|
|
Colapse all |
Post message
Faleemi FSC-880 Multiple Security Vulnerabilities 2017-09-27 oleg iotsploit co https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabi lities-ed1d132c2cce This camera has multiple security vulnerabilities, which can be exploited both locally and remotely. In particular, hardwired manufacturer DDNS and port-mapping to camera via upnp compatible router. Allowing [ more ] [ reply ] Bitdefender Total Security 2017 Unquoted Service Path Vulnerability 2017-09-27 wsachin092 gmail com Vulnerability Title: Bitdefender Total Security 2017 Unquoted Service Path Vulnerability Affected Product: Bitdefender Total Security 2017 Homepage: https://www.bitdefender.com/ Status: Fixed Severity: Medium Description: Bitdefender Total Security suffers from an unquoted service path vulnerability [ more ] [ reply ] Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) 2017-09-26 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory Linux PIE/stack corruption (CVE-2017-1000253) ======================================================================== Contents ======================================================================== Summary Analysis Exploitation Acknowledgments ===================== [ more ] [ reply ] [security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution 2017-09-25 swpmb cyber-psrt microfocus com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/km/KM02960811 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM02960811 Version: 1 HPESBGN03773 rev.1 - HPE Application Performan [ more ] [ reply ] Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx) 2017-09-25 apparitionsec gmail com [+] SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 [+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MAKO-WEB-SERVER-MULTIPLE-UNAU THENTICATED-VULNERABILIITIES-SECURITEAM.txt [+] ISR: Appari [ more ] [ reply ] [slackware-security] libxml2 (SSA:2017-266-01) 2017-09-23 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libxml2 (SSA:2017-266-01) New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/pack [ more ] [ reply ] APPLE-SA-2017-09-19-1 iOS 11 2017-09-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-09-19-1 iOS 11 iOS 11 is now available and addresses the following: Exchange ActiveSync Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be [ more ] [ reply ] [slackware-security] httpd (SSA:2017-261-01) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2017-261-01) New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] [slackware-security] libgcrypt (SSA:2017-261-02) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libgcrypt (SSA:2017-261-02) New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/lib [ more ] [ reply ] [slackware-security] ruby (SSA:2017-261-03) 2017-09-18 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ruby (SSA:2017-261-03) New ruby packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ruby-2.2.8-i58 [ more ] [ reply ] Watchguard Fireware OS DOS & Stored XSS 2017-09-18 David Fernandez (david fdmv gmail com) Watchguardâ??s Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the [ more ] [ reply ] ZK Time_Web Software 2.0 - Broken Authentication 2017-09-18 Arvind Vishwakarma (arvind12786 gmail com) Vulnerability Type: Broken Authentication Vendor of Product: ZKTeco Affected Product Code Base: ZKTime Web - 2.0.1.12280 Affected Component: ZK Time Web Interface Management. Attack Type: Local - Unauthenticated Impact: Information Disclosure ------------------------------------------ Product descri [ more ] [ reply ] ZKTime_Web Software 2.0 - Cross Site Request Forgery 2017-09-18 Arvind Vishwakarma (arvind12786 gmail com) Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: ZKTeco Affected Product Code Base: ZKTime Web - 2.0.1.12280 Affected Component: ZK Time Web Interface Management. Attack Type: Local - Authenticated Impact: Escalation of Privileges ------------------------------------------ Pr [ more ] [ reply ] [SECURITY] [DSA 3976-1] freexl security update 2017-09-17 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3976-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 17, 2017 [ more ] [ reply ] [slackware-security] kernel (SSA:2017-258-02) 2017-09-15 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2017-258-02) New kernel packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/li [ more ] [ reply ] [slackware-security] emacs (SSA:2017-255-01) 2017-09-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] emacs (SSA:2017-255-01) New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] [slackware-security] libzip (SSA:2017-255-02) 2017-09-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libzip (SSA:2017-255-02) New libzip packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libzip-1.0 [ more ] [ reply ] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting 2017-09-12 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] bash (SSA:2017-251-01) 2017-09-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bash (SSA:2017-251-01) New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/package [ more ] [ reply ] [slackware-security] mariadb (SSA:2017-251-02) 2017-09-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2017-251-02) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0 [ more ] [ reply ] [SECURITY] [DSA 3967-1] mbedtls security update 2017-09-08 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3967-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2017 [ more ] [ reply ] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol 2017-09-07 Pierre Kim (pierre kim sec gmail com) Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security of "Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol" is posted here: https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0da ys-vulnera [ more ] [ reply ] August 2017 - SourceTree - Critical Security Advisory 2017-09-06 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/c-mdNw . CVE ID: * CVE-2017-1000117 - Git. * CVE-2017-1000115 - Mercurial. * CVE-2017-1000116 - Mercurial. * CVE-2017-9800 - Subversion. Product: SourceTree. Affected [ more ] [ reply ] |
|
Privacy Statement |
Vulnerability type: Persistent Cross-Site Scripting
-------------------------------------------------------------
Credit: Andy Tan
CVE ID: CVE-2017-9537
-----------------------------------------------
Product: SolarWinds Network Performan
[ more ] [ reply ]