SecurityFocus

CollabNet Subversion Edge insecure password change 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

# Vuln Title: The CollabNet Subversion Edge management frontend does not require
# current password upon password change
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure

[ more ] [ reply ]

CollabNet Subversion Edge tail local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linu

[ more ] [ reply ]

CollabNet Subversion Edge downloadHook local file inclusion 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "filename" parameter of the "downloadHook" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fed

[ more ] [ reply ]

CollabNet Subversion Edge Password Hash Leak 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

# Vuln Title: The CollabNet Subversion Edge Management frontend user credential
# (hash) leak
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Credential leak
#
# Risk: Medium
# S

[ more ] [ reply ]

CollabNet Subversion Edge Hook Script Privilege Escalation 2015-06-28
Oliver-Tobias Ripka (otr bockcay de)

# Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts
# privilege escalation
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Privilege escalation desig

[ more ] [ reply ]

CSRF Vulnerability in C2Box application CVE-2015-4460 2015-06-27
wissam bashour helpag com

Please add this advisory to your archive.
Thanks.
#####################################
Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any user's password.
Author: Wissam Bashour - Help AG Middle East
Vendor: boxautomation(B.A.S)
Pro

[ more ] [ reply ]

Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 2015-06-27
Tim (tc coen gmail com)

Vulnerability: Session Fixation, Reflected XSS, Code Execution
Affected Software: PivotX (http://pivotx.net/)
Affected Version: 2.3.10 (probably also prior versions)
Patched Version: 2.3.11
Risk: Medium-High

Session Fixation
================

Risk
----

Medium; If victim clicks link and logs in

[ more ] [ reply ]

[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 2

HPSBPI03360 re

[ more ] [ reply ]

[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com

[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information 2015-06-26
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04724996

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04724996
Version: 1

HPSBGN03362 r

[ more ] [ reply ]

[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 3

HPSBMU03267 r

[ more ] [ reply ]

[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege 2015-06-26
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 1

HPSBUX03359 re

[ more ] [ reply ]

[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information 2015-06-26
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 1

HPSBGN03351 re

[ more ] [ reply ]

[SECURITY] [DSA 3296-1] libcrypto++ security update 2015-06-29
Alessandro Ghedini (ghedo debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3296-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Alessandro Ghedini
June 29, 2015

[ more ] [ reply ]

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences 2015-06-26
SEC Consult Vulnerability Lab (research sec-consult com)

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities 2015-06-26
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

CVE Identifier: CVE-2015-0543, CVE-2015-0544

Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE

Affected prod

[ more ] [ reply ]

CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability 2015-06-26
Imre RAD (imre rad search-lab hu)

In November 2014, SEARCH-LAB Ltd. discovered a security vulnerability in Microsec e-Szigno, and Netlock Mokka computer applications that are used to generate and validate
digital signatures, which are applied within the official Hungarian government processes. The vulnerability affected the â??e-akt

[ more ] [ reply ]

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA 2015-06-25
Cisco Systems Product Security Incident Response Team (psirt cisco com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Advisory ID: cisco-sa-20150625-ironport

Revision 1.0

For Public Release 2015 June 25 16:00 UTC (GMT)

+--------------------------------------------

[ more ] [ reply ]

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability 2015-06-25
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

EMC Identifier: ESA-2015-102

CVE Identifier: CVE-2015-0545

Severity Rating: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected products:

? EMC Unisphere

[ more ] [ reply ]

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities 2015-06-25
post encripto no

About Encripto AS
=================

Encripto is a Norwegian company which provides specialized services within IT-security.
Our core expertise is security testing, network security monitoring and training.
Encripto is committed to information security. We do research to discover trends, new vulner

[ more ] [ reply ]

[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE

Application: SAP Mobile Platform 3.0
Versions Affected: SAP Mobile Platform 3.0, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 29.12.2014

[ more ] [ reply ]

[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS
in the module XeClient.Dll

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.2014
Reported:

[ more ] [ reply ]

[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16
- DoS

Application: SYBASE SQL Anywhere 12 and 16
Versions Affected: SYBASE SQL Anywhere 12 and 16, probably others
Vendor URL: http://SAP.com
Bugs: DoS
Sent: 09.12.20

[ more ] [ reply ]

[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener -
Missing authorization check

Application: SAP Afaria 7
Versions Affected: SAP Afaria 7, probably others
Vendor URL: http://SAP.com
Bugs: Missing authorization check
Sent:

[ more ] [ reply ]

[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-007] SAP Management Console
ReadProfile Parameters - Information disclosure

Application: SAP Management Console
Versions Affected: SAP NW 7.4 Management Console, probably others
Vendor URL: http://SAP.com
Bugs: Info

[ more ] [ reply ]

[ERPSCAN-15-005] SAP Mobile Platform - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE

Application: SAP Mobile Platform 2.3
Versions Affected: SAP Mobile Platform 2.3, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent: 06.11.14
Repor

[ more ] [ reply ]

[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-006] SAP NetWeaver Portal
ReportXmlViewer - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XXE
Sent: 09.12.20

[ more ] [ reply ]

[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-004] SAP NetWeaver Portal
XMLValidationComponent - XXE

Application: SAP NetWeaver Portal 7.31
Versions Affected: SAP NetWeaver Portal 7.31, probably others
Vendor URL: http://SAP.com
Bugs: XML eXternal Entity
Sent:

[ more ] [ reply ]

[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS 2015-06-25
Darya Maenkova (d maenkova erpscan com)

ERPSCAN Research Advisory [ERPSCAN-15-003] SAP NetWeaver Dispatcher
Buffer Overflow - RCE, DoS

Application: SAP NetWeaver Dispatcher
Versions Affected: SAP NetWeaver Dispatcher, probably others
Vendor URL: http://SAP.com
Bugs: RCE
Sent:

[ more ] [ reply ]

[SECURITY] [DSA 3295-1] cacti security update 2015-06-24
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3295-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 24, 2015

[ more ] [ reply ]