BugTraq Mode:
(Page 5 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ]  [ reply ]
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ]  [ reply ]
[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Multiple Stored Cross-Site Scripting Vulnerabilities

Advisory ID: DC-2018-03-002
Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: M

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Product Attributes

Advisory ID: DC-2018-03-004
Advisory Title: Magento Stored Cross-Site Scripting â?? Product Attributes
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magen

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Downloadable Products

Advisory ID: DC-2018-03-003
Advisory Title: Magento Stored Cross-Site Scripting â?? Downloadable Products
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version:

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary J

[ more ]  [ reply ]
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4130-1] dovecot security update 2018-03-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4130-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-2] linux regression update 2018-03-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2018

[ more ]  [ reply ]
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ]  [ reply ]
[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4132-1] libvpx security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4132-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038
96

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03103896

Version: 1

MFSBGN03801 rev.1

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2018-060-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2018-060-02)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ntp

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja

[ more ]  [ reply ]
[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03060544

Version: 2

MFSBGN03794 rev.2

[ more ]  [ reply ]
Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/02/28

Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software.

[ more ]  [ reply ]
SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
=======================================================================
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixed version: 1.9

[ more ]  [ reply ]
[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4124-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03826en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03826en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
=======================================================================
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 - Release 4902
fix

[ more ]  [ reply ]
ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in Asterisk with an invalid SDP media format description

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-002
- Enable Secu

[ more ]  [ reply ]
ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b

[ more ]  [ reply ]
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-003
- Enable Security Advis

[ more ]  [ reply ]
ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# SUBSCRIBE message with a large Accept value causes stack corruption

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.

[ more ]  [ reply ]
CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con
# Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution
# Date: 2018-02-26
# Exploit Author: Keerati T.
# Vendor Homepage: http://www.cmsmadesimple.org/
# Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip
# Version: 2.1.6
# CVE: CVE-2018-7448
# Tested on: Li

[ more ]  [ reply ]
[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4123-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860
19

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03086019

Version: 1

MFSBGN03798 rev.1

[ more ]  [ reply ]
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)
On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote:
> Solution:
> ---------
> Upgrade to Doorkeeper v4.2.6 or later
>

Apologies. This fails to account for a non-trivial scenario.

Any software using Doorkeeper that has generated its own custom
views[0] requires manual work to ver

[ more ]  [ reply ]
[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4122-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
February 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4121-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 22, 2018

[ more ]  [ reply ]
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/ad

[ more ]  [ reply ]
DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
PureVPN Windows Privilege Escalation Vulnerability

Advisory ID: DC-2018-02-001
Advisory Title: PureVPN Windows Privilege Escalation Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: PureVPN
Version: 5.19.4.0 and below (W

[ more ]  [ reply ]
SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby
-monitors-fail-to-be-smart/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
===========================

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)
Unshar scans the input files (typically email messages) looking for the

start of a shell archive. If no files are given, then standard input is

processed instead. Shipped along with Sharutils.

Bug was found with AFL.

=================================================================

==11164=

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com
1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-727

[ more ]  [ reply ]
Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com
*1. Introduction*

Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Fixed in : NA
Vendor Website : http://radiantcms.org/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7261

*2. Overview*

Technical Description:

There are multiple P

[ more ]  [ reply ]
APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafte

[ more ]  [ reply ]
APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A

[ more ]  [ reply ]
APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

CoreText
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap

[ more ]  [ reply ]
APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corrupti

[ more ]  [ reply ]
[SECURITY] [DSA 4119-1] libav security update 2018-02-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4119-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
# Date: 18-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7205
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli

[ more ]  [ reply ]
[SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4118-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution
# Date: 17-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7046
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar

[ more ]  [ reply ]
[SECURITY] [DSA 4117-1] gcc-4.9 security update 2018-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4117-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4116-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2018

[ more ]  [ reply ]
Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* A CSRF vulnerability in report.cgi would allow a third-party site
to extract confidential information from a bug the victim had

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-046-01) 2018-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-046-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4115-1] quagga security update 2018-02-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4115-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 15, 2018

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
------------------------------------------------------------------
Vulnerability Type: Unrestricted File Upload
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Malicous File Upload
---------

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
-----------------------------------------------------
Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Unauthorised Access
--------------

[ more ]  [ reply ]
[SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4114-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4113-1] libvorbis security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4113-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4112-1] xen security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4112-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14
apparitionsec gmail com
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO
N-CVE-2018-6940.txt
[+] ISR: Apparition Security

[-_-] D1rty0tis

Vendor:
=============
www.nat32.com

Product:
=================
NAT32 Build (22284)

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

yesterdays "Security update deployment information: February 13, 2018"
<https://support.microsoft.com/en-us/help/20180213> links the following
MSKB articles for the security updates of Microsoft's Office products:
<https://support.microsoft.com/kb/4011715>
<https://support.microsoft.com/kb/

[ more ]  [ reply ]
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911
03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03091103

Version: 1

MFSBGN03800 rev.1

[ more ]  [ reply ]
CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
# Sub

[ more ]  [ reply ]
[SECURITY] [DSA 4111-2] libreoffice security update 2018-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03819en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03819en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-
REMOTE-BUFFER-OVERFLOW.txt
[+] ISR: Apparition Security
[+] SSD Beyond Security Submission: https://blogs.securiteam.com/index

[ more ]  [ reply ]
[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4109-1] ruby-omniauth security update 2018-02-10
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4109-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 09, 2018

[ more ]  [ reply ]
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

Title: NetEx HyperIP Local File Inclusion Vulnerability
Advisory ID: KL-001-2018-005
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
[SECURITY] [DSA 4110-1] exim4 security update 2018-02-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4110-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Hi @ll,

since about two or three years now, Microsoft offers Skype as
optional update on Windows/Microsoft Update.

JFTR: for Microsoft's euphemistic use of "update" see
<http://seclists.org/fulldisclosure/2018/Feb/17>

Once installed, Skype uses its own proprietary update mechanism
instead o

[ more ]  [ reply ]
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

Title: NetEx HyperIP Privilege Escalation Vulnerability
Advisory ID: KL-001-2018-004
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

Title: NetEx HyperIP Post-Auth Command Execution
Advisory ID: KL-001-2018-003
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt

1. Vulnerability Details

Affected Vendor

[ more ]  [ reply ]
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

Title: Trend Micro IMSVA Management Portal Authentication Bypass
Advisory ID: KL-001-2018-006
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-002 : NetEx HyperIP Authentication Bypass

Title: NetEx HyperIP Authentication Bypass
Advisory ID: KL-001-2018-002
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt

1. Vulnerability Details

Affected Vendor: NetEx

[ more ]  [ reply ]
[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4108-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
February 09, 2018

[ more ]  [ reply ]
Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/iPQyO and
https://confluence.atlassian.com/x/h-QyO .

CVE ID:

* CVE-2017-16861.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version

[ more ]  [ reply ]
[SECURITY] [DSA 4105-2] mpv security update 2018-02-09
Luciaon Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 08, 2018

[ more ]  [ reply ]
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
=======================================================================
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: <=2.14.5, <=3.

[ more ]  [ reply ]
[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4107-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977
64

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04197764

Version: 2

HPSBHF02981 rev.2

[ more ]  [ reply ]
[SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4106-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
=======================================================================
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
fixed ver

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01)

New kernel packages are available for Slackware 14.2 to mitigate the
speculative side channel attack known as Spectre variant 2.

Here are the details from the Slackware 14.2 ChangeLog:
+-

[ more ]  [ reply ]
[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07
Security Explorations (contact security-explorations com)

Hello All,

A couple of weeks ago, Platform NC+ [1], one of the major digital SAT
TV providers in Poland issued an official message [2] to subscribers
about the policy of content security. Among other things, the following
statements were included in it:

"Platform nc+ as a technology leader in the

[ more ]  [ reply ]
[SECURITY] [DSA 4105-1] mpv security update 2018-02-07
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 06, 2018

[ more ]  [ reply ]
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Kaspersky Secure Mail Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0010
Advisory URL:
http://www.coresecurity.com/advisories/kaspe

[ more ]  [ reply ]
[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4104-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2018

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-034-01) 2018-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-034-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836
53

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03083653

Version: 1

MFSBGN03797 rev.1

[ more ]  [ reply ]
SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa
y-to-a-vibrant-future-from-iot-to-iod/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180201-0 >
================

[ more ]  [ reply ]
[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4103-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
January 31, 2018

[ more ]  [ reply ]
(Page 5 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus