BugTraq Mode:
(Page 5 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Multiple Stored Cross-Site Scripting Vulnerabilities

Advisory ID: DC-2018-03-002
Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: M

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Product Attributes 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Product Attributes

Advisory ID: DC-2018-03-004
Advisory Title: Magento Stored Cross-Site Scripting â?? Product Attributes
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magen

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting â?? Downloadable Products 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Stored Cross-Site Scripting â?? Downloadable Products

Advisory ID: DC-2018-03-003
Advisory Title: Magento Stored Cross-Site Scripting â?? Downloadable Products
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version:

[ more ]  [ reply ]
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery 2018-03-06
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
Magento Backups Cross-Site Request Forgery

Advisory ID: DC-2018-03-001
Advisory Title: Magento Backups Cross-Site Request Forgery
Advisory URL: http://www.defensecode.com/advisories.php
Software: Magento
Version: Magento Open Source prior to 1.9.3.8,

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

-
------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary J

[ more ]  [ reply ]
[SECURITY] [DSA 4129-1] freexl security update 2018-03-02
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4129-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4130-1] dovecot security update 2018-03-02
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4130-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 02, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-2] linux regression update 2018-03-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
March 03, 2018

[ more ]  [ reply ]
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service

Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service
Advisory ID: KL-001-2018-007
Publication Date: 2018.03.02
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt

1. Vul

[ more ]  [ reply ]
[SECURITY] [DSA 4131-1] xen security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4131-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4132-1] libvpx security update 2018-03-04
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4132-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
March 04, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4128-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
March 02, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038
96

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03103896

Version: 1

MFSBGN03801 rev.1

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] dhcp (SSA:2018-060-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+

[ more ]  [ reply ]
[SECURITY] [DSA 4127-1] simplesamlphp security update 2018-03-02
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4127-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
March 02, 2018

[ more ]  [ reply ]
[Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] ntp (SSA:2018-060-02)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ntp

[ more ]  [ reply ]
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01
spinfoo (spinfoo protonmail com)
Product: HPE System Management Homepage
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja

[ more ]  [ reply ]
[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605
44

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03060544

Version: 2

MFSBGN03794 rev.2

[ more ]  [ reply ]
Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28
Secunia Research (remove-vuln secunia com)
======================================================================

Secunia Research 2018/02/28

Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability

======================================================================
Table of Contents

Affected Software.

[ more ]  [ reply ]
SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180228-0 >
=======================================================================
title: Insecure Direct Object Reference
product: TestLink Open Source Test Management
vulnerable version: <1.9.17
fixed version: 1.9

[ more ]  [ reply ]
[SECURITY] [DSA 4124-1] lucene-solr security update 2018-02-27
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4124-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 27, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03826en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03826en_us

Version: 1

HP

[ more ]  [ reply ]
SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180227-0 >
=======================================================================
title: OS command injection, arbitrary file upload & SQL injection
product: ClipBucket
vulnerable version: <4.0.0 - Release 4902
fix

[ more ]  [ reply ]
ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in Asterisk with an invalid SDP media format description

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-002
- Enable Secu

[ more ]  [ reply ]
ES2018-04 Asterisk pjsip tcp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b

[ more ]  [ reply ]
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- References: AST-2018-003
- Enable Security Advis

[ more ]  [ reply ]
ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26
Sandro Gauci (sandro enablesecurity com)
# SUBSCRIBE message with a large Accept value causes stack corruption

- Authors:
- Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]>
- Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]>
- Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip`
- Tested vulnerable versions: 15.2.0, 13.19.0, 14.7.

[ more ]  [ reply ]
CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26
displaymyname gmail con
# Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution
# Date: 2018-02-26
# Exploit Author: Keerati T.
# Vendor Homepage: http://www.cmsmadesimple.org/
# Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip
# Version: 2.1.6
# CVE: CVE-2018-7448
# Tested on: Li

[ more ]  [ reply ]
[SECURITY] [DSA 4123-1] drupal7 security update 2018-02-24
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4123-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 24, 2018

[ more ]  [ reply ]
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860
19

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03086019

Version: 1

MFSBGN03798 rev.1

[ more ]  [ reply ]
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22
Justin Bull (me justinbull ca)
On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote:
> Solution:
> ---------
> Upgrade to Doorkeeper v4.2.6 or later
>

Apologies. This fails to account for a non-trivial scenario.

Any software using Doorkeeper that has generated its own custom
views[0] requires manual work to ver

[ more ]  [ reply ]
[SECURITY] [DSA 4122-1] squid3 security update 2018-02-22
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4122-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4120-1] linux security update 2018-02-22
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4120-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
February 22, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4121-1] gcc-6 security update 2018-02-22
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4121-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 22, 2018

[ more ]  [ reply ]
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities 2018-02-21
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Trend Micro Email Encryption Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/ad

[ more ]  [ reply ]
DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability 2018-02-21
Defense Code (defensecode defensecode com)
DefenseCode Security Advisory
PureVPN Windows Privilege Escalation Vulnerability

Advisory ID: DC-2018-02-001
Advisory Title: PureVPN Windows Privilege Escalation Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: PureVPN
Version: 5.19.4.0 and below (W

[ more ]  [ reply ]
SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors 2018-02-21
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby
-monitors-fail-to-be-smart/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
===========================

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com) (1 replies)
Unshar scans the input files (typically email messages) looking for the

start of a shell archive. If no files are given, then standard input is

processed instead. Shipped along with Sharutils.

Bug was found with AFL.

=================================================================

==11164=

[ more ]  [ reply ]
Sharutils 4.15.2 Heap-Buffer-Overflow 2018-02-21
nafiez (nafiez skins gmail com)
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS 2018-02-21
preethiknambiar gmail com
1. Introduction

Vendor : Yab
Affected Product : Quarx through 2.4.3
Fixed in : Quarx 2.4.5 and 2.4.6
Vendor Website : https://quarxcms.com/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-727

[ more ]  [ reply ]
Multiple Persistent XSS vulnerabilities in Radiant Content Management System 2018-02-20
suparna kachru gmail com
*1. Introduction*

Vendor : Radiant
Affected Product : Radiant CMS 1.1.4
Fixed in : NA
Vendor Website : http://radiantcms.org/
Vulnerability Type : Persistent XSS
Remote Exploitable : Yes
CVE External Identifier : CVE-2018-7261

*2. Overview*

Technical Description:

There are multiple P

[ more ]  [ reply ]
APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafte

[ more ]  [ reply ]
APPLE-SA-2018-02-19-3 tvOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A

[ more ]  [ reply ]
APPLE-SA-2018-02-19-1 iOS 11.2.6 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

CoreText
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap

[ more ]  [ reply ]
APPLE-SA-2018-02-19-4 watchOS 4.2.3 2018-02-19
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corrupti

[ more ]  [ reply ]
[SECURITY] [DSA 4119-1] libav security update 2018-02-19
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4119-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 19, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect) 2018-02-18
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect)
# Date: 18-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7205
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Onli

[ more ]  [ reply ]
[SECURITY] [DSA 4118-1] tomcat-native security update 2018-02-17
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4118-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2018

[ more ]  [ reply ]
Kentico CMS version 9 through 11 - Arbitrary Code Execution 2018-02-17
displaymyname gmail com
# Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution
# Date: 17-02-2018
# Software Link: https://www.kentico.com
# Exploit Author: Keerati T.
# CVE: CVE-2018-7046
# Category: webapps

1. Description

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Mar

[ more ]  [ reply ]
[SECURITY] [DSA 4117-1] gcc-4.9 security update 2018-02-17
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4117-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4116-1] plasma-workspace security update 2018-02-16
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4116-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 16, 2018

[ more ]  [ reply ]
Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12 2018-02-16
dkl mozilla com
Summary
=======

Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issue has been discovered
in Bugzilla:

* A CSRF vulnerability in report.cgi would allow a third-party site
to extract confidential information from a bug the victim had

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-046-01) 2018-02-16
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-046-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4115-1] quagga security update 2018-02-15
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4115-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 15, 2018

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
------------------------------------------------------------------
Vulnerability Type: Unrestricted File Upload
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Malicous File Upload
---------

[ more ]  [ reply ]
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF 2018-02-15
Arvind Vishwakarma (arvind12786 gmail com)
-----------------------------------------------------
Vulnerability Type: Cross Site Request Forgery (CSRF)
Vendor of Product: Tejari
Affected Product Code Base: Bravo Solution
Affected Component: Web Interface Management.
Attack Type: Local - Authenticated
Impact: Unauthorised Access
--------------

[ more ]  [ reply ]
[SECURITY] [DSA 4114-1] jackson-databind security update 2018-02-15
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4114-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
February 15, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4113-1] libvorbis security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4113-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4112-1] xen security update 2018-02-14
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4112-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018

[ more ]  [ reply ]
NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security) 2018-02-14
apparitionsec gmail com
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTIO
N-CVE-2018-6940.txt
[+] ISR: Apparition Security

[-_-] D1rty0tis

Vendor:
=============
www.nat32.com

Product:
=================
NAT32 Build (22284)

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS 2018-02-14
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

yesterdays "Security update deployment information: February 13, 2018"
<https://support.microsoft.com/en-us/help/20180213> links the following
MSKB articles for the security updates of Microsoft's Office products:
<https://support.microsoft.com/kb/4011715>
<https://support.microsoft.com/kb/

[ more ]  [ reply ]
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification 2018-02-13
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030911
03

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03091103

Version: 1

MFSBGN03800 rev.1

[ more ]  [ reply ]
CSNC-2017-027 Microsoft Intune - App PIN Bypass 2018-02-13
Advisories (advisories compass-security com)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Microsoft Intune [1]
# Vendor: Microsoft
# CSNC ID: CSNC-2017-027
# Sub

[ more ]  [ reply ]
[SECURITY] [DSA 4111-2] libreoffice security update 2018-02-12
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 12, 2018

[ more ]  [ reply ]
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass 2018-02-12
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03819en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03819en_us

Version: 1

HP

[ more ]  [ reply ]
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security) 2018-02-12
apparitionsec gmail com
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-
REMOTE-BUFFER-OVERFLOW.txt
[+] ISR: Apparition Security
[+] SSD Beyond Security Submission: https://blogs.securiteam.com/index

[ more ]  [ reply ]
[SECURITY] [DSA 4111-1] libreoffice security update 2018-02-11
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4111-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
February 11, 2018

[ more ]  [ reply ]
[SECURITY] [DSA 4109-1] ruby-omniauth security update 2018-02-10
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4109-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 09, 2018

[ more ]  [ reply ]
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability

Title: NetEx HyperIP Local File Inclusion Vulnerability
Advisory ID: KL-001-2018-005
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-005.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
[SECURITY] [DSA 4110-1] exim4 security update 2018-02-10
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4110-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 10, 2018

[ more ]  [ reply ]
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM 2018-02-09
Stefan Kanthak (stefan kanthak nexgo de) (1 replies)
Hi @ll,

since about two or three years now, Microsoft offers Skype as
optional update on Windows/Microsoft Update.

JFTR: for Microsoft's euphemistic use of "update" see
<http://seclists.org/fulldisclosure/2018/Feb/17>

Once installed, Skype uses its own proprietary update mechanism
instead o

[ more ]  [ reply ]
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability

Title: NetEx HyperIP Privilege Escalation Vulnerability
Advisory ID: KL-001-2018-004
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-004.txt

1. Vulnerability Details

A

[ more ]  [ reply ]
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution

Title: NetEx HyperIP Post-Auth Command Execution
Advisory ID: KL-001-2018-003
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-003.txt

1. Vulnerability Details

Affected Vendor

[ more ]  [ reply ]
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass

Title: Trend Micro IMSVA Management Portal Authentication Bypass
Advisory ID: KL-001-2018-006
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-006.txt

1. Vulnerabili

[ more ]  [ reply ]
KL-001-2018-002 : NetEx HyperIP Authentication Bypass 2018-02-09
KoreLogic Disclosures (disclosures korelogic com)
KL-001-2018-002 : NetEx HyperIP Authentication Bypass

Title: NetEx HyperIP Authentication Bypass
Advisory ID: KL-001-2018-002
Publication Date: 2018.02.08
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-002.txt

1. Vulnerability Details

Affected Vendor: NetEx

[ more ]  [ reply ]
[SECURITY] [DSA 4108-1] mailman security update 2018-02-09
Thijs Kinkhorst (thijs debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4108-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Thijs Kinkhorst
February 09, 2018

[ more ]  [ reply ]
Advisory - Fisheye and Crucible - CVE-2017-16861 2018-02-09
David Black (dblack atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/iPQyO and
https://confluence.atlassian.com/x/h-QyO .

CVE ID:

* CVE-2017-16861.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version

[ more ]  [ reply ]
[SECURITY] [DSA 4105-2] mpv security update 2018-02-09
Luciaon Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-2 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 08, 2018

[ more ]  [ reply ]
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro 2018-02-08
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180208-0 >
=======================================================================
title: Multiple Cross-Site Scripting Vulnerabilities
product: Sonatype Nexus Repository Manager OSS/Pro
vulnerable version: <=2.14.5, <=3.

[ more ]  [ reply ]
[SECURITY] [DSA 4107-1] django-anymail security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4107-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP) 2018-02-07
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c041977
64

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04197764

Version: 2

HPSBHF02981 rev.2

[ more ]  [ reply ]
[SECURITY] [DSA 4106-1] libtasn1-6 security update 2018-02-07
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4106-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 07, 2018

[ more ]  [ reply ]
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip 2018-02-07
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180207-0 >
=======================================================================
title: Multiple buffer overflow vulnerabilities
product: InfoZip UnZip
vulnerable version: UnZip <= 6.00 / UnZip <= 6.1c22
fixed ver

[ more ]  [ reply ]
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01) 2018-02-07
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01)

New kernel packages are available for Slackware 14.2 to mitigate the
speculative side channel attack known as Spectre variant 2.

Here are the details from the Slackware 14.2 ChangeLog:
+-

[ more ]  [ reply ]
[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform 2018-02-07
Security Explorations (contact security-explorations com)

Hello All,

A couple of weeks ago, Platform NC+ [1], one of the major digital SAT
TV providers in Poland issued an official message [2] to subscribers
about the policy of content security. Among other things, the following
statements were included in it:

"Platform nc+ as a technology leader in the

[ more ]  [ reply ]
[SECURITY] [DSA 4105-1] mpv security update 2018-02-07
Luciano Bello (luciano debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4105-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/
February 06, 2018

[ more ]  [ reply ]
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities 2018-02-05
Core Security Advisories Team (advisories coresecurity com)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Kaspersky Secure Mail Gateway Multiple Vulnerabilities

1. *Advisory Information*

Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0010
Advisory URL:
http://www.coresecurity.com/advisories/kaspe

[ more ]  [ reply ]
[SECURITY] [DSA 4104-1] p7zip security update 2018-02-04
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4104-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2018

[ more ]  [ reply ]
[slackware-security] php (SSA:2018-034-01) 2018-02-04
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] php (SSA:2018-034-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php

[ more ]  [ reply ]
[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection 2018-02-01
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030836
53

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03083653

Version: 1

MFSBGN03797 rev.1

[ more ]  [ reply ]
SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range 2018-02-01
SEC Consult Vulnerability Lab (research sec-consult com)
We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-dildos-a-long-wa
y-to-a-vibrant-future-from-iot-to-iod/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180201-0 >
================

[ more ]  [ reply ]
[SECURITY] [DSA 4103-1] chromium-browser security update 2018-02-01
Michael Gilbert (mgilbert debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4103-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Michael Gilbert
January 31, 2018

[ more ]  [ reply ]
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831 2018-02-01
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/lIIyO.

CVE ID:

* CVE-2017-14592
* CVE-2017-14593
* CVE-2017-17458
* CVE-2017-17831

Product: Sourcetree

Affected Sourcetree product versions:

Sourcetree for macOS 1.0b2

[ more ]  [ reply ]
KonaKart Path Traversal Vulnerability 2018-02-01
ajcraggs gmail com
Product overview:

"KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high-
performance online store".

Vulnerability overview:

KonaKart eCommerce Platform prior to verion 8.8 is vulnerable to a directory traversal flaw in the adm

[ more ]  [ reply ]
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key 2018-01-31
cfpmontreal2018 recon cx
- RECON MONTREAL 2018 -

0xE - CFP - Training Registration - Conference - Submit! - PGP key
â??â??â??â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 
â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? â? 

[ more ]  [ reply ]
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433 2018-01-31
SEC Consult Vulnerability Lab (research sec-consult com)
SEC Consult Vulnerability Lab Security Advisory < 20180131-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Sprecher Automation SPRECON-E-C, PU-2433
vulnerable version: <8.49 (most vulnerabilities, see "Vu

[ more ]  [ reply ]
(Page 5 of 525)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus