 Vulnerability Laboratory ID (VL-ID): ================================== [ more ] [ reply ] Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability 2015-07-22 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability Advisory ID: cisco-sa-2015722-tftp Revision 1.0 For Public Release 2015 July 22 16:00 UTC (GMT) --------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability 2015-07-22 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability Advisory ID: cisco-sa-20150722-mp Revision 1.0 For Public Release 2015 July 22 16:00 UTC (GMT) --------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability 2015-07-22 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability Advisory ID: cisco-sa-20150722-apic Revision 1.0 For Public Release 2015 July 22 16:00 UTC (GMT) ------------------------------------------- [ more ] [ reply ] ESA-2015-118: EMC Avamar Directory Traversal Vulnerability 2015-07-22 Security Alert (Security_Alert emc com) Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] 2015-07-22 modzero (security modzero ch) See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite [MZ-15-02] --------------------------------------------------------------------- - [ more ] [ reply ] Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin 2015-07-22 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23264 Product: Paid Memberships Pro WordPress plugin Vendor: Stranger Studios Vulnerable Version(s): 1.8.4.2 and probably prior Tested Version: 1.8.4.2 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: July 8, 2015 Pub [ more ] [ reply ] SQL Injection in Count Per Day WordPress Plugin 2015-07-22 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23267 Product: Count Per Day WordPress plugin Vendor: Tom Braider Vulnerable Version(s): 3.4 and probably prior Tested Version: 3.4 Advisory Publication: July 1, 2015 [without technical details] Vendor Notification: July 1, 2015 Vendor Patch: July 1, 2015 Public Disclosure: July [ more ] [ reply ] NetCracker Resource Management 8.0 - SQL Injection Vulnerability 2015-07-22 jychia sec gmail com # Vulnerability type: SQL Injection # Vendor: http://www.netcracker.com/ # Product: NetCracker Resource Management System # Affected version: =< 8.0 # Patched version: 8.2 # Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan # CVE ID: CVE-2015-3423 # PROOF OF CONCEPT (SQLi) SQL Injection (SQLi) vul [ more ] [ reply ] NetCracker Resource Management 8.0 - XSS Vulnerability 2015-07-22 jychia sec gmail com # Vulnerability type: Cross-site Scripting # Vendor: http://www.netcracker.com/ # Product: NetCracker Resource Management System # Affected version: =< 8.0 # Patched version: 8.2 # Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan # CVE ID: CVE-2015-2207 # PROOF OF CONCEPT (XSS) Cross-site script [ more ] [ reply ] Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities 2015-07-22 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor: ================================ www.openwebanalytics.com Product: ================================ Open-Web-Analytics-1.5.7 [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
========================================================================
=====
FreeBSD-SA-15:14.bsdpatch Security Advisory
The FreeBSD Project
Topic:
[ more ] [ reply ]