BugTraq Mode:
(Page 20 of 1748)  < Prev  15 16 17 18 19 20 21 22 23 24 25  Next >
[SECURITY] [DSA 4082-1] linux security update 2018-01-09
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4082-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
January 09, 2018

[ more ]  [ reply ]
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used 2018-01-09
Imre Rad (radimre83 gmail com)
Jackson-databind is a popular library in Java for JSON
marshalling/unmarshalling.

It has a feature called default-typing: when the target class has some
polymorph fields inside (such as interfaces, abstract classes or the
Object base class), the library can include type info into the JSON
structure

[ more ]  [ reply ]
[SECURITY] [DSA 4080-1] php7.0 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4080-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
[slackware-security] irssi (SSA:2018-008-01) 2018-01-09
Slackware Security Team (security slackware com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] irssi (SSA:2018-008-01)

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages

[ more ]  [ reply ]
[SECURITY] [DSA 4081-1] php5 security update 2018-01-08
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4081-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 08, 2018

[ more ]  [ reply ]
Response to Meltdown and Spectre 2018-01-08
Gordon Tetlow (gordon tetlows org)
By now, we're sure most everyone have heard of the Meltdown and Spectre
attacks. If not, head over to https://meltdownattack.com/ and get an
overview. Additional technical details are available from Google
Project Zero.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory
-with-si

[ more ]  [ reply ]
APPLE-SA-2018-1-8-3 Safari 11.0.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-3 Safari 11.0.2

Safari 11.0.2 is now available and and addresses the following:

Available for: OS X El Capitan 10.11.6 and macOS Sierra 10.12.6
Description: Safari 11.0.2 includes security improvements to mitigate
the effects of Sp

[ more ]  [ reply ]
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update

macOS High Sierra 10.13.2 Supplemental Update is now available
and addresses the following:

Available for: macOS High Sierra 10.13.2
Description: macOS High Sierra 10.13.2 Supplementa

[ more ]  [ reply ]
APPLE-SA-2018-1-8-1 iOS 11.2.2 2018-01-08
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2018-1-8-1 iOS 11.2.2

iOS 11.2.2 is now available and and addresses the following:

Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Description: iOS 11.2.2 includes security improvements to Safari and
We

[ more ]  [ reply ]
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1940

Release Date:
=============
2018-01-06

Vulnerability Laboratory ID (VL-ID):
===========================

[ more ]  [ reply ]
Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Wickr Inc - App Clock & Message Deletion Glitch P2  - Bug Bounty
(Document) [PDF]

URL: https://www.vulnerability-lab.com/get_content.php?id=2107

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2018/01/04/wickr-inc-app-cl
ock-message-deletion-glitch

--
VULNERABILITY LABORATOR

[ more ]  [ reply ]
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities 2018-01-06
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1725

Release Date:
=============
2018-01-06

Vulnerability Laboratory ID (VL-ID):
=====================

[ more ]  [ reply ]
[SECURITY] [DSA 4079-1] poppler security update 2018-01-07
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4079-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
January 07, 2018

[ more ]  [ reply ]
CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTIC
ATED-PERSISTENT-XSS-CVE-2017-16884.txt
[+] ISR: ApparitionSec

Vendor:
=============
mistserver.org

Product:
=========

[ more ]  [ reply ]
CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka Hyp3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE
-CODE-EXECUTION-CVE-2017-17055.txt
[+] ISR: ApparitionSec

Vendor:
=======
www.articatech.com

Product:
=========
Artic

[ more ]  [ reply ]
Social Media Widget by Acurax [CSRF] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com) (2 replies)
* Exploit Title: Social Media Widget by Acurax [CSRF]
* Discovery Date: 2017-12-12
* Exploit Author: Panagiotis Vagenas
* Author Link: https://twitter.com/panVagenas
* Vendor Homepage: http://www.acurax.com/
* Software Link: https://wordpress.org/plugins/acurax-social-media-widget
* Version: 3.2.5
*

[ more ]  [ reply ]
Admin Menu Tree Page View [CSRF, Privilege Escalation] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com)
CMS Tree Page View [CSRF, Privilege Escalation] 2018-01-07
Panagiotis Vagenas (pan vagenas gmail com)
Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec) 2018-01-06
apparitionsec gmail com
[+] Credits: John Page (aka HyP3rlinX)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-
CORRUPTION.txt
[+] ISR: ApparitionSec

Vendor:
==========
aprelium.com

Product:
===========
Abyss Web Server < v2.11.6

[ more ]  [ reply ]
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1927

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
============================

[ more ]  [ reply ]
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability 2018-01-04
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
SonicWall SonicOS NSA - Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1729

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
=============================

[ more ]  [ reply ]
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities 2018-01-05
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2006

Release Date:
=============
2018-01-03

Vulnerability Laboratory ID (VL-ID):
========================

[ more ]  [ reply ]
[SECURITY] [DSA 4078-1] linux security update 2018-01-04
Yves-Alexis Perez (corsac debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4078-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Yves-Alexis Perez
January 04, 2018

[ more ]  [ reply ]
Re "Intel responds to security research findings" 2018-01-03
Ed Maste (emaste freebsd org)
With respect to
https://newsroom.intel.com/news/intel-responds-to-security-research-find
ings/

The FreeBSD Security Team recently learned of the details of these
issues that affect certain CPUs. Details could not be discussed
publicly, but mitigation work is in progress.

Work is ongoing to develop

[ more ]  [ reply ]
Intel CPU bug forcing page table switch during syscalls? 2018-01-03
Pavel Machek (pavel ucw cz)
Hi!

It looks like there's Intel CPU bug, allowing prefetch from kernel
memory. It seems to be reason KASLR patches are pushed so fast to Linux.

https://mobile.twitter.com/brainsmoke/status/948561799875502080/photo/1
https://forums.freebsd.org/threads/63955/page-2#post-371276

Hmm.

Does that mean

[ more ]  [ reply ]
[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code 2018-01-03
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf
03803en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03803en_us

Version: 1

HP

[ more ]  [ reply ]
[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities 2018-01-03
cyber-psrt microfocus com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:

https://softwaresupport.hpe.com/document/-/facetsearch/document/KM030144
26

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03014426

Version: 2

MFSBGN03793 rev.2

[ more ]  [ reply ]
CVE-2017-6094 - Genexis GAPS Access Control Vulnerability 2018-01-03
Antoine Neuenschwander (antoine schoggi org)
########################################################################
########
# #
# CVE-2017-6094 - Genexis GAPS Access Control Vulnerability #
#

[ more ]  [ reply ]
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution 2018-01-02
Anti Räis (antirais gmail com)
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
#################################################

Information
===========

Name: b2evolution CMS 6.8.10
Software: b2evolution CMS
Homepage: http://b2evolution.net/
Vulnerability: PHP code execution
Prerequisites: publicly accessib

[ more ]  [ reply ]
Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590 2018-01-03
Atlassian (security atlassian com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/6FcGO .

CVE ID:

* CVE-2017-14589.
* CVE-2017-14590.

Product: Bamboo.

Affected Bamboo product versions:

version < 6.1.6
6.2.0 <= version < 6.2.5

Fixed Bamboo product

[ more ]  [ reply ]
(Page 20 of 1748)  < Prev  15 16 17 18 19 20 21 22 23 24 25  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus