|
|
Colapse all |
Post message
Webgrind XSS vulnerability 2015-05-21 hyp3rlinx gmail com Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt Vendor: https://github.com/jokkedk/webgrind Product: Webgrind is a Xdebug Profiling Web Frontend in PHP. Advisory Information: ============================== [ more ] [ reply ] CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability) 2015-05-21 Julian Reschke (julian reschke greenbytes de) Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 (see below) and we'll get to the other branches shortly. Check the CVE [ more ] [ reply ] CVE for Apple's ECDHE-ECDSA SecureTransport bug? 2015-05-20 Jeffrey Walton (noloader gmail com) Does anyone know if Apple's ECDHE-ECDSA SecureTransport bug was assigned a CVE? It affected OS X and iOS. Effectively, the bug was an implementation error that cause interoperability failures. To mostly counter it, the cipher suites had to be disabled, which resulted in a loss of security. If the p [ more ] [ reply ] [SECURITY] [DSA 3261-2] libmodule-signature-perl regression update 2015-05-20 Salvatore Bonaccorso (carnil debian org) [security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities 2015-05-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04679309 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04679309 Version: 1 HPSBUX03333 SS [ more ] [ reply ] [security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities 2015-05-20 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04679334 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04679334 Version: 1 HPSBUX03334 SS [ more ] [ reply ] Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability 2015-05-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1456 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID (VL-ID): ======== [ more ] [ reply ] Stored XSS in WP Photo Album Plus WordPress Plugin 2015-05-20 High-Tech Bridge Security Research (advisory htbridge ch) Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Version(s): 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 [without technical details] Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Publi [ more ] [ reply ] WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability 2015-05-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1498 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability 2015-05-19 akashchavan0708 gmail com ======================================================================== ================= CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001 ======================================================================== ================= . contents:: Table Of Conte [ more ] [ reply ] Staff FTP v3.04 Software - DLL Hijacking Vulnerability 2015-05-19 metacom27 gmail com A local dll injection vulnerability has been discovered in the official Staff-FTP v3.04 software. The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges. The windows software is vulnerable to dll hijacking attacks. The v [ more ] [ reply ] Staff FTP v3.04 Software - DLL Hijacking Vulnerability 2015-05-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Staff FTP v3.04 Software - DLL Hijacking Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1499 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID (VL-ID): ================================ [ more ] [ reply ] HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability 2015-05-20 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1496 Release Date: ============= 2015-05-19 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] [security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow 2015-05-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04594015 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04594015 Version: 1 HPSBGN03286 re [ more ] [ reply ] APPLE-SA-2015-05-19-1 Watch OS 1.0.1 2015-05-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-05-19-1 Watch OS 1.0.1 Watch OS 1.0.1 is now available and addresses the following: Certificate Trust Policy Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition Impact: Update to the certificate trust policy Descript [ more ] [ reply ] [security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access 2015-05-19 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04649315 Version: 1 HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release [ more ] [ reply ] WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability 2015-05-19 metacom27 gmail com Technical Details & Description: ================================ A local dll injection vulnerability has been discovered in the official Wise-FTP v8.0.2 software. The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher access privileges. [ more ] [ reply ] iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability 2015-05-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID (VL-ID): ======================== [ more ] [ reply ] OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities 2015-05-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1494 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Wireless Photo Transfer v3.0 iOS - File Include Vulnerability 2015-05-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wireless Photo Transfer v3.0 iOS - File Include Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1492 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID (VL-ID): ========================= [ more ] [ reply ] CRUCMS Crucial Networking - SQL Injection Vulnerability 2015-05-18 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== CRUCMS Crucial Networking - SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1497 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID (VL-ID): =============================== [ more ] [ reply ] [slackware-security] mozilla-thunderbird (SSA:2015-137-01) 2015-05-17 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2015-137-01) New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability 2015-05-16 Security Alert (Security_Alert emc com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability CVE Identifier: CVE-2015-0540 Severity Rating: CVSSv2 Base Score: 8.0 (AV:N/AC:L/Au:S/C:P/I:P/A:C) Affected products: ? EMC Document Sciences xPression 4.2 ? EMC D [ more ] [ reply ] [SECURITY] [DSA 3261-1] libmodule-signature-perl security update 2015-05-15 Salvatore Bonaccorso (carnil debian org) |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3266-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
May 21, 2015
[ more ] [ reply ]