|
|
Colapse all |
Post message
ZK Time_Web Software 2.0 - Broken Authentication 2017-09-18 Arvind Vishwakarma (arvind12786 gmail com) ZKTime_Web Software 2.0 - Cross Site Request Forgery 2017-09-18 Arvind Vishwakarma (arvind12786 gmail com) Vulnerability Type: Cross Site Request Forgery (CSRF) Vendor of Product: ZKTeco Affected Product Code Base: ZKTime Web - 2.0.1.12280 Affected Component: ZK Time Web Interface Management. Attack Type: Local - Authenticated Impact: Escalation of Privileges ------------------------------------------ Pr [ more ] [ reply ] [SECURITY] [DSA 3976-1] freexl security update 2017-09-17 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3976-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 17, 2017 [ more ] [ reply ] [slackware-security] kernel (SSA:2017-258-02) 2017-09-15 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2017-258-02) New kernel packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/li [ more ] [ reply ] [slackware-security] emacs (SSA:2017-255-01) 2017-09-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] emacs (SSA:2017-255-01) New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +------------------------ [ more ] [ reply ] [slackware-security] libzip (SSA:2017-255-02) 2017-09-12 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libzip (SSA:2017-255-02) New libzip packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libzip-1.0 [ more ] [ reply ] SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting 2017-09-12 SEC Consult Vulnerability Lab (research sec-consult com) [slackware-security] bash (SSA:2017-251-01) 2017-09-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bash (SSA:2017-251-01) New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/package [ more ] [ reply ] [slackware-security] mariadb (SSA:2017-251-02) 2017-09-08 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2017-251-02) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0 [ more ] [ reply ] [SECURITY] [DSA 3967-1] mbedtls security update 2017-09-08 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3967-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2017 [ more ] [ reply ] Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol 2017-09-07 Pierre Kim (pierre kim sec gmail com) Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security of "Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol" is posted here: https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0da ys-vulnera [ more ] [ reply ] August 2017 - SourceTree - Critical Security Advisory 2017-09-06 David Black (dblack atlassian com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/c-mdNw . CVE ID: * CVE-2017-1000117 - Git. * CVE-2017-1000115 - Mercurial. * CVE-2017-1000116 - Mercurial. * CVE-2017-9800 - Subversion. Product: SourceTree. Affected [ more ] [ reply ] [SECURITY] [DSA 3965-1] file security update 2017-09-05 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3965-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 05, 2017 [ more ] [ reply ] [security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities 2017-09-05 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbux 03772en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbux03772en_us Version: 1 HP [ more ] [ reply ] CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx ) 2017-09-05 apparitionsec gmail com Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability 2017-09-04 Vulnerability Lab (research vulnerability-lab com) Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/ http://web. [ more ] [ reply ] [SECURITY] [DSA 3961-1] libgd2 security update 2017-09-03 Salvatore Bonaccorso (carnil debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3961-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2017 [ more ] [ reply ] [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information 2017-08-31 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03765en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03765en_us Version: 2 HP [ more ] [ reply ] [security bulletin] HPESBGN03767 rev.1 - HPE Operations Orchestration, Remote Code Execution 2017-08-31 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03767en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03767en_us Version: 1 HP [ more ] [ reply ] [security bulletin] HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution 2017-08-28 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03770en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03770en_us Version: 1 [ more ] [ reply ] Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference 2017-08-24 Patrick Webster (patrick osisecurity com au) Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security (HES) Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud [ more ] [ reply ] [security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities 2017-08-23 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03769en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03769en_us Version: 1 HP [ more ] [ reply ] |
|
Privacy Statement |
Vendor of Product: ZKTeco
Affected Product Code Base: ZKTime Web - 2.0.1.12280
Affected Component: ZK Time Web Interface Management.
Attack Type: Local - Unauthenticated
Impact: Information Disclosure
------------------------------------------
Product descri
[ more ] [ reply ]