SecurityFocus

Arbitrary File Disclosure and Open Redirect in Bonita BPM 2015-06-10
High-Tech Bridge Security Research (advisory htbridge ch)

Advisory ID: HTB23259
Product: Bonita BPM
Vendor: Bonitasoft
Vulnerable Version(s): 6.5.1 and probably prior
Tested Version: 6.5.1 (Windows and Mac OS packages)
Advisory Publication: May 7, 2015 [without technical details]
Vendor Notification: May 7, 2015
Vendor Patch: June 9, 2015
Public Di

[ more ] [ reply ]

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forge

[ more ] [ reply ]

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID 2015-06-10
RedTeam Pentesting GmbH (release redteam-pentesting de)

Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
This interface uses easily guessable session IDs, which allows attackers
to authenticate a

[ more ] [ reply ]

[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-06-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04693706

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04693706
Version: 1

HPSBUX03341 SS

[ more ] [ reply ]

Elasticsearch vulnerability CVE-2015-4165 2015-06-09
Kevin Kluge (kevin elastic co)

Summary:
Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to crea

[ more ] [ reply ]

Kibana vulnerability CVE-2015-4093 2015-06-09
Kevin Kluge (kevin elastic co)

Summary:
Kibana versions 4.0.0, 4.0.1 and 4.0.2 are vulnerable to a cross-site scripting (XSS) attack. The attack allows execution of arbitrary JavaScript in the context of the userâ??s browser.

We have been assigned CVE-2015-4093 for this issue.

Fixed versions:
Versions 4.0.3 and 4.1.0 have ad

[ more ] [ reply ]

Logstash vulnerability CVE-2015-4152 2015-06-09
Kevin Kluge (kevin elastic co)

Summary:
Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin

[ more ] [ reply ]

[SECURITY] [DSA 3283-1] cups security update 2015-06-09
Salvatore Bonaccorso (carnil debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3283-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 09, 2015

[ more ] [ reply ]

[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution 2015-06-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04706564

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04706564
Version: 1

HPSBMU03349 re

[ more ] [ reply ]

[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) 2015-06-09
security-alert hp com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04703199

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04703199
Version: 1

HPSBST03346 re

[ more ] [ reply ]

NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues 2015-06-09
VMware Security Response Center (security vmware com)

CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 2015-06-09
icissp secretariat insticc org

Conference name:
The 2nd International Conference on Information Systems Security and Privacy ? ICISSP 2016

Venue:
Rome, Italy

Event date:
19 - 21 February, 2016

Regular Papers
Paper Submission: September 8, 2015
Authors Notification: November 26, 2015
Camera Ready and Registration: December 14,

[ more ] [ reply ]

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com

[+] Credits: hyp3rlinx

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Frame

[ more ] [ reply ]

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities 2015-06-09
apparitionsec gmail com

Symphony CMS XSS Vulnerability [Corrected Post] 2015-06-09
apparitionsec gmail com

[Correction] of Vendor Info for Symphony CMS XSS Vulnerability POST on (Jun 08)
=============================================

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt

Vendor:
=========

[ more ] [ reply ]

[SECURITY] [DSA 3282-1] strongswan security update 2015-06-08
Yves-Alexis Perez (corsac debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3282-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Yves-Alexis Perez
June 08, 2015

[ more ] [ reply ]

Symphony CMS XSS Vulnerability 2015-06-08
apparitionsec gmail com

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/

Vendor:
================================
http://www.silverstripe.org/software/download

Product:
================================
SilverStripe CMS & Framework v3

[ more ] [ reply ]

AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability 2015-06-08
d4rkr0id gmail com

# Exploit Title: AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
# Date: 2015/06/07
# Vendor Homepage: http://dg.no.sapo.pt/
# Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip
# Version: 2.6
# Tested on: Centos 6.5,php 5.3.2,magic_quotes_gpc=off # Categor

[ more ] [ reply ]

[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice 2015-06-07
Thijs Kinkhorst (thijs debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3281-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Thijs Kinkhorst
June 7, 2015

[ more ] [ reply ]

[SECURITY] [DSA 3280-1] php5 security update 2015-06-07
Moritz Muehlenhoff (jmm debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3280-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
June 07, 2015

[ more ] [ reply ]

Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App 2015-06-06
Payatu Research (research payatu com)

Hi List,

Vulnerability
=============
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App

Vulnerability Description
==========================
The kankun smart socket device and the mobile app use a hardcoded AES
256 bit key to encrypt the commands and responses between the

[ more ] [ reply ]

[SECURITY] [DSA 3279-1] redis security update 2015-06-06
Alessandro Ghedini (ghedo debian org)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3279-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
June 06, 2015

[ more ] [ reply ]

Symphony CMS 2.6.2 2015-06-06
apparitionsec gmail com

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt

Vendor:
================================
www.getsymphony.com/download/

Product:
================================
Symphony CMS 2.6.2

Advisory

[ more ] [ reply ]

CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 2015-06-06
venkatesh nitin gmail com

# Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted
Contact Form Wordpress Plugin v1.0.4
# Submitter: Nitin Venkatesh
# Product: Encrypted Contact Form Wordpress Plugin
# Product URL: https://wordpress.org/plugins/encrypted-contact-form/
# Vulnerability Type: Cros

[ more ] [ reply ]

Xloner v3.1.2 wordpress plugin authenticated command execution and XSS 2015-06-05
Larry W. Cashdollar (larry0 me com)

This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs
assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110.

Title: Xloner v3.1.

[ more ] [ reply ]

Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure 2015-06-05
Mike Sheward (msheward expedia com)

Expedia Product Security Advisory on 6/5/2015
Product: Expedia CruiseShipCenters (CruiseShipCenters.com)

Vulnerability Type: Insecure Direct Object Reference
Impact: Unauthorized Information Disclosure

Credit: Paul O¹Neil, IDT911 Consulting (http://idt911.com/)

Background:

During the booking fin

[ more ] [ reply ]

CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] 2015-06-05
pan vagenas gmail com

# Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
# Date: 2015/05/30
# Exploit Author: Panagiotis Vagenas
# Contact: https://twitter.com/panVagenas
# Vendor Homepage: http://usersultra.com
# Software Link: https://wordpress.org/plugins/users-ultra/
# Version: 1.5.15
# Tes

[ more ] [ reply ]

1 Click Extract Audio v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1506

Video: http://www.vulnerability-lab.com/get_content.php?id=1507

Release Date:
=============
2015-06-05

Vuln

[ more ] [ reply ]

1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)

Document Title:
===============
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1504

http://www.vulnerability-lab.com/get_content.php?id=1505

View Video: https://www.youtube.com/watch?v=Ad0wHlH

[ more ] [ reply ]

1 Click Audio Converter v2.3.6 - Activex Buffer Overflow 2015-06-05
Vulnerability Lab (research vulnerability-lab com)