|
|
Colapse all |
Post message
MagicSpam 2.0.13 - Insecure File Permission Vulnerability 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== MagicSpam 2.0.13 - Insecure File Permission Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2113 Release Date: ============= 2018-01-12 Vulnerability Laboratory ID (VL-ID): ============================ [ more ] [ reply ] Magento Commerce - SSRF & XSPA Web Vulnerability 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Magento Commerce - SSRF & XSPA Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1631 Release Date: ============= 2018-01-03 Vulnerability Laboratory ID (VL-ID): ==================================== 1 [ more ] [ reply ] SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1819 Release Notes: http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/kn own-issues?Parent [ more ] [ reply ] Magento Connect T1 - (Claim) Persistent Vulnerability 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Magento Connect T1 - (Claim) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1469 Release Date: ============= 2018-01-08 Vulnerability Laboratory ID (VL-ID): ================================= [ more ] [ reply ] Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability 2018-01-12 Vulnerability Lab (submit vulnerability-lab com) Document Title: =============== Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1943 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282 CVE-ID: ======= CVE-2018-5282 Release Date: [ more ] [ reply ] Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2005 Release Date: ============= 2018-01-12 Vulnerability Laboratory ID (VL-ID): ====================== [ more ] [ reply ] Flash Operator Panel v2.31.03 - Command Execution Vulnerability 2018-01-12 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Flash Operator Panel v2.31.03 - Command Execution Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1907 Release Date: ============= 2018-01-08 Vulnerability Laboratory ID (VL-ID): ======================= [ more ] [ reply ] CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting 2018-01-11 Advisories (advisories compass-security com) ######################################################################## ############################ # # COMPASS SECURITY ADVISORY https://www.compass-security.com ######################################################################## ############################ # # CVE ID : CVE-2017-8802 # Produc [ more ] [ reply ] WebKitGTK+ Security Advisory WSA-2018-0001 2018-01-10 Carlos Alberto Lopez Perez (clopez igalia com) DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability 2018-01-10 DefenseCode (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider         Plugin SQL injection Security Vulnerability Advisory ID:   DC-2018-01-005 Advisory Title: WordPress Testimonial Slider Plugin SQL injection  Security Vulnerability Advisory URL:  http://www.defensecode.com [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability 2018-01-10 DefenseCode (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin             SQL injection Security Vulnerability Advisory ID:   DC-2018-01-004 Advisory Title: WordPress Smooth Slider Plugin SQL injection  Security Vulnerability Advisory URL:  http://www.defensecode.com/a [ more ] [ reply ] DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities 2018-01-10 DefenseCode (defensecode defensecode com) DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite        Multiple SQL injection Security Vulnerabilities Advisory ID:   DC-2017-01-003 Advisory Title: WordPress Dbox 3D Slider Lite Plugin Multiple  SQL injection Security Vulnerabilities Advisory URL:  http://www. [ more ] [ reply ] Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637) 2018-01-10 chunibalon gmail com Introduction: ================ The WVR-, WAR- and ER- products are the SOHO/WIFI routers of TP-Link. These issues allow remote authenticated administrators to execute arbitrary commands via command injection through different variables of different lua files. If the attacker obtains the account and [ more ] [ reply ] [security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. 2018-01-09 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 4 HP [ more ] [ reply ] CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09 Imre Rad (radimre83 gmail com) Jackson-databind is a popular library in Java for JSON marshalling/unmarshalling. It has a feature called default-typing: when the target class has some polymorph fields inside (such as interfaces, abstract classes or the Object base class), the library can include type info into the JSON structure [ more ] [ reply ] [slackware-security] irssi (SSA:2018-008-01) 2018-01-09 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2018-008-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] Response to Meltdown and Spectre 2018-01-08 Gordon Tetlow (gordon tetlows org) By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory -with-si [ more ] [ reply ] APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-8-3 Safari 11.0.2 Safari 11.0.2 is now available and and addresses the following: Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6 Description: Safari 11.0.2 includes security improvements to mitigate the effects of Sp [ more ] [ reply ] APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update macOS High Sierra 10.13.2 Supplemental Update is now available and addresses the following: Available for: macOS High Sierra 10.13.2 Description: macOS High Sierra 10.13.2 Supplementa [ more ] [ reply ] APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-1-8-1 iOS 11.2.2 iOS 11.2.2 is now available and and addresses the following: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Description: iOS 11.2.2 includes security improvements to Safari and We [ more ] [ reply ] WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities 2018-01-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1940 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID (VL-ID): =========================== [ more ] [ reply ] Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty 2018-01-06 Vulnerability Lab (research vulnerability-lab com) Wickr Inc - App Clock & Message Deletion Glitch P2 - Bug Bounty (Document) [PDF] URL: https://www.vulnerability-lab.com/get_content.php?id=2107 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2018/01/04/wickr-inc-app-cl ock-message-deletion-glitch -- VULNERABILITY LABORATOR [ more ] [ reply ] SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities 2018-01-06 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID (VL-ID): ===================== [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA512
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4084-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018
[ more ] [ reply ]