|
|
Colapse all |
Post message
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) 2017-07-20 ERPScan inc (erpscan online gmail com) Directory Traversal vulnerability in Integration Gateway (PSIGW) 2017-07-20 ERPScan inc (erpscan online gmail com) 1. ADVISORY INFORMATION Title: Directory Traversal vulnerability in Integration Gateway (PSIGW) Advisory ID: [ERPSCAN-17-038] Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulner ability-integration-gateway-psigw/ Risk: High Date published: 18.07.2017 Vendor contact [ more ] [ reply ] APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 iCloud for Windows 6.2.2 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user infor [ more ] [ reply ] APPLE-SA-2017-07-19-5 Safari 10.1.2 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-5 Safari 10.1.2 Safari 10.1.2 is now available and addresses the following: Safari Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may le [ more ] [ reply ] APPLE-SA-2017-07-19-2 macOS 10.12.6 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-2 macOS 10.12.6 macOS 10.12.6 is now available and addresses the following: afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memor [ more ] [ reply ] APPLE-SA-2017-07-19-3 watchOS 3.2.2 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-3 watchOS 3.2.2 watchOS 3.2.2 is now available and addresses the following: Contacts Available for: All Apple Watch models Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execu [ more ] [ reply ] APPLE-SA-2017-07-19-1 iOS 10.3.3 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-1 iOS 10.3.3 iOS 10.3.3 is now available and addresses the following: Contacts Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause unexpe [ more ] [ reply ] APPLE-SA-2017-07-19-6 iTunes 12.6.2 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-6 iTunes 12.6.2 iTunes 12.6.2 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An access iss [ more ] [ reply ] APPLE-SA-2017-07-19-4 tvOS 10.2.2 2017-07-19 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-4 tvOS 10.2.2 tvOS 10.2.2 is now available and addresses the following: Contacts Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execut [ more ] [ reply ] [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm 2017-07-13 ilia shnaidman bullguard com [+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] Source: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-i s-compromised-by-iot-vulnerabilities/ Vendor: ============= iSmartAlarm, inc. Product: =========================== iSmartAlarm cube - All iSmartAlarm is on [ more ] [ reply ] CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload 2017-07-13 Maxim Solodovnik (solomax apache org) Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.0.0 Description: Apache OpenMeetings doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server CVE-2017-7684 The issue was [ more ] [ reply ] CVE-2017-7663 - Apache OpenMeetings - XSS in chat 2017-07-13 Maxim Solodovnik (solomax apache org) Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.2.0 Description: Both global and Room chat are vulnerable to XSS attack CVE-2017-7663 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue [ more ] [ reply ] CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update 2017-07-13 Maxim Solodovnik (solomax apache org) Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.0.0 Description: Apache OpenMeetings updates user password in insecure manner. CVE-2017-7688 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This [ more ] [ reply ] CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation 2017-07-13 Maxim Solodovnik (solomax666 gmail com) Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: Uploaded XML documents were not correctly validated CVE-2017-7664 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue was [ more ] [ reply ] CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest 2017-07-13 William A Rowe Jr (wrowe apache org) CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest Severity: Important Vendor: The Apache Software Foundation Versions Affected: all versions through 2.2.33 and 2.4.26 Description: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset [ more ] [ reply ] CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 2017-07-13 William A Rowe Jr (wrowe apache org) CVE-2017-9789: Read after free in mod_http2.c Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.26 Description: When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentia [ more ] [ reply ] SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products 2017-07-12 SEC Consult Vulnerability Lab (research sec-consult com) [CVE request]linux kernel xfrm migrate out-of-bound access 2017-07-11 bo Zhang (zhangbo5891001 gmail com) Issue description: xfrm migrate is a mechanism of kernel ipsec xfrm framework. When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir [ more ] [ reply ] [RT-SA-2017-011] Remote Command Execution in PDNS Manager 2017-07-11 RedTeam Pentesting GmbH (release redteam-pentesting de) Advisory: Remote Command Execution in PDNS Manager RedTeam Pentesting discovered that PDNS Manager is vulnerable to a remote command execution vulnerability, if for any reason the configuration file config/config-user.php does not exist. Details ======= Product: PDNS Manager Affected Versions: G [ more ] [ reply ] CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client 2017-07-10 Florian Bogner (florian bogner sh) CVE-2017-4918: Code Injection in VMware Horizonâ??s macOS Client Metadata =================================================== Release Date: 10-July-2017 Author: Florian Bogner // https://bogner.sh Affected product: VMware Horizonâ??s macOS Client Fixed in: Version 4.5 Tested on: OS X El Capitan 10. [ more ] [ reply ] [security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution 2017-07-10 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03763en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03763en_us Version: 1 [ more ] [ reply ] [security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection 2017-07-10 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn 03762en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03762en_us Version: 1 [ more ] [ reply ] [security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution 2017-07-10 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf 03745en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03745en_us Version: 2 [ more ] [ reply ] [security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities 2017-07-10 HPE Product Security Response Team (security-alert hpe com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns 03755en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbns03755en_us Version: 1 [ more ] [ reply ] CVE-2017-5640 Apache Impala (incubating) Information Disclosure 2017-07-10 Sailesh Mukil (sailesh apache org) CVE-2017-5640 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is [ more ] [ reply ] [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure 2017-07-10 Sailesh Mukil (sailesh apache org) CVE-2017-5652 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. T [ more ] [ reply ] ToorCon 19 Call For Papers Closing This Week! 2017-07-10 h1kari toorcon org TOORCON 19 CALL FOR PAPERS CLOSING THIS WEEK! It's that time of year again! ToorCon 19 is coming so get your code finished and submit a talk this time around. This year's event has been pushed earlier in the year to the end of August, so make sure to save the new dates on your calendar. We're letti [ more ] [ reply ] [slackware-security] irssi (SSA:2017-190-01) 2017-07-09 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2017-190-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages [ more ] [ reply ] |
|
Privacy Statement |
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabiliti
es-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contac
[ more ] [ reply ]