|
|
Colapse all |
Post message
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders 2015-06-24 Federick Joe P Fajardo (fjpfajardo ph ibm com) CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 2015-06-24 Marco Delai (Marco Delai csnc ch) ############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # CVE ID : CVE-2015-3443 # Product: Secret Server [1] # Vendor: Thycotic # Subject: Stor [ more ] [ reply ] ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability 2015-06-23 Security Alert (Security_Alert emc com) ESA-2015-109: EMC Documentum D2 Cross-Site Scripting 2015-06-23 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability EMC Identifier: ESA-2015-109 CVE Identifier: CVE-2015-0549 Severity Rating: CVSS v2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) Affected products: EMC Documentum D2 ver [ more ] [ reply ] The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address 2015-06-22 Amit Klein (aksecurity gmail com) ManageEngine Asset Explorer v6.1 - Persistent Vulnerability 2015-06-22 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ManageEngine Asset Explorer v6.1 - Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1488 Release Date: ============= 2015-06-22 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] [oCERT-2015-008] FreeRADIUS insufficent CRL application 2015-06-22 Andrea Barisani (lcars ocert org) #2015-008 FreeRADIUS insufficent CRL application Description: The FreeRADIUS server is an open source project that provides a RADIUS implementation. The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List (CRL) checks. The FreeRADIUS usage [ more ] [ reply ] mysql-lite-administrator XSS vulnerabilities 2015-06-21 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621 .txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product: ================================== [ more ] [ reply ] mysql-lite-administrator XSS vulnerabilities 2015-06-21 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621 .txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product: ================================== [ more ] [ reply ] [security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information 2015-06-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04718196 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04718196 Version: 1 HPSBMU03356 re [ more ] [ reply ] GeniXCMS XSS Vulnerabilities 2015-06-22 apparitionsec gmail com [+] Credits: John Page ( hyp3rlinx ) [+] Domains: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt Vendor: ============================================= genixcms.org Product: ===================================================== GeniXCMS v0 [ more ] [ reply ] [CVE-2015-3188] Apache Storm remote code execution vulnerability 2015-06-20 P. Taylor Goetz (ptgoetz apache org) CVE-2015-3188: Apache Storm remote code execution vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Storm 0.10.0-beta Description: The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web ser [ more ] [ reply ] Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability 2015-06-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1473 EIBBP-31541 Release Date: ============= 2015-06-15 Vulnerability Laboratory ID (V [ more ] [ reply ] Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability 2015-06-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1457 eBay Inc. Bug Bounty Program ID: EIBBP-31603 Video: https://www.youtube.com/watch?v=WffsHd8pibE Re [ more ] [ reply ] Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability 2015-06-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1460 Video: http://www.vulnerability-lab.com/get_content.php?id=1526 View Video: https://www.yo [ more ] [ reply ] ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability 2015-06-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID (VL-ID): ========================== [ more ] [ reply ] ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities 2015-06-19 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1501 Release Date: ============= 2015-06-19 Vulnerability Laboratory ID (VL-ID): ======================= [ more ] [ reply ] DUO Security push Timing Attack 2015-06-18 jpierini paysw com DUO ?push? Timing Attack PSC Risk Assessment CVSS 7.3, (AV:N/AC:L/Au:M/C:C/I:N/A:C/E:F/RL:ND/RC:ND) Description Duo ?push? authentications are susceptible to a low-profile timing-based attack that permits an intruder to steal an authenticated session from an end-user accessing Duo-protected resour [ more ] [ reply ] [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information 2015-06-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04687922 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04687922 Version: 1 HPSBGN03338 re [ more ] [ reply ] [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information 2015-06-17 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04708650 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04708650 Version: 1 HPSBGN03350 re [ more ] [ reply ] VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities 2015-06-17 VCE - PSIRT (VCEPSIRT vce com) Reflected Cross-Site Scripting (XSS) in SearchBlox 2015-06-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23256 Product: SearchBlox Vendor: SearchBlox Software, Inc. Vulnerable Version(s): 8.2 and probably prior Tested Version: 8.2 Advisory Publication: April 22, 2015 [without technical details] Vendor Notification: April 22, 2015 Vendor Patch: May 26, 2015 Public Disclosure: June 17 [ more ] [ reply ] OS Command Injection in Vesta Control Panel 2015-06-17 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Version(s): 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 [without technical details] Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June [ more ] [ reply ] ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities 2015-06-16 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities EMC Identifier: ESA-2015-043 CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-256 [ more ] [ reply ] |
|
Privacy Statement |
SUBJECT: Insufficient Authorization Checks Request Handling Remote
Authentication Bypass for Kguard Digital Video Recorders
DESCRIPTION: A deficiency in handling authentication and authorization
has been found with Kguard 104/108/v2 models. While password-based
authenticat
[ more ] [ reply ]