|
|
Colapse all |
Post message
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service 2018-03-02 KoreLogic Disclosures (disclosures korelogic com) KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vul [ more ] [ reply ] [SECURITY] [DSA 4128-1] trafficserver security update 2018-03-02 Sebastien Delafond (seb debian org) [security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) 2018-03-01 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM031038 96 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03103896 Version: 1 MFSBGN03801 rev.1 [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcp (SSA:2018-060-01) New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ [ more ] [ reply ] [Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02) 2018-03-01 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2018-060-02) New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp [ more ] [ reply ] CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor 2018-03-01 spinfoo (spinfoo protonmail com) Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack, execute arbitrary Ja [ more ] [ reply ] [security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities 2018-02-28 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030605 44 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03060544 Version: 2 MFSBGN03794 rev.2 [ more ] [ reply ] Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability 2018-02-28 Secunia Research (remove-vuln secunia com) SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management 2018-02-28 SEC Consult Vulnerability Lab (research sec-consult com) [security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service 2018-02-27 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03826en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03826en_us Version: 1 HP [ more ] [ reply ] SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket 2018-02-27 SEC Consult Vulnerability Lab (research sec-consult com) ES2018-03 Asterisk pjsip sdp invalid media format description segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-002 - Enable Secu [ more ] [ reply ] ES2018-04 Asterisk pjsip tcp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` installed with `--with-pjproject-b [ more ] [ reply ] ES2018-02 Asterisk pjsip sdp invalid fmtp segfault 2018-02-26 Sandro Gauci (sandro enablesecurity com) # Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - References: AST-2018-003 - Enable Security Advis [ more ] [ reply ] ES2018-01 Asterisk pjsip subscribe stack corruption 2018-02-26 Sandro Gauci (sandro enablesecurity com) # SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia <alfred (at) enablesecurity (dot) com [email concealed]> - Sandro Gauci <sandro (at) enablesecurity (dot) com [email concealed]> - Latest vulnerable version: Asterisk 15.2.0 running `chan_pjsip` - Tested vulnerable versions: 15.2.0, 13.19.0, 14.7. [ more ] [ reply ] CMS Made Simple 2.1.6 - Remote Code Execution 2018-02-26 displaymyname gmail con # Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution # Date: 2018-02-26 # Exploit Author: Keerati T. # Vendor Homepage: http://www.cmsmadesimple.org/ # Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip # Version: 2.1.6 # CVE: CVE-2018-7448 # Tested on: Li [ more ] [ reply ] [security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance 2018-02-22 cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030860 19 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03086019 Version: 1 MFSBGN03798 rev.1 [ more ] [ reply ] Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5 2018-02-22 Justin Bull (me justinbull ca) On Wed, Feb 21, 2018 at 5:17 PM, Justin Bull <me (at) justinbull (dot) ca [email concealed]> wrote: > Solution: > --------- > Upgrade to Doorkeeper v4.2.6 or later > Apologies. This fails to account for a non-trivial scenario. Any software using Doorkeeper that has generated its own custom views[0] requires manual work to ver [ more ] [ reply ] |
|
Privacy Statement |
Versions: 7.6.0.11 and minor versions
Vulnerability: JavaScript Injection in file gsearch.php, parameter prod
OWASP TOP 10: A1 Injection
Type: Javascript Injection
Impact: Allows an attacker to perform an XSS (Cross-Site Scripting) attack,
execute arbitrary J
[ more ] [ reply ]