Vulnerabilities and Exploits Archive - Ahazu.com

[slackware-security] emacs (SSA:2017-255-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] emacs (SSA:2017-255-01) New emacs packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/emacs-25.3-i586-1_slack14.2.txz: Upgraded. This update fixes a security vulnerability in Emacs. Gnus no longer supports "richtext" and "enriched" inline MIME ob...

[slackware-security] libzip (SSA:2017-255-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libzip (SSA:2017-255-02) New libzip packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libzip-1.0.1-i586-3_slack14.2.txz: Rebuilt. Fix a denial of service security issue. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14107 (* Securit...

[SECURITY] [DSA 3970-1] emacs24 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3970-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs24 CVE ID : not yet available Cha...

SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting

--------------ms060703010605030301010702 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170912-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Email verification bypass product: SAP E-Recruiting...

[slackware-security] bash (SSA:2017-251-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bash (SSA:2017-251-01) New bash packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bash-4.3.048-i586-1_slack14.2.txz: Upgraded. This update fixes two security issues found in bash before 4.4: The expansion of h in the prompt string allows remote authenticated us...

[slackware-security] mariadb (SSA:2017-251-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2017-251-02) New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0.32-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3636 htt...

[SECURITY] [DSA 3967-1] mbedtls security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3967-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mbedtls CVE ID : CVE-2017-14032 Debian B...

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security of "Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol" is posted here: https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0day= s-vulnerabilities.html =3D=3D=3D text-version of the advisory without technical explanations =3D= =3D=3D -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Tit...

August 2017 - SourceTree - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/c-mdNw . CVE ID: * CVE-2017-1000117 - Git. * CVE-2017-1000115 - Mercurial. * CVE-2017-1000116 - Mercurial. * CVE-2017-9800 - Subversion. Product: SourceTree. Affected SourceTree product versions: * SourceTree for macOS 1.0b2 <= version < 2.6.1 * SourceTree for Windows 0.5.1.0 <= version < 2.1.10 Fixed SourceTree product versions: * Vers...

[SECURITY] [DSA 3965-1] file security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3965-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : file CVE ID : CVE-2017-1000249 Thomas ...

[security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2J1eDAzNzcyZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNidXgwMzc3MmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCVVgw Mzc3MiByZXYuMSAtIEhQLVVYIEJJTkQgU2VydmljZSBSdW5uaW5nIE5hbWVkLCBNdWx0 aXBsZQ0KVn...

CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx )

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt [+] ISR: apparitionSec Vendor: =============== www.cesanta.com Product: ================== Mongoose Web Server (Free Edition) Mongoose-free-6.5.exe Download: https://cesanta.com/binary.html Mongoose - GitHubs most popular embedded web server and multi-protocol networking li...

Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability

Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2074 ID: FB49498 Acknowledgements: https://www.flickr.com/photos/vulnerabilitylab/36912680045/ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13754 CVE-ID: ======= CVE-2017-13754 Release Date: ============= 2017-09-04 Vulnerability Laboratory ID (VL-ID): ==========...

[SECURITY] [DSA 3963-1] mercurial security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3963-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond September 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mercurial CVE ID : CVE-2017-9462 CVE-2017...

[SECURITY] [DSA 3962-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3962-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez September 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2017-11185 Debia...

[SECURITY] [DSA 3961-1] libgd2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3961-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2017-6362 A double...

[security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzY1ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc2NWVuX3VzDQpWZXJzaW9uOiAyDQoNCkhQRVNCR04w Mzc2NSByZXYuMiAtIEhQRSBMb2FkUnVubmVyIGFuZCBIUEUgUGVyZm9ybWFuY2UgQ2Vu dGVyLCBSZW...

[security bulletin] HPESBGN03767 rev.1 - HPE Operations Orchestration, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzY3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc2N2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc2NyByZXYuMSAtIEhQRSBPcGVyYXRpb25zIE9yY2hlc3RyYXRpb24sIFJlbW90ZSBD b2RlIEV4ZW...

[SECURITY] [DSA 3957-1] ffmpeg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3957-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2017-9608 CVE-2017-99...

[security bulletin] HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzcwZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiaGYwMzc3MGVuX3Vz DQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYwMzc3MCByZXYuMSAtIEhQRSBDb213YXJlIDcgTVNSIFJv dXRlcnMgdXNpbmcgUEhQLCBHbywgQXBh...

[SECURITY] [DSA 3956-1] connman security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3956-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : connman CVE ID : CVE-2017-12865 Debian B...

Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference

Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security (HES) Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud environment. The platform allowed anyone to register an account online instantly and test the solution. Users were required to activate (enter) a domain name, then update their MX rec...

[security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzY5ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc2OWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc2OSByZXYuMSAtIEhQRSBJbnRlZ3JhdGVkIExpZ2h0cy1vdXQgNCAoaUxPIDQpIE11 bHRpcGxlIF...

[SECURITY] [DSA 3953-1] aodh security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : aodh CVE ID : CVE-2017-12440 Debian Bug ...

[SECURITY] [DSA 3951-1] smb4k security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3951-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : smb4k CVE ID : CVE-2017-8849 Sebastian...

[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs

--gKMricLos+KVdGMg Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs RedTeam Pentesting discovered that malicious print jobs can be used to trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These print jobs may be distributed via specially crafted websites and are processed without any user interaction as soon ...

[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates

--6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: WebClientPrint Processor 2.0: Remote Code Execution via Updates RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor (WCPP). These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is acces...

[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification

--NzB8fVQJ5HfG6fxh Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: WebClientPrint Processor 2.0: Unauthorised Proxy Modification RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites and is set without any user interaction as soon as the ...

[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates

--DocE+STaALJfprDB Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: WebClientPrint Processor 2.0: No Validation of TLS Certificates RedTeam Pentesting discovered that WebClientPrint Processor (WCPP) does not validate TLS certificates when initiating HTTPS connections. Thus, a man-in-the-middle attacker may intercept and/or modify HTTPS traffic in transit. This may result in a disclosure of sensitive informa...

[SECURITY] [DSA 3950-1] libraw security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3950-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 21, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libraw CVE ID : CVE-2017-6886 CVE-2017-68...

[SECURITY] [DSA 3948-1] ioquake3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3948-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ioquake3 CVE ID : CVE-2017-11721 A rea...

[SECURITY] [DSA 3946-1] libmspack security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3946-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libmspack CVE ID : CVE-2017-6419 CVE-2017...

[SECURITY] [DSA 3928-2] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3928-2 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-7753 CVE-20...

Microsoft Resnet - DNS Configuration Web Vulnerability

Document Title: =============== Microsoft Resnet - DNS Configuration Web Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2087 Acknowledgements: https://technet.microsoft.com/en-us/security/cc308589.aspx Release Date: ============= 2017-08-16 Vulnerability Laboratory ID (VL-ID): ==================================== 2087 Common Vulnerability Scoring System: ==================================== 6.4 Vu...

FreeBSD <= 10.3 jail SHM hole

AFFECTED PRODUCTS This issue affects FreeBSD from 7.0 to 10.3 included. DESCRIPTION FreeBSD jail incompletely protects the access to the IPC primitives. The allow.sysvipc setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. This creates two main weaknesses: - An attacker able to execute commands in one jail can attack processes located outside of the jail by directly accessin...

[SECURITY] [DSA 3943-1] gajim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3943-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gajim CVE ID : CVE-2016-10376 Debian Bug...

CVE-2017-9802: Apache Sling XSS vulnerability

--=-EXjOnMOjcWLzxIcwbdT8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable CVE-2017-9802: Apache Sling XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling Servlets Post 2.3.20 Description: The Javascript method Sling.evalString() uses the javascript `eval` function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. Mitigation: Users s...

[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability

# Vulnerability type: Multiple Stored Cross Site Scripting # Vendor: Quali # Product: CloudShell # Affected version: v7.1.0.6508 (Patch 6) # Patched version: v8 and up # Credit: Benjamin Lee # CVE ID: CVE-2017-9767 ========================================================== # Overview Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be exploited to execute arbitrary HTML and script code on all users (including admin...

[slackware-security] mercurial (SSA:2017-223-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mercurial (SSA:2017-223-03) New mercurial packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mercurial-4.3.1-i586-1_slack14.2.txz: Upgraded. Fixes security issues: Mercurials symlink auditing was incomplete prior to 4.3, and could be abused to write to files out...

[SECURITY] [DSA 3937-1] zabbix security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3937-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zabbix CVE ID : CVE-2017-2824 CVE-2017-28...

[SECURITY] [DSA 3940-1] iortcw security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3940-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iortcw CVE ID : CVE-2017-11721 A read ...

[SECURITY] [DSA 3936-1] postgresql-9.6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3936-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.6 CVE ID : CVE-2017-7546 CVE...

[SECURITY] [DSA 3935-1] postgresql-9.4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3935-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : postgresql-9.4 CVE ID : CVE-2017-7546 CVE...

[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2IzcDAzNzYyZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiM3AwMzc2MmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCM1Aw Mzc2MiByZXYuMSAtIEhQRSBDIFN3aXRjaCBTb2Z0d2FyZSB1c2luZyBDaXNjbyBQcmlt ZSBEYXRhIE...

[ANN] Apache Struts: S2-049 Security Bulletin update

This is an update of the recently announced Security Bulletin S2-049 - http://struts.apache.org/docs/s2-049.html The bulletin was extended with an additional information when the potential vulnerability can be present in your application. Please re-read the mentioned bulletin and apply required actions if needed. Please report any problems back to the Struts Security mailing list - security@struts.apache.org Kind regards --=20 =C5=81ukasz + 48 606 323 122 http://www.lenart.org....

[SECURITY] [DSA 3932-1] subversion security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3932-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion CVE ID : CVE-2016-8734 CVE-201...

[SECURITY] [DSA 3933-1] pjproject security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3933-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pjproject CVE ID : CVE-2017-9359 CVE-2017...

[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released

Im happy to announce the release of Apache Subversion 1.9.7. Please choose the mirror closest to you by visiting: http://subversion.apache.org/download.cgi?update=201708081800#recommended-release This is a stable security release of the Apache Subversion open source version control system. It fixes one security issue: CVE-2017-9800: Arbitrary code execution on clients through malicious svn+ssh URLs in svn:externals and svn:sync-from-url http://subversion.apache...

[SECURITY] [DSA 3929-1] libsoup2.4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3929-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libsoup2.4 CVE ID : CVE-2017-2885 Debian...

[slackware-security] curl (SSA:2017-221-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2017-221-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.55.0-i586-1_slack14.2.txz: Upgraded. This update fixes three security issues: URL globbing out of bounds read TFTP sends more than buffer size FILE bu...

[slackware-security] mozilla-firefox (SSA:2017-221-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-221-02) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.3.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/secu...

DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Easy Modal plugin Language: PHP Version: 2.0.17 and below Vendor Status: Vendor contacted, update released Release Date: 2017/08/07 Risk: ...

[SECURITY] [DSA 3926-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3926-1 security@debian.org https://www.debian.org/security/ Michael Gilbert August 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2017-5087 C...

[SECURITY] [DSA 3925-1] qemu security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3925-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2017-9524 CVE-2017-1080...

[SECURITY] [DSA 3927-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3927-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-7346 CVE-2017-748...

SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection

--WAWwt6GAGn9dNGeu3D49VS2TGgQlUwiBm Content-Type: multipart/mixed; boundary="gqlvcOVI4EidxgfjRIbOKSIQ7ipwPLjuF"; protected-headers="v1" From: SEC Consult Vulnerability Lab To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: Subject: SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection --gqlvcOVI4EidxgfjRIbOKSIQ7ipwPLjuF Content-Type: text/pla...

SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability

--8LxL8v03C4fxmEppDludGUrLHu6udMJTh Content-Type: multipart/mixed; boundary="WpBuxKd9RHiKhE25RgA5RS43ajKp8nBUX"; protected-headers="v1" From: SEC Consult Vulnerability Lab To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: <202b010c-eb29-64ab-90ba-30524cc80848@sec-consult.com> Subject: SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability --WpBuxKd9RHiKhE25RgA5RS43ajKp8nBUX Content-Type: text/plain; charset...

[security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2IzcDAzNzY3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiM3AwMzc2N2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCM1Aw Mzc2NyByZXYuMSAtIEhQRSBQcm9saWFudCBNTDEwIEdlbjkgc2VydmVycyB1c2luZyBJ bnRlbCBYZW...

[SECURITY] [DSA 3924-1] varnish security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3924-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : varnish CVE ID : not yet assigned Debian...

[slackware-security] gnupg (SSA:2017-213-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnupg (SSA:2017-213-01) New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.22-i586-1_slack14.2.txz: Upgraded. Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster". For more in...

CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ☾ Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api ☽ ======== ☾ Table of Contents ☽ ========================================= 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. Thanks & Acknowledgements 6. References 7. Credits 8. Legal Notices ======== ☾ 0. Overview ☽ ============================================...

[security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzYzZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc2M2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc2MyByZXYuMSAtIEhQRSBDb213YXJlIDcsIElNQywgVkNYIHByb2R1Y3RzIHVzaW5n IE9wZW5TU0...

[security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzY2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc2NmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc2NiByZXYuMSAtIEhQRSBQcm9qZWN0IGFuZCBQb3J0Zm9saW8gTWFuYWdlbWVudCAo UFBNKSwgUm...

[CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability

Vulnerability type: SQL injection, leading to administrative access through authentication bypass. ----------------------------------- Product: SOL.Connect ISET-mpp meter ----------------------------------- Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier Vulnerable parameter: user ------------------------ Credit: Andy Tan ------------------------ CVE ID: CVE-2017-11494 ------------------------ ================ Proof of Concept ================ HTTP...

[SECURITY] [DSA 3923-1] freerdp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3923-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond August 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : freerdp CVE ID : CVE-2017-2834 CVE-2017-2...

FortiOS <= 5.6.0 Multiple XSS Vulnerabilities

# Title: FortiOS <= 5.6.0 Multiple XSS Vulnerabilities # Vendor: Fortinet (www.fortinet.com) # CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 # Date: 28.07.2016 # Author: Patryk Bogdan (@patryk_bogdan) Affected FortiNet products: * CVE-2017-3131 : FortiOS versions 5.4.0 to 5.6.0 * CVE-2017-3132 : FortiOS versions upto 5.6.0 * CVE-2017-3133 : FortiOS versions upto 5.6.0 Fix: Upgrade to FortiOS version 5.6.1 Video PoC (add admin): https://youtu.be/fcpLStCD61Q Vendor advisory...

[security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzY1ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiaGYwMzc2NWVuX3Vz DQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYwMzc2NSByZXYuMSAtIEhQRSBDb252ZXJnZWRTeXN0ZW0g NzAwIFNvbHV0aW9uIHdpdGggQ29td2Fy...

[SECURITY] [DSA 3919-1] openjdk-8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3919-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-8 CVE ID : CVE-2017-10053 CVE-201...

[SECURITY] [DSA 3920-1] qemu security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3920-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : qemu CVE ID : CVE-2017-9310 CVE-2017-9330...

[slackware-security] tcpdump (SSA:2017-205-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tcpdump (SSA:2017-205-01) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/tcpdump-4.9.1-i586-1_slack14.2.txz: Upgraded. This update fixes an issue where tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer ove...

SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products

--gOWLeFO2PssGdhPFbD9jWkT9hQRAsLEpp Content-Type: multipart/mixed; boundary="qXi7tLSEBg27V31g0kTAGoNMS8vfnBEcm"; protected-headers="v1" From: SEC Consult Vulnerability Lab To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: Subject: SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products --qXi7tLSEBg27V31g0kTAGoNMS8vfnBEcm Content-Type: te...

SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products

--qwq3QNeUxVu5T15edRm59PCmOHNWnxRQV Content-Type: multipart/mixed; boundary="IuSxp957QrupagHcVAShWtlBnEjc7wt6m"; protected-headers="v1" From: SEC Consult Vulnerability Lab To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: <11d8f297-b1ff-562f-e372-eb4f7a2bf792@sec-consult.com> Subject: SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products --IuSxp957QrupagHcVAShWtlBnEjc7wt6m Content-Type: text/plain; cha...

[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance

--KFztAG8eRSV9hGtP Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API = in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to list directory contents and download arbitrary files from the affected system with root permissions. Deta...

[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance

--3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Unauthenticated Access to Diagnostic Functions in REDDOXX Applian= ce RedTeam Pentesting discovered a vulnerability which allows attackers unauthenticated access to the diagnostic functions of the administrative interface of the REDDOXX appliance. The functions allow, for example, to capture network traffic on the appliances interfaces. De...

[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance

--p4qYPpj5QlsIQJ0K Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details =3D=3D=3D=3D=3D=3D=3D Product: REDDOXX Appliance Affected Versions: Build 2032 / v2.0.625, older...

[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance

--U+BazGySraz5kW0T Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details =3D=3D=3D=3D=3D=3D=3D Product: REDDOXX Appliance Affected Versions: <=3D B...

[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance

--8P1HSweYDcXXzwPJ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details =3D=3D=3D=3D=3D=3D=3D Product: REDDOXX Appliance Affected Versions: Build 2032 / v2.0.625, older versi...

[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance

--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance and change its configuration. Details =3D=3D=3D=3D=3D=3D=3D Product: REDDOXX Appliance Affected V...

[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance

--WhfpMioaduB5tiZL Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details =3D=3D=3D=3D=3D=3D=3D Product: REDDOXX Appliance Affected Version...

[SECURITY] [DSA 3917-1] catdoc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3917-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : catdoc CVE ID : CVE-2017-11110 Debian Bu...

[slackware-security] seamonkey (SSA:2017-202-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2017-202-01) New seamonkey packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.48-i586-1_slack14.2.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/seamonkey2...

[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ1ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc0NWVuX3VzDQpWZXJzaW9uOiAzDQoNCkhQRVNCSEYw Mzc0NSByZXYuMyAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D KSBQTEFULC...

[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzY2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc2NmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc2NiByZXYuMSAtIEhQRSBDb252ZXJnZWRTeXN0ZW0gNzAwIFNvbHV0aW9uIHdpdGgg Q29td2FyZS...

File Upload in Integration Gateway (PSIGW)

1. ADVISORY INFORMATION Title: File Upload in Integration Gateway (PSIGW) Advisory ID: [ERPSCAN-17-039] Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-int= egration-gateway-psigw-peoplesoft/ Risk: High Date published: 18.07.2017 Vendor contacted: Oracle 2. VULNERABILITY INFORMATION Class: File Upload Impact: Remote command execution on the server Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2017-10061 CVSS Information CVSS Base Sco...

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)

1. ADVISORY INFORMATION Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleS= oft) Advisory ID: [ERPSCAN-17-037] Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vu= lnerabilities-testservlet-peoplesoft/ Risk: Medium Date published: 18.07.2017 Vendor contacted: Oracle 2. VULNERABILITY INFORMATION Class: XSS [CWE-79] Impact: Modify displayed content from a Web site, steal authentication information of a user Remotely Exploitable: Yes ...

Directory Traversal vulnerability in Integration Gateway (PSIGW)

1. ADVISORY INFORMATION Title: Directory Traversal vulnerability in Integration Gateway (PSIGW) Advisory ID: [ERPSCAN-17-038] Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-trave= rsal-vulnerability-integration-gateway-psigw/ Risk: High Date published: 18.07.2017 Vendor contacted: Oracle 2. VULNERABILITY INFORMATION Class: Directory Traversal Impact: Read, delete, rewrite file from the system Remotely Exploitable: Yes CVE Name: CVE-2017-10061 CVSS Informa...

APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2 iCloud for Windows 6.2.2 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7010: Apple CVE-2017-7013: found by OSS-Fuzz WebKit Available for: Windows 7 and ...

APPLE-SA-2017-07-19-5 Safari 10.1.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-5 Safari 10.1.2 Safari 10.1.2 is now available and addresses the following: Safari Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6 Impact: Processing maliciously crafted web content may lead to an infinite number of print dialogs Description: An issue existed where a malicious or compromised website could show infinite print dialogs and make users believe their browser wa...

APPLE-SA-2017-07-19-2 macOS 10.12.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-2 macOS 10.12.6 macOS 10.12.6 is now available and addresses the following: afclip Available for: macOS Sierra 10.12.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7016: riusksk (=E6=B3=89=E5=93=A5) of Tencent Security Platform Department afclip Available for: macOS S...

APPLE-SA-2017-07-19-3 watchOS 3.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-3 watchOS 3.2.2 watchOS 3.2.2 is now available and addresses the following: Contacts Available for: All Apple Watch models Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) IOUSBFamily Available for: All Apple Watch models ...

APPLE-SA-2017-07-19-1 iOS 10.3.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-1 iOS 10.3.3 iOS 10.3.3 is now available and addresses the following: Contacts Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) ...

APPLE-SA-2017-07-19-6 iTunes 12.6.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-6 iTunes 12.6.2 iTunes 12.6.2 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An access issue was addressed with additional restrictions. CVE-2017-7053: an anonymous researcher working with Trend Micros Zero Day Initiative libxml2 Available for: Windows 7 and later Impac...

APPLE-SA-2017-07-19-4 tvOS 10.2.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-4 tvOS 10.2.2 tvOS 10.2.2 is now available and addresses the following: Contacts Available for: Apple TV (4th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) CoreAudio Available for: Apple TV (4th generation) ...

[SECURITY] [DSA 3914-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3914-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-9439 CVE-20...

[CVE-2017-7728] - Authentication Bypass allows alarms commands execution in iSmartAlarm

[+] Credits: Ilia Shnaidman [+] @0x496c on Twitter [+] Source: http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/ Vendor: ============= iSmartAlarm, inc. Product: =========================== iSmartAlarm cube - All iSmartAlarm is one of the leading IoT manufactures in the domain of smart alarm systems. It provides a fully integrated alarm system with siren, smart cameras and locks. It functions like any alarm sy...

CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update

Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.0.0 Description: Apache OpenMeetings updates user password in insecure manner. CVE-2017-7688 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue was identified by Security Innovation ...

CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload

Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.0.0 Description: Apache OpenMeetings doesnt check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server CVE-2017-7684 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue was identified by Security Innovation ...

CVE-2017-7663 - Apache OpenMeetings - XSS in chat

Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.2.0 Description: Both global and Room chat are vulnerable to XSS attack CVE-2017-7663 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue was identified by Security Innovation ...

CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation

Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: Uploaded XML documents were not correctly validated CVE-2017-7664 The issue was fixed in 3.3.0 All users are recommended to upgrade to Apache OpenMeetings 3.3.0 Credit: This issue was identified by Security Innovation -- WBR Maxim aka solomax ...

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest Severity: Important Vendor: The Apache Software Foundation Versions Affected: all versions through 2.2.33 and 2.4.26 Description: The value placeholder in [Proxy-]Authorization headers of type Digest was not initialized or reset before or between successive key=3Dvalue assignments. by mod_auth_digest Providing an initial key with no =3D assignment could reflect the stale value of uninitialized pool memory used ...

CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2

CVE-2017-9789: Read after free in mod_http2.c Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.26 Description: When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. Mitigation: 2.4.26 users of mod_http2 should upgrade to 2.4.27. Credit: The Apache HTTP Server security team would like to thank Robert =C5=9Awi=C4= =99cki ...

[SECURITY] [DSA 3908-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2017-7529 An intege...

SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products

--------------ms080309050908020306040606 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170712-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Multiple critical vulnerabilities product: AGFEO Sm...

[CVE request]linux kernel xfrm migrate out-of-bound access

Issue description: xfrm migrate is a mechanism of kernel ipsec xfrm framework. When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX. The whole value of struct xfrm_userpolicy_id can be controlled by sending netlink message, and the out of bound addr can be expected; this may lead to pote...

[RT-SA-2017-011] Remote Command Execution in PDNS Manager

--7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Remote Command Execution in PDNS Manager RedTeam Pentesting discovered that PDNS Manager is vulnerable to a remote command execution vulnerability, if for any reason the configuration file config/config-user.php does not exist. Details =3D=3D=3D=3D=3D=3D=3D Product: PDNS Manager Affected Versions: Git master 3bf4e28 (2016-12-12) - ...

=?utf-8?Q?CVE-2017-4918=3A_Code_Injection_in_VMware_Horizon?= =?utf-8?Q?=E2=80=99s_macOS_Client?=

--Apple-Mail=_5C5B9DE7-2ECD-4D2C-BECF-7A12E330BD3D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 CVE-2017-4918: Code Injection in VMware Horizon=E2=80=99s macOS Client Metadata =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D Release Date: 10-July-2017 Author: Florian Bogner // https://bogner.sh Affected product: VMware Horizon=E2=80=9...

[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution

DQotLS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQpIYXNoOiBTSEEyNTYNCg0KTm90 ZTogdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0aGUgZm9sbG93aW5nIGRvY3VtZW50IGlzIGF2YWls YWJsZSBoZXJlOg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9k aXNwbGF5P2RvY0lkPWVtcl9uYS1ocGVzYmduMDM3NjNlbl91cw0KDQpTVVBQT1JUIENPTU1VTklD QVRJT04gLSBTRUNVUklUWSBCVUxMRVRJTg0KDQpEb2N1bWVudCBJRDogaHBlc2JnbjAzNzYzZW5f dXMNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNzYzIHJldi4xIC0gSFBFIFNpdGVTY29wZSwgRGlz Y2xvc3VyZSBvZiBTZW5zaXRpdmUgSW5m...

[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection

DQotLS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQpIYXNoOiBTSEEyNTYNCg0KTm90 ZTogdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0aGUgZm9sbG93aW5nIGRvY3VtZW50IGlzIGF2YWls YWJsZSBoZXJlOg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9k aXNwbGF5P2RvY0lkPWVtcl9uYS1ocGVzYmduMDM3NjJlbl91cw0KDQpTVVBQT1JUIENPTU1VTklD QVRJT04gLSBTRUNVUklUWSBCVUxMRVRJTg0KDQpEb2N1bWVudCBJRDogaHBlc2JnbjAzNzYyZW5f dXMNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNzYyIHJldi4xIC0gSFBFIE5ldHdvcmsgTm9kZSBN YW5hZ2VyIGkgKE5OTWkpIFNvZnR3YXJl...

[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

DQotLS0tLUJFR0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQpIYXNoOiBTSEEyNTYNCg0KTm90 ZTogdGhlIGN1cnJlbnQgdmVyc2lvbiBvZiB0aGUgZm9sbG93aW5nIGRvY3VtZW50IGlzIGF2YWls YWJsZSBoZXJlOg0KaHR0cHM6Ly9oMjA1NjQud3d3Mi5ocGUuY29tL2hwc2MvZG9jL3B1YmxpYy9k aXNwbGF5P2RvY0lkPWVtcl9uYS1ocGVzYmhmMDM3NDVlbl91cw0KDQpTVVBQT1JUIENPTU1VTklD QVRJT04gLSBTRUNVUklUWSBCVUxMRVRJTg0KDQpEb2N1bWVudCBJRDogaHBlc2JoZjAzNzQ1ZW5f dXMNClZlcnNpb246IDINCg0KSFBFU0JIRjAzNzQ1IHJldi4yIC0gSFBFIEludGVsbGlnZW50IE1h bmFnZW1lbnQgQ2VudGVyIChpTUMpIFBM...

[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JuczAzNzU1ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNibnMwMzc1NWVuX3Vz DQpWZXJzaW9uOiAxDQoNCkhQRVNCTlMwMzc1NSByZXYuMSAtIEhQRSBOb25TdG9wIFNlcnZlciB1 c2luZyBTYW1iYSwgTXVsdGlwbGUgUmVt...

CVE-2017-5640 Apache Impala (incubating) Information Disclosure

CVE-2017-5640 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with =E2=80=98COMPLETE=E2=80=99 before the SASL handshake has completed, the cli= ent will consider the handshake as completed ...

[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure

CVE-2017-5652 Apache Impala (incubating) Information Disclosure Severity: High Versions Affected: Apache Impala (incubating) 2.7.0 to 2.8.0 Description: During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary,...

ToorCon 19 Call For Papers Closing This Week!

TOORCON 19 CALL FOR PAPERS CLOSING THIS WEEK! Its that time of year again! ToorCon 19 is coming so get your code finished and submit a talk this time around. This years event has been pushed earlier in the year to the end of August, so make sure to save the new dates on your calendar. Were letting you decide if you want to be a part of our 50-minute talks on Saturday, 20-minute talks on Sunday, and 75-minute talks for our Deep Knowledge Seminars on Friday depending on how much time you need t...

[slackware-security] irssi (SSA:2017-190-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] irssi (SSA:2017-190-01) New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/irssi-1.0.4-i586-1_slack14.2.txz: Upgraded. This release fixes two remote crash issues as well as a few bugs. For more information, see: https://irssi.org/security/irssi_sa_20...

[SECURITY] [DSA 3905-1] xorg-server security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3905-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xorg-server CVE ID : CVE-2017-10971 CVE-2...

[SECURITY] [DSA 3904-1] bind9 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3904-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez July 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3142 CVE-2017-314...

[slackware-security] php (SSA:2017-188-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2017-188-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.31-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.31 https://cve.mitre.or...

CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 (Yet Another Web Server) Yaws is a HTTP high perfomance 1.1 webserver particularly well suited for dynamic-content web applications. Two separate modes of operations are suppor...

[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Severity: Important Vendor: The Apache Software Foundation Versions Affected: Solr 5.3 to 5.5.4 Solr 6.0 to 6.5.1 Description: Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to...

[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-011 Product: Office 365 (Sharepoint) Manufacturer: Microsoft Affected Version(s): ? Tested Version(s): Office 365 Enterprise E3 (version from February 2017) Vulnerability Type: Insufficient Session Expiration (CWE-613) Risk Level: Low Solution Status: Open Manufacturer Notification: 2017-03-01 Solution Date: Public Disclosure: 2017-07-04 CVE Reference: Not yet assigned Authors of Advisory: Micha Borrmann (SySS...

Firefox v54.0.1 Denial Of Service

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/FIREFOX-v54.0.1-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: =============== www.mozilla.org Product: =============== Firefox v54.0.1 Vulnerability Type: =================== Denial Of Service Security Issue: ================ Dynamically creating HTML elements IMG,FORM,DIV,P,A,H2,IFRAME,TABLE,TEXTAREA and as...

KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials

--1nw5sR63cKwgMmRWdpSOhkBNgSuCTX3ex Content-Type: multipart/mixed; boundary="1DiBMXPVMVPPs1MDn0WaRlngBodBegH1X"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <14c4a1ac-dfe0-106b-5677-41b5aab2bdcb@korelogic.com> Subject: KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials --1DiBMXPVMVPPs1MDn0WaRlngBodBegH1X Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content...

KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack

--hRQHmocKlMfb3M5tV64oBstbrP1cFGn29 Content-Type: multipart/mixed; boundary="k1wpTtCFkDntOCkWdl8vpmcWfTCKlXDf2"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack --k1wpTtCFkDntOCkWdl8vpmcWfTCKlXDf2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-...

KL-001-2017-012 : Barracuda WAF Grub Password Complexity

--Hcm7XoVRlqRuLV5WHncUweNLOBD2bNANl Content-Type: multipart/mixed; boundary="7bDPLoVinwhwS7VfKN7i4ffn3ta5Pk947"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <4a36ee01-069b-483a-b12f-a52f98a9fbd9@korelogic.com> Subject: KL-001-2017-012 : Barracuda WAF Grub Password Complexity --7bDPLoVinwhwS7VfKN7i4ffn3ta5Pk947 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Conte...

KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure

--5waDB5R0tc10MexvPrQ823FsinBg9Ie6F Content-Type: multipart/mixed; boundary="FRx6xXO3sdnicDXSgcUWEoOXHuNPIflLT"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure --FRx6xXO3sdnicDXSgcUWEoOXHuNPIflLT Content-Type: text/plain; charset=utf-8 Content-La...

[SECURITY] [DSA 3903-1] tiff security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3903-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-10095 CVE-2017-914...

[SECURITY] [DSA 3902-1] jabberd2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3902-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jabberd2 CVE ID : CVE-2017-10807 Debian ...

[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtYzAzOTY5NDM1DQoNClNVUFBPUlQgQ09NTVVOSUNBVElPTiAtIFNF Q1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElEOiBjMDM5Njk0MzUNClZlcnNpb246IDMNCg0K SFBTQk1VMDI5MzMgcmV2LjMgLSBIUEUgU2l0ZVNjb3BlLCBpc3N1ZVNpZWJlbENtZCBhbmQgIGxv YWRGaWxlQ29udGVudHMgU09BUCBSZXF1...

[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] Slackware 14.0 kernel (SSA:2017-184-01) New kernel packages are available for Slackware 14.0 to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/linux-3.2.90/*: Upgraded. This kernel fixes security issues (including "Stack Clash"). The issues may result in denial-of-service conditions or may allow attackers to execute arbitrary co...

[SECURITY] [DSA 3901-1] libgcrypt20 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3901-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-7526 Dan...

[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities

Vulnerability type: Reflected Cross Site Scripting ------------------------ Product: Webmin ------------------------ Affected version: Webmin 1.840 and possibly earlier ------------------------ Patched version: Webmin 1.850 ------------------------ Credit: Andy Tan ------------------------ CVE ID: CVE-2017-9313 ------------------------ =============== Proof of Concept ================ Vulnerable Modules: https://192.168.1.20:10000/man/view_man.cgi?page=foo&sec= # TIMELINE - 1/7/2016: Vulner...

Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

# Vulnerability type: Cross Site Scripting # Vendor: Ektron # Product: Ektron Content Management System # Affected version: 9.10SP1(Build 9.1.0.184) # Patched version: 9.1.0.184SP3(9.1.0.184.3.127) # Credit: Siyavash Ghasseminia, Edmund Goh # CVE ID: CVE-2016-6133 # PROOF OF CONCEPT Vulnerable URL: /WorkArea/workarea.aspx?page=content.aspx&action=ViewContentByCategory&folder_id=0&LangType=1033 # VULNERABLE PARAMETERS: - folder_id # SAMPLE PAYLOAD - ,1);});alert(1);// Or...

ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station

--_002_1BF8853173D9704A93EF882F85952A892897A1MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A892897A1MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-041.txt" Content-Description: ESA-2017-041.txt Content-Disposition: attachment; filename="ESA-2017-041.txt"; size=4210; creation-date="Thu, 13 Apr 2017 17:05:42 GMT"; modification-date="Tue, 13 Jun 2017 13:57:24 GMT" Content-...

[security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzYxZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc2MWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc2MSByZXYuMSAtICBIUEUgVmlydHVhbGl6YXRpb24gUGVyZm9ybWFuY2UgVmlld2Vy IChWUFYpLy...

[SECURITY] [DSA 3882-1] request-tracker4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3882-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : request-tracker4 CVE ID : CVE-2016-6127 C...

June 2017 - Bamboo - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/KgwUNg . CVE ID: * CVE-2017-8907. Product: Bamboo. Affected Bamboo product versions: 5.0.0 <= version < 5.15.7 6.0.0 <= version < 6.0.1 Fixed Bamboo product versions: * for 5.15.x, Bamboo 5.15.7 has been released with a fix for this issue. * for 6.0.x, Bamboo 6.0.1 has been released with a fix for this issue. Summary: This advisory ...

CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors

CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors Severity: High Vendor: SAP Versions Affected: SAP successfactors - Release build b1702p5e.1190658 Description: Stored Cross-site scripting (XSS) vulnerability in SAP Successfactors allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. Resolution: SAP has fixed this in Release build b1705.1234962 ...

[slackware-security] mozilla-firefox (SSA:2017-165-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-165-02) New mozilla-firefox packages are available for Slackware 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.2.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/sec...

[slackware-security] bind (SSA:2017-165-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-165-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.5_P1-i586-1_slack14.2.txz: Upgraded. Fixed denial of service security issue: Some RPZ configurations could go into an infinite query loop when encoun...

[SECURITY] [DSA 3881-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3881-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5470 CVE-20...

=?iso-8859-1?Q?ESA-2017-031:_RSA_BSAFE=AE_Cert-C_Improper_Certificate_Pro?= =?iso-8859-1?Q?cessing_Vulnerability?=

--_002_1BF8853173D9704A93EF882F85952A892865ADMX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A892865ADMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-031.txt" Content-Description: ESA-2017-031.txt Content-Disposition: attachment; filename="ESA-2017-031.txt"; size=1750; creation-date="Fri, 09 Jun 2017 13:23:09 GMT"; modification-date="Tue, 13 Jun 2017 14:00:52 GMT" Conten...

ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability

--_002_1BF8853173D9704A93EF882F85952A892865CDMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A892865CDMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-043.txt" Content-Description: ESA-2017-043.txt Content-Disposition: attachment; filename="ESA-2017-043.txt"; size=3019; creation-date="Wed, 05 Apr 2017 16:53:14 GMT"; modification-date="Tue, 13 Jun 2017 13:58:03 GMT" Content-...

[SECURITY] [DSA 3880-1] libgcrypt20 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3880-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-9526 It ...

SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence

--------------ms060909070602060402070109 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170613-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Access Restriction Bypass product: Atlassian Conflu...

Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability

====================================================================== Secunia Research 2017/06/09 libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulner...

[SECURITY] [DSA 3877-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3877-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : CVE-2017-0376 Debian Bug ...

Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities

Document Title: =============== Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2073 Release Date: ============= 2017-06-09 Vulnerability Laboratory ID (VL-ID): ==================================== 2073 Common Vulnerability Scoring System: ==================================== 5.3 Vulnerability Class: ==================== SQL Injection Current Esti...

Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability

Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2075 Release Date: ============= 2017-06-07 Vulnerability Laboratory ID (VL-ID): ==================================== 2075 Common Vulnerability Scoring System: ==================================== 3.3 Vulnerability Class: ==================== Cross Site Scripting - Non Per...

[security bulletin] HPESBHF03730 rev.2 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzMwZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzczMGVuX3VzDQpWZXJzaW9uOiAyDQoNCkhQRVNCSEYw MzczMCByZXYuMiAtIEhQRSBBcnViYSBDbGVhclBhc3MgUG9saWN5IE1hbmFnZXIsIE11 bHRpcGxlDQ...

[SECURITY] [DSA 3876-1] otrs2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3876-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2017-9324 Joerg-Tho...

[SECURITY] [DSA 3875-1] libmwaw security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3875-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libmwaw CVE ID : CVE-2017-9433 It was ...

[security bulletin] HPESBUX03759 rev.1 - HP-UX CIFS Sever using Samba, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2J1eDAzNzU5ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNidXgwMzc1OWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCVVgw Mzc1OSByZXYuMSAtIEhQLVVYIENJRlMgU2V2ZXIgdXNpbmcgU2FtYmEsIE11bHRpcGxl IFJlbW90ZQ...

[security bulletin] HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of Service

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2J1eDAzNzQ3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNidXgwMzc0N2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCVVgw Mzc0NyByZXYuMSAtIEhQLVVYIHJ1bm5pbmcgQklORCwgUmVtb3RlIERlbmlhbCBvZiBT ZXJ2aWNlDQ...

ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A89264BAAMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A89264BAAMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-064.txt" Content-Description: ESA-2017-064.txt Content-Disposition: attachment; filename="ESA-2017-064.txt"; size=3029; creation-date="Thu, 08 Jun 2017 17:43:17 GMT"; modification-date="Thu, 08 Jun 2017 17:45:53 GMT" Content-...

[SYSS-2017-018] OTRS - Access to Installation Dialog

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-018 Product: OTRS Manufacturer: OTRS Affected Version(s): OTRS 5.0.x, OTRS 4.0.x, OTRS 3.3.x Fixed Version(s): OTRS 5.0.20, OTRS 4.0.24, OTRS 3.3.17 Tested Version(s): 5.0.19 Vulnerability Type: Access to Installation Dialog Risk Level: High Solution Status: Fixed Manufacturer Notification: 2017-05-30 Solution Date: 2017-06-06 Public Disclosure: 2017-06-08 CVE Reference: CVE-2017-9324 Author of Advisory: Seba...

[security bulletin] HPESBGN03758 rev.1 - HPE UCMDB, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzU4ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc1OGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc1OCByZXYuMSAtIEhQRSBVQ01EQiwgUmVtb3RlIENvZGUgRXhlY3V0aW9uDQoNCk5P VElDRTogVG...

CVE update - fixed in Apache Ranger 0.7.1

Hello: Please find below details on CVEs fixed in Ranger 0.7.1 release. Release = details can be found at = https://cwiki.apache.org/confluence/display/RANGER/0.7.1+Release+-+Apache+= Ranger=20 = --------------------------------------------------------------------------= --------------------------------------------------------------------------= ------------------------------------------------------------- CVE-2017-7676: Apache Ranger policy evaluation ignores characters after = =E...

[security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzU3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc1N2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc1NyByZXYuMSAtIEhQRSBOZXR3b3JrIFByb2R1Y3RzIGluY2x1ZGluZyBDb213YXJl IDUgYW5kIE...

Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities

Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2076 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID (VL-ID): ==================================== 2076 Common Vulnerability Scoring System: ==================================== 5.3 Vulnerability Class: ==================== SQL Injection Current Estimated P...

Sophos Cyberoam Cross-site scripting (XSS) vulnerability

Title: ==== Sophos Cyberoam ? Cross-site scripting (XSS) vulnerability Credit: ====== Name: Bhadresh Patel Date: ==== 25/05/2017 (dd/mm/yyyy) Vendor: ====== More than 100 million users in 150 countries rely on Sophos to offer end-to-end protection against complex threats and data loss. Sophos is committed to providing complete, enterprise-grade security solutions that are simple to deploy, manage and use, and deliver one of the industrys lowest total cost of ownership....

[security bulletin] HPESBGN03752 rev.1 - HPE IceWall using OpenSSL, remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzUyZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc1MmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc1MiByZXYuMSAtIEhQRSBJY2VXYWxsIHVzaW5nIE9wZW5TU0wsIHJlbW90ZSBEZW5p YWwgb2YgU2...

[security bulletin] HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzU2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc1NmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc1NiByZXYuMSAtICBIUEUgTmV0d29yayBQcm9kdWN0cyBpbmNsdWRpbmcgQ29td2Fy ZSA3LCBpTU...

X41-2017-005 - Multiple Vulnerabilities in peplink balance routers

--PfumHS54BU8F0HApRI3hD0EANtXGj5tWE Content-Type: multipart/mixed; boundary="mrid0qru6nUBMAfPLQELH07KdFHS2fc74"; protected-headers="v1" From: X41 D-Sec GmbH Advisories To: bugtraq@securityfocus.com Message-ID: Subject: X41-2017-005 - Multiple Vulnerabilities in peplink balance routers --mrid0qru6nUBMAfPLQELH07KdFHS2fc74 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding...

[SECURITY] [DSA 3873-1] perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3873-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2017-6512 Debian Bug ...

[SECURITY] [DSA 3870-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3870-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2017-8295 CVE-2017...

[SECURITY] [DSA 3869-1] tnef security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3869-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond June 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tnef CVE ID : CVE-2017-8911 Debian Bug ...

[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege

Hi @ll, executable installers built with Intels Installation Framework, for example "Intel SSD Toolbox - v3.4.3.exe", available from , expose two vulnerabilities, both resulting in arbitrary code execution with escalation of privilege. Vulnerability #1: ~~~~~~~~~~~~~~~~~ On a fully patched Windows 7 SP1 they load and execute (at least) Cabinet.dll, Version.dll, RichEd20.dll, UXTheme.dll or DMWAPI.dll (on other versions of Windows d...

DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-02-016 Advisory Title: WordPress Simple Slideshow Manager Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Simple Slideshow Manager Plugin Language: PHP Version: 2.2 and below Vendor Status: Vendor contacted, update released Release Da...

[SECURITY] [DSA 3867-1] sudo security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sudo CVE ID : CVE-2017-1000367 Debian Bu...

[SECURITY] [DSA 3866-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3866-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez May 30, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2017-9022 CVE-201...

[SECURITY] [DSA 3865-1] mosquitto security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3865-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mosquitto CVE ID : CVE-2017-7650 It wa...

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web = Vulnerability Scanner 11 Metadata = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D Release Date: 28-May-2017 Author: Florian Bogner @ https://bogner.sh Affected product: Acunetix Web Vulnerability Scanner 11 = (https://w...

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys CWE-522 :Insufficiently Protected Credentials Products: Wordpress Social Stream Versions 1.6.0 and lower https://codecanyon.net/item/wordpress-social-stream/2201708 Social Network Tabs Versions 1.7.4 and lower https://codecanyon.net/item/social-network-tabs-for-wordpress/1982987 Fix: Wordpress Social Stream, V 1.6.1 https://codecanyon.net/item/wordpress-social-stream/2201708 "WordPress Social Stream will com...

[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzMwZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzczMGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzczMCByZXYuMSAtIEhQRSBBcnViYSBDbGVhclBhc3MgUG9saWN5IE1hbmFnZXIsIE11 bHRpcGxlDQ...

[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzU0ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc1NGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc1NCByZXYuMSAtICBIUEUgTUwxMCBHZW4gOSBTZXJ2ZXIgdXNpbmcgSW50ZWwgWGVv biBFMy0xMj...

[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzUwZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc1MGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc1MCByZXYuMSAtIEhQRSBOZXR3b3JrIFByb2R1Y3RzIGluY2x1ZGluZyBDb213YXJl IDUsIENvbX...

[SECURITY] [DSA 3863-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3863-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-7606 CVE-20...

[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ2ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiaGYwMzc0NmVuX3Vz DQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYwMzc0NiByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5h Z2VtZW50IENlbnRlciAoaU1DKSBQTEFU...

WebKitGTK+ Security Advisory WSA-2017-0004

--2OBs2Gnan3GvGntUNdRX1V16kG1ENffCP Content-Type: multipart/mixed; boundary="JmsRekxKkwix8kbo3MSkBfXBrmWT98Na0"; protected-headers="v1" From: Carlos Alberto Lopez Perez To: "webkit-gtk@lists.webkit.org" Cc: security@webkit.org, distributor-list@gnome.org, oss-security@lists.openwall.com, bugtraq@securityfocus.com Message-ID: <6df1ae14-5736-6a39-d761-41884c27ce2b@igalia.com> Subject: WebKitGTK+ Security Advisory WSA-2017-0004 --JmsRek...

[slackware-security] samba (SSA:2017-144-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2017-144-01) New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded. This update fixes a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writ...

[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzUxZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc1MWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc1MSByZXYuMSAtIEhQRSBBcnViYSBBaXJXYXZlIEdsYXNzLCBSZW1vdGUgQ29kZSBF eGVjdXRpb2...

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress AffiliateWP Plugin Security Vulnerability Advisory ID: DC-2017-05-05 Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress AffiliateWP Plugin Language: PHP Version: 2.0.8 and below (taken from the official GitHub repo) Vendor Status: Vendor contacted, update release...

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress Huge-IT Video Gallery Plugin Security Vulnerability Advisory ID: DC-2017-01-009 Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Huge-IT Video Gallery plugin Language: PHP Version: 2.0.4 and below Vendor Status: Vendor contacted, update released Rele...

DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability

DefenseCode ThunderScan SAST Advisory WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability Advisory ID: DC-2017-01-002 Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress All In One Schema.org Rich Snippets Plugin Language: PHP Version: 1.4.1 and below Vendor S...

[SECURITY] [DSA 3861-1] libtasn1-6 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3861-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtasn1-6 CVE ID : CVE-2017-6891 Debian...

Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

====================================================================== Secunia Research 2016/05/22 Microsoft Windows Heap-based Buffer Overflow Vulnerabilities ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerabilities..........................................

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ0ZW5fdXMNCg0KU1VQUE9SVCBDT01NVU5JQ0FU SU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9jdW1lbnQgSUQ6IGhwZXNiaGYwMzc0NGVuX3Vz DQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYwMzc0NCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5h Z2VtZW50IENlbnRlciAoaU1DKSBQTEFU...

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: ==================== www.secure-bytes.com Product: ===================== Secure Auditor - v3.0 Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle and SQL databases and Cisco devices. ...

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt [+] ISR: APPARITIONSEC Vendor: ============= www.pmail.com Product: =========================== Pegasus "winpm-32.exe" v4.72 build 572 Pegasus Mail: Pegasus Mail is a free, standards-based electronic mail client suitable for use by single or multiple users on single computers or o...

CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt [+] ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. Vulnerability Type: ...

May 2017 - SourceTree - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/x/jW2xNQ . CVE ID: * CVE-2017-8768. Product: SourceTree. Affected SourceTree product versions: * SourceTree for Mac 1.4.0 <= version < 2.5.1 * SourceTree for Windows 0.8.4b <= version < 2.0.20.1 Fixed SourceTree product versions: * Versions of SourceTree for Mac equal to and above 2.5.1 contain a fix for this issue. * Versions of SourceTree ...

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

[SECURITY] [DSA 3858-1] openjdk-7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3858-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2017-3509 CVE-2017...

[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints

CVE-2017-5657: Apache Archiva CSRF vulnerabilities for various REST endpoints Severity: Important Vendor: The Apache Software Foundation Versions Affected: Archiva 2.0.0 - 2.2.1 The unsupported versions 1.x are also affected. Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send HTML response that performs arbitrary actions on ar...

[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzQ4ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc0OGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc0OCByZXYuMSAtIEhQRSBDbG91ZCBPcHRpbWl6ZXIsIFJlbW90ZSBEaXNjbG9zdXJl IG9mIEluZm...

[SECURITY] [DSA 3856-1] deluge security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3856-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : deluge CVE ID : CVE-2017-7178 CVE-2017-90...

PingID (MFA) - Reflected Cross-Site Scripting

############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: PingID (MFA) [1] # Vendor: Ping Identity Corporation # CSNC ID: CSNC-2017-013 # Subject: Reflected Cross-Site Scripting # Risk: High # Effect: Remotely exploitable # Author: Stephan Sekula # Date: 18...

[slackware-security] kdelibs (SSA:2017-136-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kdelibs (SSA:2017-136-02) New kdelibs packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/kdelibs-4.14.32-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue with KAuth that can lead to gaining root from an unprivileged account. For more in...

[SYSS-2017-010] HP Wireless Mouse: Spoofing Attack (CWE-345)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-010 Product: Wireless Mouse (part of Wireless Desktop Set ERK-321A, which is shipped together with HP Elite Slice) Manufacturer: HP Affected Version(s): MORFGIUO Tested Version(s): MORFGIUO Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-03-02 Solution Date: - Public Di...

Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages

================================================================== Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages ================================================================== Information ------------------------------------------------------------------ Name: Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages Affected Versions: Nextcloud Server < 11.0.3 Nextcloud Server < 10.0.5 Nextcloud Server < 9.0.58...

APPLE-SA-2017-05-15-6 iTunes 12.6.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-6 iTunes 12.6.1 iTunes 12.6.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-6984: lokihardt of Google Project Zero Installation note: iTunes 12.6.1 may be obtained from: https:...

APPLE-SA-2017-05-15-4 watchOS 3.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-05-15-4 watchOS 3.2.1 watchOS 3.2.1 is now available and addresses the following: AVEVideoEncoder Available for: All Apple Watch models Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: All Apple Watch models Impact: An applicat...

[SECURITY] [DSA 3853-1] bitlbee security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3853-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bitlbee CVE ID : CVE-2016-10188 CVE-2016-...

Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability

====================================================================== Secunia Research 2017/05/11 FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnera...

Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability

====================================================================== Secunia Research 2017/05/11 LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 S...

[security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQ1ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc0NWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc0NSByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D KSBQTEFULC...

DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory GOOGLE google-api-php-client Multiple Security Vulnerabilities Advisory ID: DC-2017-04-012 Advisory Title: google-api-php-client Multiple XSS Vulnerabilities Advisory URL: http://defensecode.com/advisories/DC-2017-04-012_google-api-php-client_Advisory.pdf Software: google-api-php-client Software Language: PHP Version: 2.1.3 and below Vendor Status: Vendor contacted, vulnerability confirmed Release Date: 20...

SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager

--------------ms000400050607080506090901 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable A blog post with additional information is available here: http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html= We have also released a video showing arbitrary code execution: https://www.youtube.com/watch?v=3D1EngNIXSNQw SEC Consult Vulnerability Lab Security Advisory < 20170511-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3...

DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability

DefenseCode WebScanner DAST Advisory WordPress User Access Manager Plugin Security Vulnerability Advisory ID: DC-2017-01-021 Advisory Title: WordPress User Access Manager Plugin Cross Site Scripting vulnerability Advisory URL: http://www.defensecode.com/advisory/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf Software: WordPress User Access Manager Software Language: PHP Version: 1.2.14 and below Vendor Status: Ven...

DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities

DefenseCode ThunderScan SAST Advisory WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-020 Advisory Title: WordPress Tracking Code Manager Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories/DC-2017-01-020_WordPress_Tracking_Code_Manager_Plugin_Advisory.pdf Software: WordPress Tracking Code Manager Software Language: PHP Version: 1.11.1 and below Vendor Status: Vendor...

=?iso-8859-1?Q?ESA-2017-017:_RSA=AE_Adaptive_Authentication_(On-Premise)_?= =?iso-8859-1?Q?Cross-Site_Scripting_Vulnerability?=

--_002_1BF8853173D9704A93EF882F85952A8923C5D8MX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8923C5D8MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-017.txt" Content-Description: ESA-2017-017.txt Content-Disposition: attachment; filename="ESA-2017-017.txt"; size=3623; creation-date="Tue, 11 Apr 2017 15:21:27 GMT"; modification-date="Wed, 10 May 2017 19:25:21 GMT" Conten...

ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability

--_002_1BF8853173D9704A93EF882F85952A8923C5CBMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8923C5CBMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-027.txt" Content-Description: ESA-2017-027.txt Content-Disposition: attachment; filename="ESA-2017-027.txt"; size=3889; creation-date="Thu, 30 Mar 2017 15:50:26 GMT"; modification-date="Wed, 10 May 2017 19:22:27 GMT" Content-...

[CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability

--w9sCDCtB4Q9mMXkvVLxhnawH4vFcoqO0D Content-Type: multipart/mixed; boundary="Tgkqkme4gKKE5TOK4Pvrh7Dog4MwGAIaF"; protected-headers="v1" From: Core Security Advisories Team To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <796abd29-abcf-a1e3-c8d1-912bc5fc9140@coresecurity.com> Subject: [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability --Tgkqkme4gKKE5TOK4Pvrh7Dog4MwGAIaF Content-Type: text/plain; charset=utf-8 C...

SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App

--------------ms060104070605070203000002 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory < 20170510-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ...

[SECURITY] [DSA 3848-1] git security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3848-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 10, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : git CVE ID : CVE-2017-8386 Timo Schmid...

Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]

[Original post here: https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/] Summary Various models of ASUS RT routers have several CSRF vulnerabilities allowing malicious sites to login and change settings in the router; multiple JSONP vulnerabilities allowing exfiltration of router data and an XML endpoint revealing WiFi passwords. Most of these issues have been fixed by Asus in the March 2017 firmware update under v3.0.0.4.380.7378. One issue...

[SECURITY] [DSA 3847-1] xen security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3847-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xen CVE ID : CVE-2016-9932 CVE-2016-10013...

[security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JzdDAzNzM5ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNic3QwMzczOWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCU1Qw MzczOSByZXYuMSAtIEhQRSBTdG9yZUZhYnJpYyBCLXNlcmllcyBTd2l0Y2hlcywgUmVt b3RlIEVsZX...

CVE-2016-6799: Internal system information leak

CVE-2016-6799: Internal system information leak Severity: High Vendor: The Apache Software Foundation Versions Affected: Cordova Android (5.2.2 and below) Description: The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Log...

SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager

--------------ms070202060502000701070006 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170509-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Multiple vulnerabilities product: I, Librarian PDF ...

[SECURITY] [DSA 3846-1] libytnef security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3846-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libytnef CVE ID : CVE-2017-6298 CVE-2017-...

[SECURITY] [DSA 3845-1] libtirpc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3845-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libtirpc CVE ID : CVE-2017-8779 Guido ...

ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability

--_002_1BF8853173D9704A93EF882F85952A8923AF2BMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8923AF2BMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-035.txt" Content-Description: ESA-2017-035.txt Content-Disposition: attachment; filename="ESA-2017-035.txt"; size=3617; creation-date="Mon, 27 Mar 2017 18:31:47 GMT"; modification-date="Wed, 29 Mar 2017 19:51:57 GMT" Content-...

FromMax B barbara pinkerton _0001.jpg

------=_Part_83228750_1760413393.1494247225260 Content-Type: multipart/alternative; boundary="----=_Part_83228751_1385691432.1494247225260" ------=_Part_83228751_1385691432.1494247225260 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit ------=_Part_83228751_1385691432.1494247225260 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit

CA20170504-01: Security Notice for CA Client Automation OS Installation Management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20170504-01: Security Notice for CA Client Automation OS Installation Management Issued: May 4, 2017 Last Updated: May 4, 2017 CA Technologies is alerting customers to a potential risk with CA Client Automation OS Installation Management. A vulnerability exists that can allow a local attacker to gain sensitive information on operating systems installations created by CA Client Automation OS Installation Management. A solution is a...

[security bulletin] HPESBHF03736 rev.1 - HPE Aruba and HPE ProVision network switches using Diffie Hellman Group1 Sha1 Exchange Algorithm, Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzM2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzczNmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzczNiByZXYuMSAtIEhQRSBBcnViYSBhbmQgSFBFIFByb1Zpc2lvbiBuZXR3b3JrIHN3 aXRjaGVzIH...

[security bulletin] HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzQwZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzc0MGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w Mzc0MCByZXYuMSAtIEhQRSBOZXR3b3JrIEF1dG9tYXRpb24sIE11bHRpcGxlIFJlbW90 ZSBWdWxuZX...

WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295]

WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295] https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html Regards, Dawid Golunski https://legalhackers.com https://ExploitBox.io t: @dawid_golunski ...

ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability

--_002_1BF8853173D9704A93EF882F85952A89239875MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A89239875MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-036.txt" Content-Description: ESA-2017-036.txt Content-Disposition: attachment; filename="ESA-2017-036.txt"; size=3874; creation-date="Mon, 27 Mar 2017 12:34:58 GMT"; modification-date="Wed, 29 Mar 2017 19:52:15 GMT" Content-...

Zenario CMS v7.6 - (Delete) Persistent Cross Site Vulnerability

Document Title: =============== Zenario v7.6 - (Delete) Persistent Cross Site Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2042 Release Date: ============= 2017-03-20 Vulnerability Laboratory ID (VL-ID): ==================================== 2042 Common Vulnerability Scoring System: ==================================== 3.6 Vulnerability Class: ==================== Cross Site Scripting - Persistent...

Zenario v7.6 - Persistent Cross Site Scripting Vulnerability

Document Title: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Zenario v7.6 - Persistent Cross Site Scripting Vulnerability References (Source): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D https://www.vulnerability-lab.com/get_content.php?id=3D2044 https://github.com/TribalSystems/Zenario/commit/cd60f1c8a179ebb779fe0acc0= 51b93f477129b1a Release Date: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2017-03-16 Vulnerability Laboratory ID (VL-ID): =3D=3D=3D=3D=3D=...

Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability

Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2046 Release Date: ============= 2017-03-29 Vulnerability Laboratory ID (VL-ID): ==================================== 2046 Common Vulnerability Scoring System: ==================================== 2.2 Vulnerability Class: ==================== Cross Site Scripting - Persistent ...

Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability

Document Title: =============== Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2034 Release Date: ============= 2017-02-23 Vulnerability Laboratory ID (VL-ID): ==================================== 2034 Common Vulnerability Scoring System: ==================================== 7 Product & Service Introduction: =============================== This app ...

Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability

Document Title: =============== Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2061 IEDB: http://iedb.ir/exploits-7454.html Release Date: ============= 2017-05-02 Vulnerability Laboratory ID (VL-ID): ==================================== 2061 Common Vulnerability Scoring System: ==================================== 6.6 Vulnerability Class: ==============...

Hola VPN v1.34 - Privilege Escalation Vulnerability

Document Title: =============== Hola VPN v1.34 - Privilege Escalation Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2062 Release Date: ============= 2017-05-03 Vulnerability Laboratory ID (VL-ID): ==================================== 2062 Common Vulnerability Scoring System: ==================================== 3.2 Vulnerability Class: ==================== Privilege Escalation Product & Servi...

Mura CMS Cross-Site Scripting (XSS) Vulnerability

Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Blue River Interactive Group Product: ======================== Mura CMS Mura CMS is built with one focused purpose in mind - to make it easier and faster for people to build and maintain even the most ambitious websites. Vulnerability Type: ================================ XSS CVE Reference: ============== CVE-2017-8302 Vulnerability Details: ===================== Mura CMS 7.0....

[SECURITY] [DSA 3843-1] tomcat8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3843-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2017-5647 CVE-2017-5...

[SECURITY] [DSA 3842-1] tomcat7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3842-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond May 03, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2017-5647 CVE-2017-5...

MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi

--Hdl8RG0xpuQf5DlOCRMFRmHs5c7FaJ1xW Content-Type: multipart/mixed; boundary="ejOGdQswK957B1tEE1Rkh593iRmt7vNcv"; protected-headers="v1" From: =?UTF-8?Q?Anti_R=c3=a4is?= To: bugtraq@securityfocus.com Message-ID: <0e8397f0-9e6e-8676-e8a3-f73bddf7db24@gmail.com> Subject: MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi --ejOGdQswK957B1tEE1Rkh593iRmt7vNcv Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable MODX Revolution 2.0.1-pl - 2...

[security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzQxZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzc0MWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw Mzc0MSByZXYuMSAtIEhQRSBOZXR3b3JrIHByb2R1Y3RzIGluY2x1ZGluZyBDb213YXJl IDcsIElNQy...

IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom

Call for Papers International Conference on Internet of Things and Machine Learning (IML 2017) Venue: Liverpool John Moores University, United Kingdom Proceedings: ACM Digital Library/ ISBN: 978-1-4503-5243-7 Extended papers will be invited to our journals (Indexed by Thomson Reuters) https://bindscience.com/iml Sorry if you get multiple copies of this mail. The International Conference on Internet of Things and Machine Learning (IML 2017) will be held from October 17 - 18, ...

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options

------------------------------------------------------------------------ SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options ------------------------------------------------------------------------ Yorick Koster, February 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A vulnerability was found in the SyntaxHighlight MediaWiki extension. Using ...

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X

------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X ------------------------------------------------------------------------ Han Sahin, April 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities were found in the he...

[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzM4ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzczOGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzczOCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoaU1D KSBQTEFULC...

[SECURITY] [DSA 3838-1] ghostscript security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3838-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ghostscript CVE ID : CVE-2016-10219 CVE-2...

Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability

Document Title: =============== Apple iOS 10.3 - Control Panel Denial of Service Vulnerability References: =========== https://www.vulnerability-lab.com/get_content.php?id=2059 Video: https://www.youtube.com/watch?v=MSscCLATxPQ Release Date: ============= 2017-04-27 Vulnerability Laboratory ID (VL-ID): ==================================== 2059 Common Vulnerability Scoring System: ==================================== 3.3 Vulnerability Class: ==============...

Live Helper Chat - Cross-Site Scripting

############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/en/research/advisories/ ############################################################# # # CSNC ID: CSNC-2017-004 # Product: Live Helper Chat [1] # Vendor: Live Helper Chat # Subject: Cross-Site Scripting - XSS # Risk: High # Effect: Remotely exploitable # Author: Sylvain Heiniger (sylvain.heiniger@compass-security.com) # Date: April 24, 2017 # ###...

[SECURITY] [DSA 3836-1] weechat security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3836-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : weechat CVE ID : CVE-2017-8073 Debian Bu...

FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:04.ipfilter Security Advisory The FreeBSD Project Topic: ipfilter(4) fragment handling panic Category: contrib Module: ipfilter Announced: 2017-04-27 Credits: Cy Schubert Affects: All supported versions of Free...

CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Severity: Important Vendor: The Apache Software Foundation Versions affected: Hadoop 2.6.x and earlier Description: HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated. Mitigation: Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop 2.7.0 or later. Cred...

April 2017 - Confluence - Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE ID: * CVE-2017-7415. Product: Confluence. Affected Confluence product versions: 6.0.0 <= version < 6.0.7 Fixed Confluence product versions: * for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue. Summary: This advisory discloses a critical severity security vulnerability that was introduced in version 6.0.0 of Confluence. Versions of Confluence starting with version 6.0.0 but less than 6.0.7 ...

[SECURITY] [DSA 3834-1] mysql-5.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3834-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2017-3302 CVE-2017...

[slackware-security] mozilla-firefox (SSA:2017-114-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-114-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-52.1.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/secu...

[SECURITY] [DSA 3833-1] libav security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3833-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libav CVE ID : CVE-2016-9821 CVE-2016-982...

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials

--LxV1KcGR0xoK2UUqfWv8wFp3Koi3HLXBI Content-Type: multipart/mixed; boundary="B24CMMVPr4APTOp60u76gQVsGIfO8P6db"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials --B24CMMVPr4APTOp60u76gQVsGIfO8P6db Content-Type: text/plain; charset=utf-8 Content...

KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read

--mWr2PpNh0dHIQMt8j0hHaGT2869cqRNCw Content-Type: multipart/mixed; boundary="fX3ugKESEwG49jWfCM8Foi0PtJ3kHm17p"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read --fX3ugKESEwG49jWfCM8Foi0PtJ3kHm17p Content-Type: text/plain; charset=utf-8 Content-Language:...

KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection

--91uuQnVgaNHArbETh6PAFWc3Ai1cX4rLV Content-Type: multipart/mixed; boundary="uD5FaWKferWS1qMRepUhwlq806V0CgXLU"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <8705e2a5-c75a-783f-c6c4-f77d67a8935d@korelogic.com> Subject: KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection --uD5FaWKferWS1qMRepUhwlq806V0CgXLU Content-Type: text/plain; charset=utf-8 Conten...

KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse

--3XoB4TFfXSDCCgNtM7Hg08lpdguNdnrWg Content-Type: multipart/mixed; boundary="XWJ2lNbsuJdfuksJso2PxbbiCFPL3E6v2"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <1fe004d9-dd5d-6e93-25b6-24e8266ce1df@korelogic.com> Subject: KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse --XWJ2lNbsuJdfuksJso2PxbbiCFPL3E6v2 Content-Type: text/plain; charset=utf-8 Content-L...

KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path

--Ro9MbU6J909mDDQgGq9LNEJx6S5o2RAJC Content-Type: multipart/mixed; boundary="ogfoCkVh9pMbF9lVldfgKF7ECeD9wL6g2"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <38893e5c-46a4-ff53-6cad-04a5a3584eb8@korelogic.com> Subject: KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path --ogfoCkVh9pMbF9lVldfgKF7ECeD9wL6g2 Content-Type: text/plain; charset=utf-8 Conten...

CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method

CVE Identifier: CVE-2017-7221 Vendor: OpenText Affected products: OpenText Documentum Content Server (all versions) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available PoC: https://gist.github.com/andreybpanfilov/0a4fdfad561e59317a720e702b0fec44 Description: Initially this vulnerability was discovered in 2013 and was tracked by CERT/CC as VRF#HUFPRMOP (https://www.kb.cert.org/vuls/id/315340), vendor had und...

[slackware-security] ntp (SSA:2017-112-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ntp (SSA:2017-112-02) New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ntp-4.2.8p10-i586-1_slack14.2.txz: Upgraded. In addition to bug fixes and enhancements, this release fixes security issues of medium and low severity: Denial of S...

[slackware-security] mozilla-firefox (SSA:2017-112-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-112-01) New mozilla-firefox packages are available for Slackware 14.1 to fix security and stability issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.9.0esr-i486-1_slack14.1.txz: Upgraded. This release contains security fixes and improvements. Also, switching back to the 45.x ESR branch due to instabil...

[slackware-security] proftpd (SSA:2017-112-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2017-112-03) New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz: Upgraded. This release fixes a security issue: AllowChrootSymlinks off does not check entire DefaultRoot path for symlin...

Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges

------------------------------------------------------------------------ Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges ------------------------------------------------------------------------ Remco Vermeulen, April 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that the Western Digital My Cloud is affe...

CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake

Product: Starscream websocket library Severity: LOW CVE Reference: CVE-2017-5887 Type: SSL Pinning bypass Abstract -------- WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). Description ----------- The open-source Starscream library provides a SWIFT implementation of the websocket framework. It allows iOS applications to send and r...

CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass

Product: Starscream websocket library Severity: LOW CVE Reference: CVE-2017-7192 Type: SSL Pinning bypass / Information disclosure Abstract -------- WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). Description ----------- The open-source Starscream library provides a SWIFT implementation of the websocket framework. It allows iOS applications...

[SECURITY] [DSA 3831-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3831-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5429 CVE-20...

[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th

FINAL CALL! CFP for the 3nd annual Hack In The Box GSEC conference in Singapore closes on the 30th of April! Call for Papers: http://gsec=2Ehitb=2Eorg/cfp/ Event Website: http://gsec=2Ehitb=2Eorg/sg2017/ HITB GSEC is a 2-day deep knowledge security conference where attendees get to vote on the final agenda of talks and and to meet with the speakers they voted for=2E We are looking for 60-minute, offensive and defensive focused deep-knowledge presentations=2E Were looking for nov...

October CMS v1.0.412 several vulnerabilities

--5cMgxsHvk79bpB3LRshtux6K3GEAWgojK Content-Type: multipart/mixed; boundary="xNHL7NtPOniChCw1EgdNDELwITj6lNDu4"; protected-headers="v1" From: =?UTF-8?Q?Anti_R=c3=a4is?= To: bugtraq@securityfocus.com Message-ID: Subject: October CMS v1.0.412 several vulnerabilities --xNHL7NtPOniChCw1EgdNDELwITj6lNDu4 Content-Type: multipart/mixed; boundary="------------0C8888671E336A109CEFB139" This is a multi-part message in MI...

DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability

DefenseCode ThunderScan SAST Advisory Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability Advisory ID: DC-2017-01-027 Software: Ultimate Form Builder WordPress plugin Software Language: PHP Version: Various Vendor Status: Vendor contacted Release Date: 20170419 Risk: Medium # Advisory Overview During the security audit, security vulnerability was discovered in Ultimate Form Builder WordPress plugin using DefenseCode Thu...

CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.

--B_3575488734_2111228562 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit CVE Identifier: CVE-2017-7220 Vendor: OpenText Affected products: OpenText Documentum Content Server (all versions) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available PoC: https://gist.github.com/andreybpanfilov/d8792484e13971982c0719ae59ab8c7c https://gist.github.com/andreybpanfilov/e0e60ae9d525a34cc...

CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution

Advisory ID: SGMA17-001 Title: Squirrelmail Remote Code Execution Product: Squirrelmail Version: 1.4.22 and probably prior Vendor: squirrelmail.org Type: Command Injection Risk level: 4 / 5 Credit: filippo.cavallarin@wearesegment.com CVE: CVE-2017-7692 Vendor notification: 2017-04-04 Vendor fix: N/A Public disclosure: 2017-04-19 DE...

[slackware-security] minicom (SSA:2017-108-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] minicom (SSA:2017-108-01) New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/minicom-2.7.1-i586-1_slack14.2.txz: Upgraded. Fix an out of bounds data access that can lead to remote code execution. This issue was found by Solar Designe...

CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt [+] ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ================== Mantis Bug Tracker v1.3.0 / 2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. Vulnerabili...

[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability

CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is run...

[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396

There is a vulnerability in ATS with the HPACK Bomb Attack that can lead = to a DoS. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS = 6.2.1 or 7.0.0. Downloads: https://trafficserver.apache.org/downloads Jira Ticket: ttps://issues.apache.org/jira/browse/TS-5019 CVE https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=3D2016-5396 -Bryan ...

Watchguard Fireware XXE DoS & User Enumeration

Watchguard=E2=80=99s Firebox and XTM are a series of enterprise grade netwo= rk security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the Web UI used to manage Fireware, the operating system running on Watchguard Firebox and XTM appliances. To exploit any of the flaws discovered, no authentication on the Web UI is needed...

concrete5 v8.1.0 Host Header Injection

[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt [+] ISR: ApparitionSec Vendor: ================== www.concrete5.org Product: ================ concrete5 v8.1.0 concrete5 is an open-source content management system (CMS) for publishing content on the World Wide Web and intranets. Vulnerability Type: ====================== Host ...

[slackware-security] bind (SSA:2017-103-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-103-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.4_P8-i586-1_slack14.2.txz: Upgraded. Fixed denial of service security issues. For more information, see: https://kb.isc.org/article/AA-01465 ht...

[security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzI4ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcyOGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcyOCByZXYuMSAtIEhQRSBPcGVyYXRpb25zIEFnZW50IHVzaW5nIE9wZW5TU0wsIFJl bW90ZSBEZW...

[SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference (XXE)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-009 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Improper Restriction of XML External Entity Reference (XXE) (CWE-611) Risk Level: High Solution Status: Open Manufacturer Notification: 2017-02-06 Solution Date: 2017-04-06 Public Disclosure: 2017-04-12 CVE Reference: Not yet assigned Author of Advisory: Sascha Gr...

[SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-008 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Cross-Site Request Forgery (CWE-352) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-02-06 Solution Date: 2017-04-06 Public Disclosure: 2017-04-12 CVE Reference: Not yet assigned Author of Advisory: Sascha Grimmeisen & Dr. Erlijn van Genuc...

[SYSS-2017-007] agorum core Pro - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-007 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-02-06 Solution Date: 2017-04-06 Public Disclosure: 2017-04-12 CVE Reference: Not yet assigned Author of Advisory: Dr. Erlijn van Genuchten & Sascha Grimmeisen, Sy...

[SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference (CWE-932) Risk Level: High Solution Status: Open Manufacturer Notification: 2017-02-06 Solution Date: 2017-04-06 Public Disclosure: 2017-04-12 CVE Reference: Not yet assigned Author of Advisory: Dr. Erlijn van Genuchten & Sascha Gri...

[SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-005 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Version(s): 7.8.1.4-251 Tested Version(s): 7.8.1.4-251 Vulnerability Type: Persistent Cross-Site Scripting (CWE-79) Risk Level: High Solution Status: Open Manufacturer Notification: 2017-02-06 Solution Date: 2017-04-06 Public Disclosure: 2017-04-12 CVE Reference: Not yet assigned Author of Advisory: Dr. Erlijn van Genuchten & Sascha Grim...

April 2017 - HipChat Server Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE ID: * CVE-2017-7357. Product: Hipchat Server. Affected Hipchat Server product versions: All versions < 2.2.3 Fixed Hipchat Server product versions: 2.2.3 Summary: This advisory discloses a critical severity security vulnerability that was introduced in version 1.0 of Hipchat Server. Versions of Hipchat Server starting with versions of Hipchat Server from 1.0 but less than 2.2.3 (the fixed version), are affected ...

DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)

DefenseCode Security Advisory Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF) Advisory ID: DC-2017-04-003 Software: Magento CE Software Language: PHP Version: 2.1.6 and below Vendor Status: Vendor contacted / Not fixed Release Date: 20170413 Risk: High # Advisory Overview During the security audit of Magento Community Edition, a highly popular e-commerce platform, a high risk vulnerability was discovered tha...

CVE-2017-7456 Moxa MXview v2.8 Denial Of Service

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =========== MXView v2.8 Download: http://www.moxa.com/product/MXstudio.htm MXview Industrial Network Management Software. Auto discovery of network devices and physical connections Event playback for quick troubleshoot...

CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt [+] ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXview V2.8 Download: http://www.moxa.com/product/MXstudio.htm MXview Industrial Network Management Software. Auto discovery of network devices and physical connections Event playback for quick ...

CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt [+] ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxas MX-AOPC UA Suite is the first OPC UA server for industrial automation supporting both push and pull communication. Vulnerability Type: ===================...

FreeBSD Security Advisory FreeBSD-SA-17:03.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:03.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2017-04-12 Credits: Network Time Foundation Affects: All supported versions of F...

[SECURITY] [DSA 3829-1] bouncycastle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3829-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bouncycastle CVE ID : CVE-2015-6644 Qu...

Microsoft Office OneNote 2007 DLL side loading vulnerability

------------------------------------------------------------------------ Microsoft Office OneNote 2007 DLL side loading vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2015 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A DLL side loading vulnerability was found in Microsoft Office OneNote 2007. This issue can be exp...

Multiple local privilege escalation vulnerabilities in Proxifier for Mac

------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in Proxifier for Mac ------------------------------------------------------------------------ Yorick Koster, April 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Multiple local privileges escalation vulnerabilities were found in the KLoader binary that...

[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure

CVE-2017-5648 Apache Tomcat Information Disclosure Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17 Apache Tomcat 8.5.0 to 8.5.11 Apache Tomcat 8.0.0.RC1 to 8.0.41 Apache Tomcat 7.0.0 to 7.0.75 Apache Tomcat 6.0.x is not affected Description While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a Sec...

[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure

CVE-2017-5651 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M18 Apache Tomcat 8.5.0 to 8.5.12 Apache Tomcat 8.0.x and earlier are not affected Description: The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cac...

DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities

DefenseCode ThunderScan SAST Advisory WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities Advisory ID: DC-2017-01-014 Software: WordPress Tribulant Slideshow Gallery plugin Software Language: PHP Version: 1.6.4 and below Vendor Status: Vendor contacted, fix released Release Date: 20170410 Risk: Medium Full advisory available on the following URL: http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gall...

Foscam All networked devices, multiple Design Errors. SSL bypass.

Two issues in one that nullify SSL in foscam devices: All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device. One devices SSL keys are valid for any other device. See the below certificates CNs: *.myfoscam.org Below are the ssl certificates of two foscam devices. openssl s_client -connect [REDACTED]myfoscam.org:443 CONNECTED...

[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite

[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in = Apache Ignite Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8 Description: Apache Ignite uses an update notifier component to update the users = about new project releases that include additional functionality, bug = fixes and performance improvements. To do that the component = communicates to an external PHP server (http://ignite.run) where it...

ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode

[Original post can be found here: https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-chrom= ebooks-persist-certain-network-settings-in-guest-mode/] SUMMARY Certain network settings in ChromeOS / ChromeBooks persists between reboots when set in guest mode. These issues have been reported to the vendor but will not be fixed since the vendor considers them to be WAI (Working As Intended). These attacks require physical access to the device in order to execute them but...

D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download

# Title: D-Link DWR-116 Arbitrary File Download # Vendor: D-Link (www.dlink.com) # Affected model(s): DWR-116 / DWR-116A1 # Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU) # CVE: CVE-2017-6190 # Date: 04.07.2016 # Author: Patryk Bogdan (@patryk_bogdan) Description: D-Link DWR-116 with firmware before V1.05b09 suffers from vulnerability which leads to unathorized file download from device filesystem. PoC: HTTP Request: GET /uir/../../../../../../../../../../../../../../../../etc...

[slackware-security] libtiff (SSA:2017-098-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libtiff (SSA:2017-098-01) New libtiff packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libtiff-4.0.7-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-...

[SECURITY] [DSA 3827-1] jasper security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3827-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jasper CVE ID : CVE-2016-9591 CVE-2016-10...

[security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzMzZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzczM2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzczMyByZXYuMSAtIEhQRSBVbml2ZXJzYWwgQ01EQiB1c2luZyBBcGFjaGUgU3RydXRz LCBSZW1vdG...

SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum

--------------ms020901030400090708080208 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170407-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Server Side Request Forgery (SSRF) Vulnerability pr...

Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)

Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387) -- http://www.info-sec.ca/advisories/Apple-Music.html Overview "Listen to all the music you want, anytime." (https://play.google.com/store/apps/details?id=com.apple.android.music) Issue The Apple Music Android application (version 1.2.1 and below), does not validate the SSL certificates it receives when connecting to the mobile application login and payment servers. Impact An attacker w...

Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)

Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319) -- http://www.info-sec.ca/advisories/Trend-Micro-Enterprise-Mobile-Security.ht= ml Overview "Trend Micro Mobile Security is the client app for Trend Micro=E2=80=99s enterprise mobility platform. Trend Micro Mobile Security for enterprises lets IT administrators enroll, manage and secure employee mobile devices. With built in Mobile device management, app management, app r...

Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload

[+] Credits: John Page AKA HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt [+] ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides network inventory and monitoring of all the devices on the network by discovering IP-addressable devices. It can be configured to provide custom alerts an...

[security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzI3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcyN2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcyNyByZXYuMSAtIEhQRSBCdXNpbmVzcyBQcm9jZXNzIE1vbml0b3IsIFJlbW90ZSBV bmF1dGhvcm...

DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal

DefenseCode ThunderScan SAST Advisory Apache Tomcat Directory/Path Traversal Advisory ID: DC-2017-03-001 Software: Apache Tomcat Software Language: Java Version: 7.0.76 (probably 9, 8 and 6 branches also) Vendor Status: Vendor contacted Release Date: 2017-04-04 Risk: Medium Full Advisory URL: http://www.defensecode.com/advisories/DC-2017-03-001_DefenseCode_ThunderScan_SAST_Apach...

[SECURITY] [DSA 3826-1] tryton-server security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3826-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tryton-server CVE ID : CVE-2017-0360 I...

AST-2017-001: Buffer overflow in CDRs set user

Asterisk Project Security Advisory - AST-2017-001 Product Asterisk Summary Buffer overflow in CDRs set user Nature of Advisory Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No ...

The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt info@os-s.net OS-S Security Advisory 2017-02 Date: April 4th, 2017 Authors: Simon Heming, Maik Br=C3=BCggemann, Hendrik Schwartke, Ralf Spen= neberg CVE: not yet assigned CVSS: 10 Affected Device: Schneider SoMachine Basic 1.4 SP1, Schneider Modicon TM221CE16R, Firmware 1.3.3.3 Title: The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed. Severity: Crit...

OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10.

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt info@os-s.net OS-S Security Advisory 2017-01 Date: April 4th, 2017 Authors: Simon Heming, Maik Br=C3=BCggemann, Hendrik Schwartke, Ralf Spen= neberg CVE: not yet assigned CVSS: 10 Affected Device: Schneider Modicon TM221CE16R, Firmware 1.3.3.3 Title: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitraril...

Moodle URL Manipulation Remote Account Information Disclosure

https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-infor= mation-disclosure.html Date: 04-Apr-2017 Product: Moodle Versions affected: 2.4.10, 2.5.6, 2.6.3, 2.7 and earlier. Vulnerability: Information disclosure. Example: /user/edit.php?id=3D reveals account owner name 1. Log in to http://demo.moodle.net/ as user student:sandbox. 2. Click view profile when logged in (student is id=3D4). 3. Change id parameter from 4 to 3, which is the teacher (http://...

iPlatinum iOneView Multiple Parameter Reflected XSS

https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html Date: 04-Apr-2017 Product: iPlatinum iOneView Versions affected: Unknown. Vulnerabilities: 1) Cross-site scripting: http://[target]/ioneview/admin/main.pl?cmd= http://[target]/ioneview/admin/main.pl?_username="> http://[target]/ioneview/admin/main.pl?_password="> http://...

Kaseya information disclosure vulnerability

https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html Date: 04-Apr-2017 Product: Kaseya VSA Versions affected: 9.02.00.04 Vulnerability: Installations of Kaseya contain the following installation page: https://[target]/install/kaseya.html When the product is installed, it cannot be installed again. However, if you go to that page when it is installed, it reveals sensitive information to the internet at large, including operating system, internal...

AcoraCMS browser redirect and Cross-site scripting vulnerabilities

https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-scripting-vulnerabilities.html Date: 04-Apr-2017 Product: AcoraCMS Versions affected: 7.0.0.6 (known bugs from 6.0.6 are still present http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt). Vulnerabilities: 1) Arbitrary browser redirect: POST /forums/login.asp HTTP/1.1 Host: [target] Content-Type: application/x-www-form-urlencoded Content-Length: 70 cmRedirect=//osisecurity.com.au&strForumsL...

SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package

https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html Date: 04-Apr-2017 Product: SmartJobBoard Versions affected: v5.0.9 and below. Vulnerability: 1) Cross-site scripting vulnerabilities in the following locations and parameters: /add-listing/ [proceed_to_posting parameter] /add-listing/ [productSID parameter] /add-listing/Resume/General/ [productSID parameter] /add-listing/Resume/General/132 [Skill...

SilverStripe CMS - Path Disclosure

https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html Date: 04-Apr-2017 Product: SilverStripe CMS Versions affected: 3.1.9 and below. Vulnerability: Path disclosure. Example URL: http://[target]/dev/build/ Path reported: /home/[target]/public_html/framework/dev/DebugView.php https://www.silverstripe.org/download/security-releases/ss-2015-001/ Credit: Discovered by Patrick Webster Disclosure timeline: 07-Nov-2015 - Discovered during audit and repo...

Tweek!DM Document Management Authentication bypass, SQL injection

https://www.osisecurity.com.au/tweekdm-document-management-authentication-bypass-sql-injection-vulnerabilities.html Date: 04-Apr-2017 Product: Tweek!DM Document Management Versions affected: Unknown Vulnerabilities: 1) Authentication bypass - the software sends a 301 Location redirect back to the login page, if an unauthenticated user requests an authenticated administration page. However on the PHP side the script does not exit(0); therefore you can use the system as an admin...

Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities

https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html Date: 04-Apr-2017 Product: Computer Associates (Layer7) API Gateway Versions affected: v7, v8, v9 Vulnerabilities: 1) CRLF Response Splitting https://[target]:8443/test%0d%0a

string?wsdl Parameters uri=/test

string did not resolve to any service. https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recomm...

CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service

############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/en/research/advisories/ # ############################################################# # # Product: Mongoose OS # Vendor: Cesanta # CVE ID: CVE-2017-7185 # CSNC ID: CSNC-2017-003 # Subject: Use-after-free / Denial of Service # Risk: Medium # Effect: Remotely exploitable # Authors: # Philipp Promeuschel # Carel v...

Lantern CMS Path Disclosure, SQL Injection, Reflected XSS

https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection-reflected-xss.html Date: 04-Apr-2017 Product: LanternCMS Versions affected: Unknown Vulnerabilities: 1) Path disclosure By requesting a site with an invalid intSiteI or numRedirectCount: http://[target]/www/default.asp?intLocationID=1&error=404&intSiteID=1&c=1 Type mismatch: intSiteID E:INETPUBserverclient../../lantern/site/lib/asp/system.asp, line 103 2) SQL injection http://[target]/www/html/XX...

Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure

https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html Date: 04-Apr-2017 Product: Trimble / Manhattan Software IWMS (integrated workplace management system) Versions affected: 9.x Vulnerability: XML External Entity injection (XXE) Example: There is an XXE in services such as: https://[target]/services/WSFUNCTION https://[target]/services/WSGRID https://[target]/services/WSLOOK...

AirWatch Self Service Portal Username Parameter LDAP Injection

https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html Date: 04-Apr-2017 Product: AirWatch Self Service MDM Versions affected: v6.1.x v6.4.x Vulnerability: LDAP injection Example: https://[target]/DeviceManagement/ URL accepts the following POST parameters: AuthenticationMode ActivationCode Username Password Login The Username parameter appears to be vulnerable to an LDAP injection attack. A query of: *)(sn=* Take...

Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection

https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_loginowneridjsp-ownerid-sql-injection.html Date: 04-Apr-2017 Product: Avaya Radvision SCOPIA Desktop Versions affected: v7.7.000.042 released in 2011 (confirmed) v8.2.101.046 relased in 2013 (confirmed) Vulnerability: Blind SQL injection. Vulnerability details: The vulnerability exists within a HTTP POST request to gain access to stored recordings. Example: POST /scopia/recording/dlg_loginownerid.jsp HT...

Lotus Protector for Mail Security remote code execution

https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html Date: 09-Nov-2012 Product: Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) Vulnerability: Local File Inclusion to Remote Code Execution Details: There is local file inclusion vulnerability in the Lotus Mail Encryption Server (Protector for Mail Encryption) administration setup interface. The index.php file uses an unsafe include() where an unauthenticated remote user may read ...

Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness

https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-a= nd-bruteforce-weakness.html Date: 04-Apr-2017 Software: Kaseya Affected version: Kaseya VSA v6.5.0.0. Vulnerability details: 1. The "forgot password" function at https://[target]/access/logon.asp reveals whether a username is valid/exists or not, which assists with brute force attacks. An incorrect username responds with =E2=80=9CNo record= of this user exists=E2=80=9D, where a valid username ret...

[security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzIxZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcyMWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcyMSByZXYuMSAtIEhQRSBPcGVyYXRpb25zIEJyaWRnZSBBbmFseXRpY3MsIFJlbW90 ZSBDcm9zcy...

SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function

--jMvxvL8tCUmPWV7pjrGklRpedtTjbh55X Content-Type: multipart/mixed; boundary="esexFRwcupb1AL0RWQjXV1sFoLhdjWW9a" From: SEC Consult Vulnerability Lab To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: <58E20A81.7020708@sec-consult.com> Subject: SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function --esexFRwcupb1AL0RWQjXV1sFoLhdjWW9a Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consul...

Splunk Enterprise Information Theft CVE-2017-5607

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt [+] ISR: ApparitionSec Vendor: =============== www.splunk.com Product: ================== Splunk Enterprise Splunk provides the leading platform for Operational Intelligence. Customers use Splunk to search, monitor, analyze and visualize machine data. Splunk Enterprise, collects and ana...

[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzIyZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcyMmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcyMiByZXYuMSAtIEhQRSBPcGVyYXRpb25zIEFnZW50LCBMb2NhbCBFc2NhbGF0aW9u IG9mIFByaX...

[security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzIzZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcyM2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcyMyByZXYuMSAtIEhQRSBBcnViYSBDbGVhclBhc3MgUG9saWN5IE1hbmFnZXIsIHVz aW5nIEFwYW...

[security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2J1eDAzNzI1ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNidXgwMzcyNWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCVVgw MzcyNSByZXYuMSAtIEhQRSBIUC1VWCBXZWIgU2VydmVyIFN1aXRlIHJ1bm5pbmcgQXBh Y2hlLCBNdW...

=?iso-8859-1?Q?ESA-2017-013:_RSA_Archer=AE_GRC_Security_Operations_Manage?= =?iso-8859-1?Q?ment_Sensitive_Information_Disclosure_Vulnerability?=

--_002_1BF8853173D9704A93EF882F85952A8922847DMX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8922847DMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-013.txt" Content-Description: ESA-2017-013.txt Content-Disposition: attachment; filename="ESA-2017-013.txt"; size=3772; creation-date="Tue, 28 Feb 2017 17:44:50 GMT"; modification-date="Wed, 29 Mar 2017 18:46:04 GMT" Conten...

ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

--_002_1BF8853173D9704A93EF882F85952A8922846CMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8922846CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-028.txt" Content-Description: ESA-2017-028.txt Content-Disposition: attachment; filename="ESA-2017-028.txt"; size=3392; creation-date="Wed, 15 Mar 2017 12:04:01 GMT"; modification-date="Wed, 29 Mar 2017 18:42:45 GMT" Content-...

[SECURITY] [DSA 3824-1] firebird2.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3824-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firebird2.5 CVE ID : CVE-2017-6369 Debia...

[SECURITY] [DSA 3798-2] tnef regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3798-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 29, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tnef Debian Bug : 857342 DSA-3798-1 for tn...

[slackware-security] mariadb (SSA:2017-087-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2017-087-01) New mariadb packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0.30-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Crash in libmysqlclient.so. Difficult to exploit vulnerability allows low privileged attacker with l...

APPLE-SA-2017-03-28-1 iCloud for Windows 6.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-1 iCloud for Windows 6.2 iCloud for Windows 6.2 is now available and addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a users activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical Universit...

[SECURITY] [DSA 3823-1] eject security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3823-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 28, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : eject CVE ID : CVE-2017-6964 Debian Bug ...

APPLE-SA-2017-03-27-7 macOS Server 5.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-7 macOS Server 5.3 macOS Server 5.3 is now available and addresses the following: Profile Manager Available for: macOS 10.12.4 and later Impact: A remote user may be able to cause a denial-of-service Description: A crafted request may cause a global cache to grow indefinitely, leading to a denial-of-service. This was addressed by not caching unknown MIME types. CVE-2016-0751 Web Server Available for: macOS ...

[SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3821-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-ugly1.0 CVE ID : CVE-2017-584...

APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS are now available and address the following: Export Available for: macOS 10.12 Sierra or later, iOS 10 or later Impact: The contents of password-protected PDFs exported from iWork may be exposed Description: iWork used weak 40-bit RC4 encryption for password- protected PDF exports. This issue was addressed by changin...

[SECURITY] [DSA 3817-1] jbig2dec security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3817-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 24, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jbig2dec CVE ID : CVE-2016-9601 Multip...

[SECURITY] [DSA 3816-1] samba security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3816-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : samba CVE ID : CVE-2017-2619 Jann Horn...

APPLE-SA-2017-03-22-1 iTunes for Windows 12.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. CVE-2013-7443 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 CVE-2015-3717 CVE-2015-6607 CVE-2016-6153 iTunes Available for: ...

Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco IOx Data in Motion Stack Overflow Vul= nerability=0D=0A=0D=0AAdvisory ID: cisco-sa-20170322-iox=0D=0A=0D=0A= Revision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 22 16:00 = GMT=0D=0A=0D=0ALast Updated: 2017 March 22 16:00 GMT=0D=0A=0D=0AC= VE ID(s): CVE-2017-3853=0D=0A=0D=0ACVSS Score v(3): 9.8 CVSS:3.0/= AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H=0D=0A=0D=0A+-----------------= ---------------------...

Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Ser= ies Routers Zero Touch Provisioning Denial of Service Vulnerabili= ty=0D=0A=0D=0AAdvisory ID: cisco-sa-20170322-ztp=0D=0A=0D=0ARevis= ion: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 22 16:00 GMT=0D=0A= =0D=0ALast Updated: 2017 March 22 16:00 GMT=0D=0A=0D=0ACVE ID(s):= CVE-2017-3859=0D=0A=0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L= /PR:N/UI:N/S:C/C:N/I...

Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunne= ling Protocol Denial of Service Vulnerability=0D=0A=0D=0AAdvisory= ID: cisco-sa-20170322-l2tp=0D=0A=0D=0ARevision: 1.0=0D=0A=0D=0AF= or Public Release: 2017 March 22 16:00 GMT=0D=0A=0D=0ALast Update= d: 2017 March 22 16:00 GMT=0D=0A=0D=0ACVE ID(s): CVE-2017-3857=0D=0A= =0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I= :N/A:H=0D=0A=0D=0A+--...

Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco IOS and IOS XE Software DHCP Client D= enial of Service Vulnerability=0D=0A=0D=0AAdvisory ID: cisco-sa-2= 0170322-dhcpc=0D=0A=0D=0ARevision: 1.0=0D=0A=0D=0AFor Public Rele= ase: 2017 March 22 16:00 GMT=0D=0A=0D=0ALast Updated: 2017 March = 22 16:00 GMT=0D=0A=0D=0ACVE ID(s): CVE-2017-3864=0D=0A=0D=0ACVSS = Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H=0D=0A= =0D=0A+----------------...

SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices

--------------ms020108040509000707010104 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170322-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Multiple vulnerabilities product: Solare Datensyste...

Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"

Hi @ll, Windows 8 and newer versions (Windows 7 and Windows Server 2008 R2 with KB2532445 or KB3125574 installed too) dont allow unprivileged callers to circumvent AppLocker and SAFER rules via LoadLibraryEx(TEXT(""), NULL, LOAD_IGNORE_CODE_AUTHZ_LEVEL); See and | LOAD_IGNORE_CODE_AUTHZ_LEVEL 0x00000010 | | If this value is used, the system does not check App...

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: http://SAP.com Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM Advisory ID: [ERPSCAN-16-041] Risk: medium Advisory URL: https://erpscan.com...

ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability

--_002_1BF8853173D9704A93EF882F85952A892228A6MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A892228A6MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-010.txt" Content-Description: ESA-2017-010.txt Content-Disposition: attachment; filename="ESA-2017-010.txt"; size=3815; creation-date="Mon, 30 Jan 2017 16:03:47 GMT"; modification-date="Fri, 10 Feb 2017 18:24:18 GMT" Content-...

[SECURITY] [DSA 3796-2] sitesummary regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3796-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 20, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : sitesummary Debian Bug : 852623 DSA-3796-1...

[security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MTIxODQyDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUxMjE4NDINClZlcnNpb246IDINCg0KSFBTQlVYMDM1OTYgcmV2LjIgLSBIUEUg SFAtVVggcnVubmluZyBDSUZTIFNlcnZlciAoU2FtYmEpLCBSZW1vdGUgQWNjZXNzDQpS ZXN0cmljdG...

CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ================== www.extraputty.com Product: ====================== ExtraPuTTY - v029_RC2 hash: d7212fb5bc4144ef895618187f532773 Also Vulnerable: v0.30 r15 hash: eac63550f837a98d5d52d0a19d938b91 ExtraPuTTY is a fork from 0.67 version of PuTTY. ExtraPuTTY...

[SECURITY] [DSA 3813-1] r-base security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3813-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : r-base CVE ID : CVE-2016-8714 Cory Dup...

[SECURITY] [DSA 3812-1] ioquake3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3812-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ioquake3 CVE ID : CVE-2017-6903 It was...

[SECURITY] [DSA 3811-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3811-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 18, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2017-5596 CVE-2017...

Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco IOS and IOS XE Software Cluster Manag= ement Protocol Remote Code Execution Vulnerability=0D=0A=0D=0AAdv= isory ID: cisco-sa-20170317-cmp=0D=0A=0D=0ARevision: 1.0=0D=0A=0D=0A= For Public Release: 2017 March 17 16:00 GMT=0D=0A=0D=0ALast Updat= ed: 2017 March 17 16:00 GMT=0D=0A=0D=0ACVE ID(s): CVE-2017-3881=0D=0A= =0D=0ACVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I= :H/A:H=0D=0A=0D=0...

MS Internet Information Services XSS / HTML Injection vulnerability

Cross Site Scripting / HTML injection vulnerability in Microsoft Internet Information Services web server =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Versions Affected: MS Internet Information services (All platforms and versions) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D CVE Reference: CVE-2017-0055 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D...

CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure

+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL -REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor: ===================== mobaxterm.mobatek.net Product: =============================== MobaXterm Personal Edition v9.4 Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more. Vulnerability Type: =================================...

SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products

--------------ms060207010407040702060502 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170316-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Authenticated Command Injection product: Multiple U...

CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability

Vulnerability Title: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability Affected Product: USB Pratirodh Product Homepage: https://cdac.in/index.aspx?id=cs_eps_usb_pra CVE-ID : CVE-2017-6911 Severity: Medium Description: USB Pratirodh is prone to sensitive information disclosure. Its Store sensitive information such as username and password hash in usb.xml file. An attacker with physical access to the system can modify the file according his own requirements th...

[slackware-security] pidgin (SSA:2017-074-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] pidgin (SSA:2017-074-01) New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/pidgin-2.12.0-i586-1_slack14.2.txz: Upgraded. This update fixes a minor security issue (out of bounds memory read in purple_markup_unescape_entity). For mo...

Path Traversal Remote File Disclosure

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor: ===================== mobaxterm.mobatek.net Product: =============================== MobaXterm Personal Edition v9.4 Enhanced terminal for Windows with X11 server, tabbed SSH client, network tools and much more. Vulnerability Type: =======...

CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ================= Windows DVD Maker v6.1.7 Windows DVD Maker is a feature you can use to make DVDs that you can watch on a computer or on a TV using a regular DVD player. Vulnerability Type: ======...

Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco Workload Automation and Tidal Enterpr= ise Scheduler Client Manager Server Arbitrary File Read Vulnerabi= lity=0D=0A=0D=0AAdvisory ID: cisco-sa-20170315-tes=0D=0A=0D=0ARev= ision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 15 16:00 GMT= =0D=0A=0D=0ALast Updated: 2017 March 15 16:00 GMT=0D=0A=0D=0ACVE = ID(s): CVE-2017-3846=0D=0A=0D=0ACVSS Score v(3): 8.6 CVSS:3.0/AV:= N/AC:L/PR:N/UI:N/S:C/C:H...

Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco Mobility Express 1800 Access Point Se= ries Authentication Bypass Vulnerability=0D=0A=0D=0AAdvisory ID: = cisco-sa-20170315-ap1800=0D=0A=0D=0ARevision: 1.0=0D=0A=0D=0AFor = Public Release: 2017 March 15 16:00 GMT=0D=0A=0D=0ALast Updated: = 2017 March 15 16:00 GMT=0D=0A=0D=0ACVE ID(s): CVE-2017-3831=0D=0A= =0D=0ACVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I= :H/A:H=0D=0A=0D=0A+-----...

Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ACis= co Security Advisory: Cisco StarOS SSH Privilege Escalation Vulne= rability=0D=0A=0D=0AAdvisory ID: cisco-sa-20170315-asr=0D=0A=0D=0A= Revision: 1.0=0D=0A=0D=0AFor Public Release: 2017 March 15 16:00 = GMT=0D=0A=0D=0ALast Updated: 2017 March 15 16:00 GMT=0D=0A=0D=0AC= VE ID(s): CVE-2017-3819=0D=0A=0D=0ACVSS Score v(3): 8.8 CVSS:3.0/= AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H=0D=0A=0D=0A+-----------------= -----------------------...

Microsoft Edge Fetch API allows setting of arbitrary request headers

------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP requ...

Joomla com_virtuemart Component - id Parameter Sql Injection Vulnerability

Joomla com_virtuemart component version 1.6 suffers from a remote SQL injection vulnerability. tested on 1.6 tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@...

Joomla com_kunena Component - id Parameter Sql Injection Vulnerability

Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability. tested on 1.2 tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

Joomla com_sngevents Component - id Parameter Sql Injection Vulnerability

Joomla com_sngevents component version 1.5 suffers from a remote SQL injection vulnerability. tested on 1.5 tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

Joomla com_fidecalendar Component - aid Parameter Sql Injection Vulnerability

Joomla com_fidecalendar component version 1.5 suffers from a remote SQL injection vulnerability. tested on 1.5 tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ ...

Joomla com_registrationpro Component - did Parameter Sql Injection Vulnerability

Joomla com_registrationpro component version 1.x suffers from a remote SQL injection vulnerability. tested on 1.2 and all version tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ ...

Joomla com_easyblog Component - id Parameter Sql Injection Vulnerability

Joomla com_easyblog component version 1.4 suffers from a remote SQL injection vulnerability. tested on 1.* and all version tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ ...

Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the following advisory pages: * Bamboo - https://confluence.atlassian.com/x/_slDN * Crowd - https://confluence.atlassian.com/x/PMpDN * HipChat Server - https://confluence.atlassian.com/x/lj1LN CVE ID: * CVE-2017-5638. Product: Bamboo. Affected Bamboo product versions: 5.1.0 <= version < 5.14.5 5.15.0 <= version < 5.15.3 Fixed Bamboo product versions: * for 5.14.x, Bamboo 5.14.5 has been rele...

[SECURITY] [DSA 3808-1] imagemagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3808-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : imagemagick CVE ID : CVE-2017-6498 CVE-20...

Joomla com_carocci Component - isbn Parameter Sql Injection Vulnerability

Joomla com_carocci component version 1.4 suffers from a remote SQL injection vulnerability. tested on 1.4 tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

Joomla com_kide Component - view Parameter Sql Injection Vulnerability

Joomla com_kide component version 1.5 suffers from a remote SQL injection vulnerability. tested on 1.x tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

Joomla com_eventlist Component - id Parameter Sql Injection Vulnerability

Joomla com_eventlist component version 1.5 suffers from a remote SQL injection vulnerability. tested on 1.x tnks. Amir - Iedb.ir - IrIsT.Ir - Xssed.Ir ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

[security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2J1eDAzNzA2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNidXgwMzcwNmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCVVgw MzcwNiByZXYuMSAtIEhQLVVYIE5UUCBzZXJ2aWNlIHJ1bm5pbmcgbnRwZCwgTXVsdGlw bGUgVnVsbm...

[security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzExZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcxMWVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcxMSByZXYuMSAtIEhQRSAyNjIwIFNlcmllcyBOZXR3b3JrIFN3aXRjaGVzLCBSZW1v dGUgQ3Jvc3...

[security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzA3ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcwN2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcwNyByZXYuMSAtIEhQRSBDb252ZXJnZWRTeXN0ZW0gNzAwIDIuMCBWTXdhcmUgS2l0 LCBSZW1vdG...

[security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzE2ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcxNmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcxNiByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoSU1D KSBQTEFULC...

CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"

Credits =============== Zhao Liang, Huawei Weiran Labs Vendor: =============== Tiki Product: ======================== Tiki Wiki CMS The Tiki Wiki CMS Groupware project (aka TikiWiki or Tiki) is an open source initiative that releases and maintains a powerful OpenSource Content Management System (CMS) and Groupware called Tiki. Vulnerability Type: ================================ Access Validation Error CVE Reference: ============== CVE-2016-10143 Vulnerabili...

[SECURITY] [DSA 3805-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3805-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5398 CVE-20...

[security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzE0ZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcxNGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcxNCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoSU1D KSBQTEFULC...

[SECURITY] [DSA 3804-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3804-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2016-9588 CVE-2017-263...

[security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzEzZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcxM2VuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcxMyByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoSU1D KSBQTEFULA...

[security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JnbjAzNzEyZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiZ24wMzcxMmVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCR04w MzcxMiByZXYuMSAtIEhQRSBMb2FkUnVubmVyIGFuZCBQZXJmb3JtYW5jZSBDZW50ZXIs IFJlbW90ZS...

SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint

--------------ms040901080407030808010902 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170308-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Multiple vulnerabilities product: Navetti PricePoin...

[slackware-security] mozilla-firefox (SSA:2017-066-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-066-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.8.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.o...

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead

Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security of "Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead" is posted here: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html === text-version of the advisory without technical explanations === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: Multiple vulnerabilities found in Wire...

[security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtaHBlc2JoZjAzNzEwZW5fdXMN Cg0KU1VQUE9SVCBDT01NVU5JQ0FUSU9OIC0gU0VDVVJJVFkgQlVMTEVUSU4NCg0KRG9j dW1lbnQgSUQ6IGhwZXNiaGYwMzcxMGVuX3VzDQpWZXJzaW9uOiAxDQoNCkhQRVNCSEYw MzcxMCByZXYuMSAtIEhQRSBJbnRlbGxpZ2VudCBNYW5hZ2VtZW50IENlbnRlciAoSU1D KSBQTEFULC...

Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution

------------------------------------------------------------------------ Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution ------------------------------------------------------------------------ Remco Vermeulen, January 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that the Western Digital My Cloud is vulnerable to a...

SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud

--------------ms070205030000000106040806 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170307-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Unauthenticated OS command injection & arbitrary fil= e upload ...

WordPress audio playlist functionality is affected by Cross-Site Scripting

------------------------------------------------------------------------ WordPress audio playlist functionality is affected by Cross-Site Scripting ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Two Cross-Site Scripting vulnerabilities exists in the playlist functionality of WordPre...

EasyCom PHP API Stack Buffer Overflow

[+] Credits: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========================== EASYCOM AS400 (iBMI) PHP API EasycomPHP_4.0029.iC8im2.exe EASYCOM is the middleware which provides native access to IBMi data and programs. With its excellent performance and strict compliance ...

Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass

[+] Credits: John Page AKA Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt [+] ISR: ApparitionSec Vendor: =============== www.sawmill.net Product: ======================== Sawmill Enterprise v8.7.9 sawmill8.7.9.4_x86_windows.exe hash: b7ec7bc98c42c4908dfc50450b4521d0 Sawmill is a powerful heirarchical log analysis tool that runs on every major platfor...

CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Authentication Bypass Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-7955 Vulnerable Versions: <=5.3.0 Fixed Version: 5.3.1 Vulnerability Details ===================== This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists w...

CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility

Document Title: =============== CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility Vendor: ======= Ettercap (http://ettercap.github.io/ettercap/) Product and Versions Affected: ============================== Etterfilter 0.8.2 and possibly prior. Vulnerability Type: =================== Denial-of-Service CVE Reference: ============== CVE-2017-6430 Vulnerability Details: ====================== Etterfilter utility of Ettercap have an out-...

OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)

During my research about update mechanisms of open-source software I discovered vulnerabilities in OpenElec. == [ OVERVIEW ] == System affected: OpenElec CVE: CVE-2017-6445 Vulnerable component: auto-update feature Software-Version: 6.0.3, 7.0.1 User-Interaction: Reboot required Impact: Remote Code Execution with root permission == [ PRODUCT DESCRIPTION ] == According to its website "Open Embedded Linux Entertainment Center (OpenELEC) is a small Linux b...

CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility

Document Title: =============== CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility Vendor: ======= Appneta (https://www.appneta.com/) Product and Versions Affected: ============================== Tcpreplay 4.1.2 and possibly prior. Fixed Version: ============== 4.2.0 Beta 1 Product Description: ==================== Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network ...

EasyCom SQL iPlug Denial Of Service

[+] Credits: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========== SQL iPlug EasycomPHP_4.0029.iC8im2.exe SQL iPlug provides System i applications real-time access to heterogeneous and external databases (Oracle, SQL Server, MySQL, MS Access, Sybase, Progress) in a completely transpar...

[SECURITY] [DSA 3801-1] ruby-zip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3801-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 04, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-zip CVE ID : CVE-2017-5946 Debian B...

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0

Title: Remote file upload vulnerability in Wordpress Plugin Mobile App = Native 3.0 Vulnerability Date: 2017-02-27 Download: https://wordpress.org/plugins/zen-mobile-app-native/ Vendor: https://profiles.wordpress.org/zendkmobileapp/ Notified: 2017-02-27 Vendor Contact:=20 Description: Mobile App WordPress plugin lets you turn your website into = a full-featured mobile application in minutes using Mobile App Builder. Vulnerability: The code in file = ./zen-mobile-app-native/server/image...

[SECURITY] [DSA 3794-2] munin regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3794-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : munin Debian Bug : 856455 The update for m...

Joomla com_publication Component - sid Parameter Sql Injection Vulnerability

Joomla com_publication component version 3.1 and old version suffers from a remote SQL injection vulnerability. teste on 3.1 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ ...

Joomla com_news Component - id Parameter Sql Injection Vulnerability

Joomla com_news component version 3.1 suffers from a remote SQL injection vulnerability. teste on 3.x version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ ...

Joomla com_filecabinet Component - id Parameter Sql Injection Vulnerability

Joomla com_filecabinet component version 1.6 and old version suffers from a remote SQL injection vulnerability. teste on 1.6 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ ...

Joomla com_frontpage Component - Itemid Parameter Sql Injection Vulnerability

Joomla com_frontpage component version 2.x and old version suffers from a remote SQL injection vulnerability. teste on 2.0 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ ...

Joomla com_phocadownload Component - id Parameter Sql Injection Vulnerability

Joomla com_phocadownload component version 1.x and old version suffers from a remote SQL injection vulnerability. teste on 1.8 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@...

Joomla com_jdownloads Component - cid Parameter Sql Injection Vulnerability

Joomla com_jdownloads component version 1.x and old version suffers from a remote SQL injection vulnerability. teste on 1.5 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ ...

Joomla com_webgrouper Component - Itemid Parameter Sql Injection Vulnerability

Joomla com_webgrouper component version 1.6 and 1.7 and old version suffers from a remote SQL injection vulnerability. teste on 1.6 version Amir - IrIsT.Ir - Iedb.Ir - Xssed.Ir Tnks ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ ...

[SECURITY] [DSA 3798-1] tnef security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3798-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond March 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tnef CVE ID : CVE-2017-6307 CVE-2017-6308...

Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin

------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A stored Cross-Site Scripting vulnerability was found in the Contact Form WordPress Plu...

Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin

------------------------------------------------------------------------ Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that Contact Form Manager does not protect against ...

Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin

------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin ------------------------------------------------------------------------ Axel Koolhaas, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress ...

Cross-Site Scripting in Magic Fields 1 WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A reflected Cross-Site Scripting vulnerability has been encountered in the Magic Fields 1 WordPress plugin. ...

Cross-Site Request Forgery in Atahualpa WordPress Theme

------------------------------------------------------------------------ Cross-Site Request Forgery in Atahualpa WordPress Theme ------------------------------------------------------------------------ Spyros Gasteratos, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross Site Request Forgery vulnerability exists in the Atahualpa Wordpress theme which allows attacker...

Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery

------------------------------------------------------------------------ Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Request Forgery (CSRF) vulnerability was found in the Gwolle Guestbook Word...

Cross-Site Request Forgery in WordPress Download Manager Plugin

------------------------------------------------------------------------ Cross-Site Request Forgery in WordPress Download Manager Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Request Forgery vulnerability has been found in the WordPress Download Manager Plugin. ...

Persistent Cross-Site Scripting in the WordPress NewStatPress plugin

------------------------------------------------------------------------ Persistent Cross-Site Scripting in the WordPress NewStatPress plugin ------------------------------------------------------------------------ Han Sahin, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A persistent Cross-Site Scripting (XSS) vulnerability has been found in the WordPress NewStatPress ...

Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin ------------------------------------------------------------------------ Radjnies Bhansingh, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Gwolle Guestbook WordPress plugin...

Cross-Site Request Forgery in Global Content Blocks WordPress Plugin

------------------------------------------------------------------------ Cross-Site Request Forgery in Global Content Blocks WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site R...

Cross-Site Request Forgery in File Manager WordPress plugin

------------------------------------------------------------------------ Cross-Site Request Forgery in File Manager WordPress plugin ------------------------------------------------------------------------ David Vaartjes, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Request Forgery (CSRF) vulnerability was found in the File Manager WordPress Plugin. Among...

Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting

------------------------------------------------------------------------ Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A persistent Cross-Site Scripting vulnerability has been encounter...

Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field

------------------------------------------------------------------------ Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A persistent Cross-Site Scripting vulnerability has been encounte...

Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability

------------------------------------------------------------------------ Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A PHP Object injection vulnerability was found in the Analyti...

Multiple persistent Cross-Site Scripting vulnerabilities in osTicket

------------------------------------------------------------------------ Multiple persistent Cross-Site Scripting vulnerabilities in osTicket ------------------------------------------------------------------------ Han Sahin, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Two persistent Cross-Site Scripting vulnerabilities have been found in osTicket. These issues exist...

Advisory X41-2017-001: Multiple Vulnerabilities in X.org

--sLkE1hacEm7Dqoi4mjhWl2stHppDU5f7F Content-Type: multipart/mixed; boundary="48NR3Iq1IvL4XlQTHfQVWSVqmWV79pPHT"; protected-headers="v1" From: X41 D-Sec GmbH Advisories To: bugtraq@securityfocus.com Message-ID: <42f8162f-b2a5-8ee7-3ff8-97bb7b077a4e@x41-dsec.de> Subject: Advisory X41-2017-001: Multiple Vulnerabilities in X.org --48NR3Iq1IvL4XlQTHfQVWSVqmWV79pPHT Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X41 D-Sec G...

[SECURITY] [DSA 3795-1] bind9 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3795-1 security@debian.org https://www.debian.org/security/ Michael Gilbert February 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2017-3135 Debian Bug ...

[SECURITY] [DSA 3792-1] libreoffice security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3792-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 23, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2017-3157 Ben...

Advisory X41-2017-004: Multiple Vulnerabilities in tnef

--kjEgmIJeePLp3Q3sQOUisnMKB57v6NGfm Content-Type: multipart/mixed; boundary="FMpE3js5SswguGfxMbi0elA9kpQbU3xFT"; protected-headers="v1" From: X41 D-Sec GmbH Advisories To: bugtraq@securityfocus.com Message-ID: <349fd5a0-0158-ca21-0f93-99bbac4770a4@x41-dsec.de> Subject: Advisory X41-2017-004: Multiple Vulnerabilities in tnef --FMpE3js5SswguGfxMbi0elA9kpQbU3xFT Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X41 D-Sec Gm...

Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities

Document Title: =============== Air Transfer 1.2.1 & 1.0.14 iOS - Multiple XSS Web Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2035 Release Date: ============= 2017-02-22 Vulnerability Laboratory ID (VL-ID): ==================================== 2035 Common Vulnerability Scoring System: ==================================== 3.2 Product & Service Introduction: =============================== Air ...

FreeBSD Security Advisory FreeBSD-SA-17:02.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2017-02-23 Affects: All supported versions of FreeBSD. Corrected: 2017-01-26 ...

[SECURITY] [DSA 3791-1] linux security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3791-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2016-6786 CVE-2016-678...

[SECURITY] [DSA 3788-2] tomcat8 regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 The update for tomcat8 issued as DSA-37...

[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzk4MzIyDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzOTgzMjINClZlcnNpb246IDENCg0KSFBFU0JIRjAzNzA5IHJldi4xIC0gSFBF IE5ldHdvcmsgcHJvZHVjdHMgaW5jbHVkaW5nIENvbXdhcmUsIElNQywgYW5kIFZDWA0K cnVubmluZy...

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Logic Pro X 10.3.1 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or later (64 bit) Impact: Opening a maliciously crafted GarageBand Project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2374: Tyler Bohan of Cisco Talos Installation note: Logic Pro X m...

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

Document Title: =============== PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2029 Release Date: ============= 2017-01-30 Vulnerability Laboratory ID (VL-ID): ==================================== 2029 Common Vulnerability Scoring System: ==================================== 5.9 Product & Service Introduction: =============================== PDFMa...

[SECURITY] [DSA 3790-1] spice security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3790-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 16, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spice CVE ID : CVE-2016-9577 CVE-2016-957...

[SYSS-2017-004] Simplessus Files: Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-004 Product: Simplessus Files Manufacturer: Simplessus Affected Version(s): 3.7.7 Tested Version(s): 3.7.7 Vulnerability Type: Path Traversal (CWE-22) Risk Level: High Solution Status: Fixed Manufacturer Notification: January 25, 2017 Solution Date: January 25, 2017 Public Disclosure: February 16, 2017 CVE Reference: Not yet assigned Author of Advisory: Dr. Adrian Vollmer, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~...

[SYSS-2017-001] Simplessus Files: SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2017-001 Product: Simplessus Files Manufacturer: Simplessus Affected Version(s): 3.7.7 Tested Version(s): 3.7.7 Vulnerability Type: SQL Injection (CWE-89) Risk Level: High Solution Status: Open Manufacturer Notification: January 25, 2017 Solution Date: January 25, 2017 Public Disclosure: February 16, 2017 CVE Reference: Not yet assigned Author of Advisory: Dr. Adrian Vollmer, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~...

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

--apV7Edu47GsqBl4b0io1u38JB9G56TH4k Content-Type: multipart/mixed; boundary="J9mbOB6e5ICxs19uUMrACe1PrHN65dFHc"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability --J9mbOB6e5ICxs19uUMrACe1PrHN65dFHc Content-Type: text/plain; charset=utf-8 Content-Trans...

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

--i7WCP2rRU2OWW52We4mlpcIn1opup15oI Content-Type: multipart/mixed; boundary="A6C0hufjuQvH9kPblp13jBSUL66pJhI8P"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <574aac49-0d95-ec17-acb3-e3fef46e70b9@korelogic.com> Subject: KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write --A6C0hufjuQvH9kPblp13jBSUL66pJhI8P Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: ...

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability Advisory ID: cisco-sa-20170215-ucs Revision 1.0 For Public Release 2017 February 15 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user pr...

CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)

CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only) Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Fix: not available Description: Previously announced fix for CVE-2014-2520 seems to be incomplete: when PostgreSQL Database is used and return_top_results_row_based config option is set to false, Content Server does not properly restrict DQL hints,...

Advisory X41-2017-002: Multiple Vulnerabilities in ytnef

--PhsrblgVsIkArouwseIUmObsHM8KvTGVx Content-Type: multipart/mixed; boundary="9d98Xrln07hFNifOXTqhTSg7828UxMvfC"; protected-headers="v1" From: X41 D-Sec GmbH Advisories To: oss-security@lists.openwall.com, fulldisclosure@seclists.org, bugtraq@securityfocus.com, distros@vs.openwall.org Message-ID: <05917198-0341-0542-858e-e475797c9636@x41-dsec.de> Subject: Advisory X41-2017-002: Multiple Vulnerabilities in ytnef --9d98Xrln07hFNifOXTqhTSg7828UxMvfC Content-Type...

CVE-2017-5586: Remote code execution in OpenText Documentum D2

CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialised data from untrusted sources, which leads to remote code execution Proof of concept: ===================================8<=========================================== imp...

[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzkwODkzDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzOTA4OTMNClZlcnNpb246IDENCg0KSFBFU0JIRjAzNzAzIHJldi4xIC0gIEhQ RSBOZXR3b3JrIFByb2R1Y3RzIGluY2x1ZGluZyBDb213YXJlIHY3IGFuZCBWQ1ggdXNp bmcNCk9wZW...

Cisco Security Response: Cisco Smart Install Protocol Misuse

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Response: Cisco Smart Install Protocol Misuse Response ID: cisco-sr-20170214-smi Revision 1.0 For Public Release 2017 February 14 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Several researchers have reported on the use of Smart Install (SMI) protocol messages toward Smart Install clients, also known as integrated branch clients (IBC), allowing an una...

[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzkwODQ5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzOTA4NDkNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNjk3IHJldi4xIC0gSFBF IEJ1c2luZXNzIFNlcnZpY2UgTWFuYWdlbWVudCAoQlNNKSwgUmVtb3RlIERpc2Nsb3N1 cmUNCm9mIE...

[security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzkwNzIyDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzOTA3MjINClZlcnNpb246IDENCg0KSFBTQk1VMDM2OTEgcmV2LjEgLSBIUEUg SW5zaWdodCBDb250cm9sLCBNdWx0aXBsZSBSZW1vdGUgVnVsbmVyYWJpbGl0aWVzDQoN Ck5PVElDRT...

[SECURITY] [DSA 3788-1] tomcat8 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3788-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : not yet available Debia...

[SECURITY] [DSA 3787-1] tomcat7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3787-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : not yet available Debia...

[SECURITY] [DSA 3786-1] vim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3786-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : vim CVE ID : CVE-2017-5953 Debian Bug ...

[security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzg2ODA0DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODY4MDQNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNjk4IHJldi4xIC0gSFBF IERETWkgdXNpbmcgT3BlblNTTCwgUmVtb3RlIEFyYml0cmFyeSBDb2RlIEV4ZWN1dGlv biwNCkJ5cG...

[security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzg1NjgwDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODU2ODANClZlcnNpb246IDENCg0KSFBTQk1VMDM2OTIgcmV2LjEgLSBIUEUg TWF0cml4IE9wZXJhdGluZyBFbnZpcm9ubWVudCwgTXVsdGlwbGUgUmVtb3RlDQpWdWxu ZXJhYmlsaX...

[slackware-security] tcpdump (SSA:2017-041-04)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tcpdump (SSA:2017-041-04) New tcpdump packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. NOTE: These updates also require the updated libpcap package. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/tcpdump-4.9.0-i586-1_slack14.2.txz: Upgraded. Fixed bugs which allow an attacker to crash tcpdump (denial of...

[slackware-security] php (SSA:2017-041-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2017-041-03) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.30-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.30 https://cve.mitre.or...

[slackware-security] openssl (SSA:2017-041-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2017-041-02) New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2k-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Truncated packet could crash via OOB read (CVE-2017-3731) BN_mod_exp may produce incorrect results on x8...

[security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzg4OTQ4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODg5NDgNClZlcnNpb246IDENCg0KSFBFU0JIRjAzNzA0IHJldi4xIC0gSFBF IE9mZmljZUNvbm5lY3QgTmV0d29yayBTd2l0Y2hlcywgTG9jYWwgVW5hdXRob3JpemVk DQpEYXRhIE...

WebKitGTK+ Security Advisory WSA-2017-0002

--lLfSdp9kFChKAncJvJv2udA2QhQlcFtUD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2017-0002 ------------------------------------------------------------------------ Date reported : February 10, 2017 Advisory ID : WSA-2017-0002 Advisory URL : https://webkitgtk.org/security/WSA-2017-0002.html CVE...

[security bulletin] HPESBNS03702 rev.1 - HPE NonStop OSS Core Utilities with Bash Shell, Local Arbitrary Command Execution, Elevation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzg4MTE1DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODgxMTUNClZlcnNpb246IDENCg0KSFBFU0JOUzAzNzAyIHJldi4xIC0gSFBF IE5vblN0b3AgT1NTIENvcmUgVXRpbGl0aWVzIHdpdGggQmFzaCBTaGVsbCwgTG9jYWwN CkFyYml0cm...

[SECURITY] [DSA 3784-1] viewvc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3784-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : viewvc CVE ID : CVE-2017-5938 Debian Bug...

[SECURITY] [DSA 3783-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3783-1 security@debian.org https://www.debian.org/security/ Luciano Bello February 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2016-10158 CVE-2016-101...

TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules

Hello, Please find a text-only version below sent to security mailing lists. The HTML version on "Vulnerabilities found in TP-Link C2 and C20i" is posted here: https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html === text-version of the advisory === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules Advis...

[SECURITY] [DSA 3782-1] openjdk-7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3782-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 08, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2016-5546 CVE-2016...

Authentication bypass vulnerability in Western Digital My Cloud

------------------------------------------------------------------------ Authentication bypass vulnerability in Western Digital My Cloud ------------------------------------------------------------------------ Remco Vermeulen, Januari 2017 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ It was discovered that Western Digital My Cloud is affected by an authentication bypass vulnera...

Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability Advisory ID: cisco-sa-20170208-asa Revision 1.0 For Public Release 2017 February 8 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software could allow an authenticated, remo...

Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability Advisory ID: cisco-sa-20170208-anyconnect Revision 1.0 For Public Release 2017 February 8 16:00 GMT (UTC) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windo...

ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891DE9CAMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891DE9CAMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-001.txt" Content-Description: ESA-2017-001.txt Content-Disposition: attachment; filename="ESA-2017-001.txt"; size=3595; creation-date="Tue, 17 Jan 2017 21:04:55 GMT"; modification-date="Wed, 01 Feb 2017 14:51:33 GMT" Content-...

SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server

--------------ms020007050202040103050907 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20170207-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Path Traversal, Backdoor accounts & KNX group addres= s ...

[security bulletin] HPESBUX03699 SSRT110304 rev.1 - HP-UX BIND, Multiple Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCk5vdGU6 IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBpcyBhdmFpbGFi bGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNjL2RvYy9wdWJsaWMvZGlz cGxheT9kb2NJZD1lbXJfbmEtYzA1MzgxNjg3DQoNClNVUFBPUlQgQ09NTVVOSUNBVElPTiAtIFNF Q1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElEOiBjMDUzODE2ODcNClZlcnNpb246IDENCg0K SFBFU0JVWDAzNjk5IFNTUlQxMTAzMDQgcmV2LjEgLSBIUC1VWCBCSU5ELCBNdWx0aXBsZSBSZW1v dGUgRGVuaWFsIG9mIFNlcnZpY2UJDQoo...

Teleopti WFM <= 7.1.0 Multiple Vulnerabilities

############################################################# # Advisory Title: Teleopti WFM (Multiple Vulnerabilities) # Date: 2/4/2017 # Researcher: Graph-X ((email: graphx@sigaint.org)) # Vendor Homepage: http://www.teleopti.com # Version: <= 7.1.0 # CVE: is dead ############################################################# Disclosure Timeline ############################################################################################ 8/30/2016 – Init...

[SECURITY] [DSA 3781-1] svgsalamander security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3781-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : svgsalamander CVE ID : CVE-2017-5617 L...

ZoneMinder - multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140 Author: John Marzella Date: 03/02/2017 ========================================================================== CVE-2016-10140 - Auth bypass and Info disc...

[FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No CSRF Protection Technical Risk: high Likelihood of Exploitation: medium Vendor: Zoneminder Vendor URL: https://zoneminder.com/ Credits: FOXMOLE e...

Ghostscript 9.20 Filename Command Execution

[+]################################################################################################# [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt [+] ISR: ApparitionSec [+]################################################################################################ Vendor: =============== ghostscript.com Product: ================ ...

[security bulletin] HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyOTU4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODI5NTgNClZlcnNpb246IDENCg0KSFBTQlNUMDM1ODggcmV2IDEuIC0gSFBF IFN0b3JlVmlydHVhbCA0MDAwIFN0b3JhZ2UgYW5kIFN0b3JlVmlydHVhbCBWU0ENClNv ZnR3YXJlIH...

Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability Advisory ID: cisco-sa-20170201-prime-home Revision 1.0 For Public Release 2017 February 1 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with ad...

ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A891DB185MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891DB185MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-003.txt" Content-Description: ESA-2017-003.txt Content-Disposition: attachment; filename="ESA-2017-003.txt"; size=4040; creation-date="Tue, 17 Jan 2017 15:30:48 GMT"; modification-date="Wed, 01 Feb 2017 14:51:55 GMT" Content-...

[SECURITY] [DSA 3779-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3779-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2017-5488 CVE-2017...

[security bulletin] HPESBHF03700 rev.1 - HPE iMC PLAT, Remote Disclosure of Information, Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyNDE4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODI0MTgNClZlcnNpb246IDENCg0KSFBFU0JIRjAzNzAwIHJldi4xIC0gSFBF IGlNQyBQTEFULCBSZW1vdGUgRGlzY2xvc3VyZSBvZiBJbmZvcm1hdGlvbiwgRGVuaWFs DQpvZiBTZX...

[SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3778-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 31, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-archive-tar-minitar CVE ID : CVE-201...

[security bulletin] HPESBGN03696 rev.1 - HPE Helion Eucalyptus, Remote Escalation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyODY4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODI4NjgNClZlcnNpb246IDENCg0KSFBFU0JHTjAzNjk2IHJldi4xIC0gSFBF IEhlbGlvbiBFdWNhbHlwdHVzLCBSZW1vdGUgRXNjYWxhdGlvbiBvZiBQcml2aWxlZ2UN Cg0KTk9USU...

[security bulletin] HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL Server, Remote Elevation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyNzQwDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODI3NDANClZlcnNpb246IDENCg0KSFBTQkhGMDM2OTMgcmV2LjEgLSAgSFBF IGlNQyBQTEFUIE5ldHdvcmsgUHJvZHVjdHMgcnVubmluZyBNaWNyb3NvZnQgU1FMDQpT ZXJ2ZXIsIF...

ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D99A5MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D99A5MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2017-007.txt" Content-Description: ESA-2017-007.txt Content-Disposition: attachment; filename="ESA-2017-007.txt"; size=3458; creation-date="Tue, 24 Jan 2017 21:33:07 GMT"; modification-date="Tue, 31 Jan 2017 15:14:49 GMT" Content-...

ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A891D9903MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D9903MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-094.txt" Content-Description: ESA-2016-094.txt Content-Disposition: attachment; filename="ESA-2016-094.txt"; size=2463; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:22:38 GMT" Content-...

[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities

--DHR8bs6Sn5W7hNnEx6XKbkxIR1xBuBwpS Content-Type: multipart/mixed; boundary="lEfxWdSAWS4wnReUKTUO6OAvJ0L0qKHH4"; protected-headers="v1" From: Matteo Beccati To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: <31df7fbf-458d-cbbd-a51b-e6a3e5ba3d63@beccati.com> Subject: [REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities --lEfxWdSAWS4wnReUKTUO6OAvJ0L0qKHH4 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-print...

[security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzgyMzQ5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzODIzNDkNClZlcnNpb246IDENCg0KSFBFU0JNVTAzNzAxIHJldi4xIC0gSFBF IFNtYXJ0IFN0b3JhZ2UgQWRtaW5pc3RyYXRvciwgUmVtb3RlIEFyYml0cmFyeSBDb2Rl DQpFeGVjdX...

Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability

====================================================================== Secunia Research 2017/01/27 libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Descriptio...

secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines")

Affected Products Tested with OPSI Server 4.0.7.26 OPSI ClientAgent 4.0.7.10-1 (older releases have not been tested) According to the vendor all server instances that use a python-opsi version lower than 4.0.7.28-4 are affected References https://www.secuvera.de/advisories/secuvera-SA-2017-01.txt (used for updates) https://sourceforge.net/p/opsi/mailman/message/35609086/ (announcement by vendor in german language) No CVE-Number has been assigned ...

[SECURITY] [DSA 3773-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3773-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-7056 CVE-2016-8...

Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin

------------------------------------------------------------------------ Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A persistent Cross-Site Scripting vulnerability has been encountered in the U...

Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin

------------------------------------------------------------------------ Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ Multiple blind SQL injection vulnerabilities were found in the FormBuilder WordPress P...

CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default

=================================================================== CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default Severity: High Vendor: The Apache Software Foundation Versions Affected: Cordova Android (6.1.1 and below) Description: After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not ...

ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D6A9CMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A9CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-133.txt" Content-Description: ESA-2016-133.txt Content-Disposition: attachment; filename="ESA-2016-133.txt"; size=3362; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:24:06 GMT" Content-...

=?iso-8859-1?Q?ESA-2016-154:_RSA_BSAFE=AE_Crypto-J_Multiple_Security_Vuln?= =?iso-8859-1?Q?erabilities?=

--_002_1BF8853173D9704A93EF882F85952A891D6A6CMX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A6CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-154.txt" Content-Description: ESA-2016-154.txt Content-Disposition: attachment; filename="ESA-2016-154.txt"; size=2340; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:22:59 GMT" Conten...

ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D6A4BMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A4BMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-037.txt" Content-Description: ESA-2016-037.txt Content-Disposition: attachment; filename="ESA-2016-037.txt"; size=4040; creation-date="Thu, 26 Jan 2017 14:10:59 GMT"; modification-date="Thu, 26 Jan 2017 16:22:19 GMT" Content-...

Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability

====================================================================== Secunia Research 2016/01/18 Oracle Outside In VSDX Use-After-Free Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solu...

[slackware-security] mozilla-thunderbird (SSA:2017-026-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2017-026-01) New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-45.7.0-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www....

CA20170126-01: Security Notice for CA Common Services casrvc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20170126-01: Security Notice for CA Common Services casrvc Issued: January 26, 2017 Last Updated: January 26, 2017 CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the cas...

[SECURITY] [DSA 3772-1] libxpm security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3772-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxpm CVE ID : CVE-2016-10164 Tobias ...

ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A891D6A8CMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A8CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-167.txt" Content-Description: ESA-2016-167.txt Content-Disposition: attachment; filename="ESA-2016-167.txt"; size=3699; creation-date="Thu, 26 Jan 2017 14:16:50 GMT"; modification-date="Thu, 26 Jan 2017 16:23:47 GMT" Content-...

ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D6A7CMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A7CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-160.txt" Content-Description: ESA-2016-160.txt Content-Disposition: attachment; filename="ESA-2016-160.txt"; size=3377; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:23:17 GMT" Content-...

ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A891D6A35MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A35MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-132.txt" Content-Description: ESA-2016-132.txt Content-Disposition: attachment; filename="ESA-2016-132.txt"; size=4195; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:21:53 GMT" Content-...

=?iso-8859-1?Q?ESA-2016-092:_RSA=AE_Web_Threat_Detection_Cross_Site_Scrip?= =?iso-8859-1?Q?ting_Vulnerability?=

--_002_1BF8853173D9704A93EF882F85952A891D6A24MX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D6A24MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-092.txt" Content-Description: ESA-2016-092.txt Content-Disposition: attachment; filename="ESA-2016-092.txt"; size=1669; creation-date="Thu, 26 Jan 2017 14:15:38 GMT"; modification-date="Thu, 26 Jan 2017 16:21:27 GMT" Conten...

PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload

[+]################################################################################################ [+] Credits: John Page AKA Hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTP_UPLOAD-ARBITRARY-FILE-UPLOAD.txt [+] ISR: ApparitionSEC [+]################################################################################################ Vendor: ============ pear.php.net Product: ==================== H...

[SECURITY] [DSA 3771-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3771-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 25, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2017-5373 CVE-20...

Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability

------------------------------------------------------------------------ Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick Koster, June 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A PHP Object injection vulnerability was found in the Google Forms WordPress Plugi...

Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170125-telepresence Revision 1.0 For Public Release 2017 January 25 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could all...

Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability Advisory ID: cisco-sa-20170125-expressway Revision 1.0 For Public Release 2017 January 25 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) softwa...

Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability Advisory ID: cisco-sa-20170125-cas Revision 1.0 For Public Release 2017 January 25 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance (ASA) CX Context-Aware Security module...

ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D5F89MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D5F89MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-166.txt" Content-Description: ESA-2016-166.txt Content-Disposition: attachment; filename="ESA-2016-166.txt"; size=3328; creation-date="Tue, 17 Jan 2017 21:04:59 GMT"; modification-date="Tue, 24 Jan 2017 19:40:13 GMT" Content-...

OpenCart 2.3.0.2 CSRF - User Account Takeover

===[ Introduction ]=== OpenCart is a free open source ecommerce platform for online merchants. OpenCart provides a professional and reliable foundation from which to build a successful online store. ===[ Description ]=== There is a security vulnerability in OpenCart 2.3.0.2 which allows a hacker to break into a customer account. The bug exists in "My Account Information" page. The form is not protected with a token id, so a hacker can change users information silently. A demonst...

[security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzAxOTQ2DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMDE5NDYNClZlcnNpb246IDMNCg0KSFBTQlNUMDM2NDIgcmV2LjMgLSBIUEUg U3RvcmVWaXJ0dWFsIFByb2R1Y3RzIHJ1bm5pbmcgTGVmdEhhbmQgT1MgdXNpbmcNCk9w ZW5TU0wgYW...

[security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzY4Mzc4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNjgzNzgNClZlcnNpb246IDENCg0KSFBTQkhGMDM2OTUgcmV2LjEgLSBIUEUg RXRoZXJuZXQgQWRhcHRvcnMsIFJlbW90ZSBEZW5pYWwgb2YgU2VydmljZSAoRG9TKQ0K DQpOT1RJQ0...

[security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MjM2OTUwDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUyMzY5NTANClZlcnNpb246IDINCg0KSFBTQkhGMDM0NDEgcmV2LjIgLSBIUEUg aUxPIDMsIGlMTyA0IGFuZCBpTE8gNCBtUkNBLCBSZW1vdGUgTXVsdGlwbGUNClZ1bG5l cmFiaWxpdG...

Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco WebEx Browser Extension Remote Code Execution Vulnerability Advisory ID: cisco-sa-20170124-webex Revision 1.0 For Public Release 2017 January 22 18:30 UTC (GMT) Last Updated 2017 January 24 18:30 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Cisco WebEx browser extensions provided by Cisco WebEx Meetings Server and Cisco WebEx Meetings Center ...

[security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzY5NDE1DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNjk0MTUNClZlcnNpb246IDENCg0KSFBTQkdOMDM2OTAgcmV2LjEgLSBIUEUg UmVhbCBVc2VyIE1vbml0b3IgKFJVTSksIFJlbW90ZSBEaXNjbG9zdXJlIG9mDQpJbmZv cm1hdGlvbg...

CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS

Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1. ADVISORY INFORMATION Title: Oracle OpenJDK - Java Serialization DoS Advisory ID: [ERPSCAN-17-006] Risk: High Advisory URL: https://erpscan.com/advisories/erpscan-17-006-oracle-openjdk-= java-serialization-dos-vulnerability/ Date published: 17.01.2017 Vendor contacte...

[ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300

Application: Oracle PeopleSoft Vendor: Oracle Bugs: XXS Reported: 31.10.2016 Vendor response: 1.11.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Authors: Vahagn Vardanyan, Dmitry Yudin 1. ADVISORY INFORMATION Title: Oracle PeopleSoft =E2=80=93 XSS vulnerability Advisory ID: [ERPSCAN-17-005] Risk: High Advisory URL: https://erpscan.com/advisories/erpscan-17-005-oracle-peopleso= ft-xss-vulnerability/ Date published: 17.01.2017 ...

[slackware-security] mozilla-firefox (SSA:2017-023-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2017-023-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.7.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.o...

APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5 iTunes for Windows 12.5.5 is now available and addresses the following: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2354: Neymar of Tencents Xuanwu Lab (tencent.com) working with Trend Micros Zero Day Initiative WebKit Impact: ...

APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1 iCloud for Windows 6.1.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2354: Neymar of Tencents Xuanwu Lab (tencent.com) working with Trend Micros Zero...

APPLE-SA-2017-01-23-2 macOS 10.12.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-2 macOS 10.12.3 macOS 10.12.3 is now available and addresses the following: apache_mod_php Available for: macOS Sierra 10.12.2 Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 5.6.28. CVE-2016-8670 CVE-2016-9933 CVE-2016-9934 Bluetooth Available for: macOS Sierra 10.12.2 Impact: An application may be able to execute arbitrary code with kernel privilege...

APPLE-SA-2017-01-23-5 Safari 10.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-5 Safari 10.0.3 Safari 10.0.3 is now available and addresses the following: Safari Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.3 Impact: Visiting a malicious website may lead to address bar spoofing Description: A state management issue in the address bar was addressed through improved URL handling. CVE-2017-2359: xisigr of Tencents Xuanwu Lab (tencent.com) WebKit ...

APPLE-SA-2017-01-23-4 tvOS 10.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-4 tvOS 10.1.1 tvOS 10.1.1 is now available and addresses the following: Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2370: Ian Beer of Google Project Zero Kernel Available for: Apple TV (4th generation) Impact: An application ma...

APPLE-SA-2017-01-23-3 watchOS 3.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-3 watchOS 3.1.3 watchOS 3.1.3 is now available and addresses the following: Accounts Available for: All Apple Watch models Impact: Uninstalling an app did not reset the authorization settings Description: An issue existed which did not reset the authorization settings on app uninstall. This issue was addressed through improved sanitization. CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro Audio Available f...

APPLE-SA-2017-01-23-1 iOS 10.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-01-23-1 iOS 10.2.1 iOS 10.2.1 is now available and addresses the following: Auto Unlock Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Auto Unlock may unlock when Apple Watch is off the users wrist Description: A logic issue was addressed through improved state management. CVE-2017-2352: Ashley Fernandez of raptAware Pty Ltd Contacts Available for: i...

=?iso-8859-1?Q?ESA-2016-150:_RSA=AE_Security_Analytics_Reflected_Cross-Si?= =?iso-8859-1?Q?te_Scripting_Vulnerability?=

--_002_1BF8853173D9704A93EF882F85952A891D1F35MX304CL04corpemcc_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D1F35MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-150.txt" Content-Description: ESA-2016-150.txt Content-Disposition: attachment; filename="ESA-2016-150.txt"; size=4061; creation-date="Mon, 23 Jan 2017 16:08:18 GMT"; modification-date="Mon, 23 Jan 2017 16:13:54 GMT" Conten...

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891D1F15MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891D1F15MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-146.txt" Content-Description: ESA-2016-146.txt Content-Disposition: attachment; filename="ESA-2016-146.txt"; size=3280; creation-date="Tue, 17 Jan 2017 15:11:29 GMT"; modification-date="Mon, 23 Jan 2017 16:04:55 GMT" Content-...

Microsoft Remote Desktop Client for Mac Remote Code Execution - Update

--Apple-Mail=_7478B0B8-0770-49D5-9193-D995C7D8F669 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Advisory ID: SGMA16-004 Title: Microsoft Remote Desktop Client for Mac Remote = Code Execution Product: Microsoft Remote Desktop Client for Mac Version: 8.0.36 and probably prior Vendor: www.microsoft.com Type: Arbitrary file read/write (leads to RCE) Risk lev...

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3770-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-6664 CVE-2...

[SECURITY] [DSA 3769-1] libphp-swiftmailer security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3769-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 22, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-swiftmailer CVE ID : CVE-2016-1007...

Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution

Hi @ll, the executable installers of "Pelles C", and, , available from , are vulnerable to DLL hijacking: they load (tested on Windows 7) at least the following DLLs from their "application directory" instead Windows "system directory": Version.dll, MSI.dll, UXTheme.dll, DWMAPI.dll, RichEd20.dll and CryptBase.dll See

NTOPNG Web Interface v2.4 CSRF Token Bypass

[+]##################################################################################### [+] Credits / Discovery: John Page AKA Hyp3rlinX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt [+] ISR: ApparitionSEC [+]##################################################################################### Vendor: ============ www.ntop.org Product: ==================== ntopng Web Interface v2.4.160627 nto...

[SECURITY] [DSA 3767-1] mysql-5.5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3767-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 19, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mysql-5.5 CVE ID : CVE-2017-3238 CVE-2017...

Novel Contributions to the field - How I broke MySQLs code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day

************************************************************************************ * * * Copyright (c) 2017, Advanced Information Security Corp / Oracle Inc. * * * * * ************************************************************************************ ABSTRACT =========== This industry-led research was conducted by Advanced Informati...

Novel Contributions to the Field - How I broke MySQLs codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day

************************************************** (c) 2017 Advanced Information Security Corporation and Oracle Inc. ************************************************** Author: Nicholas Lemonias Date: 17/01/2017 MySQL Remote 0day / Remote Buffer Overflows in NDBAPI Cluster Full report with technical details can be obtained from: https://www.docdroid.net/hwLnQVr/cve-2016-5541.pdf.html (References) [1] Oracle Critical Patch Update - January 2017. 2017. Oracle Criti...

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

--XcDc3rpECsRelDxJj2pP94M3nj0phrHhg Content-Type: multipart/mixed; boundary="ihoE1S35EwmwgfOWGiNA0GFi8DPBdqsLi"; protected-headers="v1" From: Julien Ahrens To: bugtraq@securityfocus.com Message-ID: <8ab8d85b-5031-95fa-f8db-b1c3310c90ad@rcesecurity.com> Subject: [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection --ihoE1S35EwmwgfOWGiNA0GFi8DPBdqsLi Content-Type: text/plain; charset=utf-8 Content-Tra...

[security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1Mzc2OTE3DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNzY5MTcNClZlcnNpb246IDENCg0KSFBTQk1VMDM2ODUgcmV2LjEgLSBIUEUg SW5zaWdodCBDb250cm9sIHNlcnZlciBwcm92aXNpb25pbmcgKElDc3ApLCBNdWx0aXBs ZQ0KUmVtb3...

ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891CF363MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891CF363MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-161.txt" Content-Description: ESA-2016-161.txt Content-Disposition: attachment; filename="ESA-2016-161.txt"; size=3585; creation-date="Thu, 05 Jan 2017 13:46:42 GMT"; modification-date="Wed, 18 Jan 2017 15:25:06 GMT" Content-...

ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891CF336MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891CF336MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-143.txt" Content-Description: ESA-2016-143.txt Content-Disposition: attachment; filename="ESA-2016-143.txt"; size=4079; creation-date="Tue, 03 Jan 2017 15:36:13 GMT"; modification-date="Wed, 11 Jan 2017 17:59:19 GMT" Content-...

[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue

CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache NiFi 1.0.0 Apache NiFi 1.1.0 Description: There is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not be properly handled when added to the DOM. Mitigation: 1.0.0 users should upgrade to 1.0.1 or 1.1.1. 1.1.0 users should upgrade to 1.1...

[SECURITY] [DSA 3764-1] pdns security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3764-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns CVE ID : CVE-2016-2120 CVE-2016-7068...

[SECURITY] [DSA 3743-2] python-bottle regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3743-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 15, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bottle Debian Bug : 850176 The upda...

[security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzMzMjk3DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMzMyOTcNClZlcnNpb246IDINCg0KSFBTQlNUMDM2NzEgcmV2LjIgLSBIUEUg U3RvcmVFdmVyIE1TTDY0ODAgVGFwZSBMaWJyYXJ5IE1hbmFnZW1lbnQgSW50ZXJmYWNl LA0KTXVsdG...

[SECURITY] [DSA 3765-1] icoutils security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3765-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 14, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icoutils CVE ID : CVE-2017-5331 CVE-2017-...

[security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzcwMTAwDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNzAxMDANClZlcnNpb246IDENCg0KSFBTQkdOMDM2ODkgcmV2LjEgLSBIUEUg RGlhZ25vc3RpY3MsIFJlbW90ZSBDcm9zcy1TaXRlIFNjcmlwdGluZyBhbmQgQ2xpY2sN CkphY2tpbm...

[security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzY5NDAzDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNjk0MDMNClZlcnNpb246IDENCg0KSFBTQkdOMDM2OTQgcmV2LjEgLSBIUEUg U2l0ZVNjb3BlLCBSZW1vdGUgRGlzY2xvc3VyZSBvZiBJbmZvcm1hdGlvbg0KDQpOT1RJ Q0U6IFRoZS...

ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)

Folks, Im curious about whether folks are filtering ICMPv6 PTB<1280 and/or IPv6 fragments targeted to BGP routers (off-list datapoints are welcome). In any case, you mind find it worth reading to check if youre affected (from Section 2 of recently-published RFC8021): ---- cut here ---- The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use ...

[SECURITY] [DSA 3760-1] ikiwiki security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3760-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ikiwiki CVE ID : CVE-2016-9646 CVE-2016-1...

CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application

Description of the potential vulnerability:Lack of appropriate exception handling in some applications allows attackers to make a systemUI crash easily resulting in a possible DoS attack Affected versions: L(5.0/5.1), M(6.0), and N(7.0) Disclosure status: Privately disclosed. The patch prevents systemUI crashes by handling unexpected exceptions. Fix: http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 SVE-2016-7122: Unexpected SystemUI FC driven by arbitrary application Sin...

[slackware-security] bind (SSA:2017-011-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2017-011-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.4_P5-i586-1_slack14.2.txz: Upgraded. This update fixes a denial-of-service vulnerability. An error in handling certain queries can cause an assertion f...

[slackware-security] gnutls (SSA:2017-011-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2017-011-02) New gnutls packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnutls-3.5.8-i586-1_slack14.2.txz: Upgraded. This update fixes some bugs and security issues. For more information, see: https://gnutls.org/security.html#GNUTLS-SA-2017-1 ...

CA20170109-01: Security Notice for CA Service Desk Manager

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20170109-01: Security Notice for CA Service Desk Manager Issued: January 10, 2017 Last Updated: January 10, 2017 CA Technologies support is alerting customers to a potential risk with CA Service Desk Manager. A vulnerability exists in RESTful web services that can potentially allow a remote authenticated attacker to view or modify sensitive information. Fixes are available. The vulnerability, CVE-2016-10086, is due to incorrect ...

[SECURITY] [DSA 3758-1] bind9 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3758-1 security@debian.org https://www.debian.org/security/ Florian Weimer January 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2016-9131 CVE-2016-9147 ...

Multiple Vulnerabilities in cPanel

===[ Introduction ]=== cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel equips server administrators with the necessary tools to provide top-notch hosting to customers on tens of thousands of servers worldwide. ===[ Description ]=== I) Cross Domain Scripting : A local user can run JavaScript code in other users domain and access cookies and compromise the victim website. POC : User "hacker" makes ".htmltemplates" directory i...

IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced

The following issue has been reported to Siemens ProductCERT in relation to Siemens Security Advisory SSA-603476, published on 2016-11-21. The issue has been treated with lower priority and treated outside the scope of SSA-603476 due to its lower security impact. As the finding is now addressed [1] the following details are published. ------------------------------------------------------------------------------ Summary: Inconsistency of IKEv1 cipher suite configuration Teste...

[SECURITY] [DSA 3757-1] icedove security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3757-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-9893 CVE-2016-9...

Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability

Document Title: =============== Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2028 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ==================================== 2028 Common Vulnerability Scoring System: ==================================== 3.5 Product & Service Introduction: =============================== Cobi Tools allows ...

Bit Defender #39 - Auth Token Bypass Vulnerability

Document Title: =============== Bit Defender #39 - Auth Token Bypass Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1683 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1683 Common Vulnerability Scoring System: ==================================== 5.9 Product & Service Introduction: =============================== Bitdefender is a Roma...

BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability

Document Title: =============== BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1901 Release Date: ============= 2017-01-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1901 Common Vulnerability Scoring System: ==================================== 3.6 Product & Service Introduction: =============================== Bring your c...

Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability

Document Title: =============== Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID (VL-ID): ==================================== 1900 Common Vulnerability Scoring System: ==================================== 4.2 Product & Service Introduction: =============================== Blackboard...

FreeBSD Security Advisory FreeBSD-SA-17:01.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:01.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: OpenSSH Announced: 2017-01-11 Affects: All supported versions of FreeBSD. Corrected: 2017-01-11 ...

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891C8C0FMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891C8C0FMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-096.txt" Content-Description: ESA-2016-096.txt Content-Disposition: attachment; filename="ESA-2016-096.txt"; size=4245; creation-date="Thu, 29 Dec 2016 16:06:43 GMT"; modification-date="Thu, 29 Dec 2016 16:10:15 GMT" Content-...

Directadmin ControlPanel 1.50.1 denial of service Vulnerability

DirectAdmin Control Panel version 1.50.1 suffers from a denial of service vulnerability. ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@ ...

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891C8736MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891C8736MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-096.txt" Content-Description: ESA-2016-096.txt Content-Disposition: attachment; filename="ESA-2016-096.txt"; size=4245; creation-date="Thu, 29 Dec 2016 16:06:43 GMT"; modification-date="Thu, 29 Dec 2016 16:10:15 GMT" Content-...

ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability

--_002_1BF8853173D9704A93EF882F85952A891C870AMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891C870AMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-096.txt" Content-Description: ESA-2016-096.txt Content-Disposition: attachment; filename="ESA-2016-096.txt"; size=4245; creation-date="Thu, 29 Dec 2016 16:06:43 GMT"; modification-date="Thu, 29 Dec 2016 16:10:15 GMT" Content-...

Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability

DirectAdmin Control Panel version 1.50.1 suffers from a cross site scripting vulnerability. ################################# # # @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ # @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@ ...

QuickBooks 2017 Admin Credentials Disclosure

+ Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com www.intuit.ca Product: --------------------- QuickBooks Desktop versions: 2017 Vulnerability Type: --------------------- Admin Credentials Disclosure Vulnerability Details: --------------------- Unattended access is the major security risk in QuickBooks Integrated Appl...

[SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure

CVE-2016-8745 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M13 Apache Tomcat 8.5.0 to 8.5.8 Apache Tomcat 8.0.0.RC1 to 8.0.39 (new) Apache Tomcat 7.0.0 to 7.0.73 (new) Apache Tomcat 6.0.16 to 6.0.48 (new) Description A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple...

ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A891C729EMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A891C729EMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-157.txt" Content-Description: ESA-2016-157.txt Content-Disposition: attachment; filename="ESA-2016-157.txt"; size=4545; creation-date="Wed, 14 Dec 2016 15:36:59 GMT"; modification-date="Mon, 19 Dec 2016 20:27:18 GMT" Content-...

[SECURITY] [DSA 3753-1] libvncserver security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3753-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond January 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libvncserver CVE ID : CVE-2016-9941 CVE-2...

[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzYxOTQ0DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNjE5NDQNClZlcnNpb246IDENCg0KSFBTQkdOMDM2ODggcmV2LjEgLSBIUEUg T3BlcmF0aW9ucyBPcmNoZXN0cmF0aW9uLCBSZW1vdGUgQ29kZSBFeGVjdXRpb24NCg0K Tk9USUNFOi...

[SECURITY] [DSA 3750-2] libphp-phpmailer regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3750-2 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst January 3, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-phpmailer CVE ID : CVE-2016-10033...

0-day: QNAP NAS Devices suffer of heap overflow

R3JlZXRpbmdzLA0KDQpUd2ljZSBJIHRyaWVkIHRvIHVzZSB0aGUgUU5BUCBXZWIgcGFnZSAoaHR0 cHM6Ly9haWQucW5hcC5jb20vZXZlbnQvX21vZHVsZS9uYXMvc2FmZV9yZXBvcnQvKSBmb3IgcmVw b3J0aW5nIHZ1bG5lcmFiaWxpdHksIGFuZCB0d2ljZSBJIGdvdCBtYWlsZXItZGFlbW9uIGJhY2su DQoNClNvLCBJ4oCZbGwgcG9zdCBteSB2dWxuZXJhYmlsaXRpZXMgaGVyZSBpbnN0ZWFkIChXYXMg bm90IG1lYW50IHRvIGJlIDAtZGF54oCmIHdoYXRldmVyKS4NCg0KSGF2ZSBhIG5pY2UgZGF5IChh bmQgaGFwcHkgbmV3IHllYXIpDQovYmFzaGlzDQoNCj09PT09PT09PT09PT09PT09PQ0KMSkgW0hl YXAgb3ZlcmZsb3ddDQo9PT09PT09PT09...

[SECURITY] [DSA 3750-1] libphp-phpmailer security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3750-1 security@debian.org https://www.debian.org/security/ Thijs Kinkhorst December 31, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-phpmailer CVE ID : CVE-2016-10033...

Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability

Forwarding the message em plain text mode to: - be accepted by securityfocuss mail server ( didnt accepted MIME Content-Type multipart/alternative ) - add oss-security@lists.openwall.com at the open receiver ( openwall is not accepting emails if in BCC) - adding missing Apaches security team (my bad, missed in the original email) Pedro Santos ---------- Forwarded message ---------- From: Pedro Santos Date: Sat, Dec 31, 2016 at 5:21 AM Subject: [ANNOUNCE] CVE-20...

[slackware-security] seamonkey (SSA:2016-365-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2016-365-03) New seamonkey packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/seamonkey-2.46-i586-1_slack14.2.txz: Upgraded. This update contains security fixes and improvements. For more information, see: http://www.seamonkey-project.org/releases/sea...

[slackware-security] mozilla-thunderbird (SSA:2016-365-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-thunderbird (SSA:2016-365-02) New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-thunderbird-45.6.0-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www....

[slackware-security] libpng (SSA:2016-365-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2016-365-01) New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.27-i586-1_slack14.2.txz: Upgraded. This release fixes an old NULL pointer dereference bug in png_set_text_2() discovered and patched by Patrick Kes...

[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage

[CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage Vendor: The Apache Software Foundation Versions Affected: Apache Qpid Broker for Java versions 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, and 6.1.0 Description: The Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these A...

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)

PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Discovered by Dawid Golunski (@dawid_golunski) https://legalhackers.com Desc: I discovered that the current PHPMailer versions (< 5.2.20) were still vulnerable to RCE as it is possible to bypass the currently available patch. This was reported responsibly to the vendor & assigned a CVEID on the 26th of December. The vendor has been working on a new patch which would fi...

PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]

--001a114f5d7cb6e26a0544a2b283 Content-Type: text/plain; charset=UTF-8 PHPMailer < 5.2.18 Remote Code Execution CVE-2016-10033 Heres an updated version of the advisory with more details + simple PoC. Still incomplete. There will be more updates/exploits soon at: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html https://twitter.com/dawid_golunski -- Regards, Dawid Golunski https://legalhackers.com t: @dawid_golunski --001a1...

[SECURITY] [DSA 3746-1] graphicsmagick security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3746-1 security@debian.org https://www.debian.org/security/ Luciano Bello December 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphicsmagick CVE ID : CVE-2015-8808 CVE...

[slackware-security] expat (SSA:2016-359-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] expat (SSA:2016-359-01) New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/expat-2.2.0-i586-1_slack14.2.txz: Upgraded. This update fixes bugs and security issues: Multiple integer overflows in XML_GetBuffer. Fix crash on malformed in...

[slackware-security] openssh (SSA:2016-358-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2016-358-02) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssh-7.4p1-i586-1_slack14.2.txz: Upgraded. This is primarily a bugfix release, and also addresses security issues. ssh-agent(1): Will now refuse to load P...

[slackware-security] httpd (SSA:2016-358-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2016-358-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.25-i586-1_slack14.2.txz: Upgraded. This update fixes the following security issues: * CVE-2016-8740: mod_http2: Mitigate DoS memory exhaustion via endless CONTINUATI...

XAMPP Control Panel Memory Corruption Denial Of Service

[+] Credits: John Page (hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/XAMPP-CONTROL-PANEL-MEMORY-CORRUPTION-DOS.txt [+] ISR: ApparitionSec Vendor: ===================== www.apachefriends.org Product: =================== XAMPP Control Panel XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB da...

[SECURITY] [DSA 3744-1] libxml2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3744-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxml2 CVE ID : CVE-2016-4658 CVE-2016-5...

FreeBSD Security Advisory FreeBSD-SA-16:39.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:39.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: XXXX-XX-XX Credits: Network Time Foundation Affects: All supported versions of F...

=?UTF-8?Q?CVE-2014-4138:_MSIE_11_MSHTML_CPaste=c2=adCommand::Conver?= =?UTF-8?Q?t=c2=adBitmapto=c2=adPng_heap-based_buffer_overflow?=

--bWDSRguq5iUX6NfhX0DnlsiiaH6beIapS Content-Type: multipart/mixed; boundary="8qxoh1rMxtkS114jOLeHPhx3qE5QOmlBG"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <44f85934-c2ee-9612-d940-a03c2b1e491b@nwever.nl> Subject: =?UTF-8?Q?CVE-2014-4138:_MSIE_11_MSHTML_CPaste=c2=adCommand::Conver?= =?UTF-8?Q?t=c2=adBitmapto=c2=adPng_heap-based_buffer_overflow?= --8qxoh1rMxtkS114jOLeHPhx3qE5QOmlBG ...

[SECURITY] [DSA 3732-2] php-ssh2 regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3732-2 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 21, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-ssh2 Debian Bug : 848632 The update fo...

ASP.NET Core 5-RC1 HTTP Header Injection

############################################################# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # ############################################################# # # Product: ASP.NET Core # Vendor: Microsoft https://www.microsoft.com # CSNC ID: CSNC-2016-006 # Subject: HTTP Header Injection # Risk: Medium # Effect: HTTP Header manipulation # Author: Reto Sch=E4dler (advisories@compass-security.com) # Date: 21.12.2...

[SECURITY] [DSA 3743-1] python-bottle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3743-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 20, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-bottle CVE ID : CVE-2016-9964 Deb...

CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free

--FcCpGCPuT2DrAB9m0HjlE8BXkcXmFXWHX Content-Type: multipart/mixed; boundary="qT4ulKClpgKl0AoUUsBHSblr87kImLmbg"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free --qT4ulKClpgKl0AoUUsBHSblr87kImLmbg Content-Type: multipart/mixed; boundary="------------6...

[SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2016-115 Product: Expressway Manufacturer: Cisco Affected Version(s): below X8.9 Tested Version(s): X8.8.1 Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-11-10 Solution Date: 2016-12-05 Public Disclosure: 2016-12-14 CVE Reference: CVE-2016-9207 Author of Advisory: Micha Borrmann, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

[SECURITY] [DSA 3738-1] tomcat7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3738-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat7 CVE ID : CVE-2016-6816 CVE-2016-8...

Samsung DVR credentials encoded in base64 in cookie header

Product: Samsung DVR Impact: High Intro ~~~~~~~~~~~~~~~ Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits the credentials encoded in the Cookie header using very bad security practice, just encoding the login and password in BASE64 codification. It is trivial to decode those values and gain access to Samsung DVR web interface to monitor and control IP cameras, if the default credentials have been changed. Vulnerable code ~~~~~~~~~~~~~~~ http://192.168....

[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzU2MzYzDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNTYzNjMNClZlcnNpb246IDENCg0KSFBTQk1VMDM2ODQgcmV2LjEgLSBIUEUg VmVyc2lvbiBDb250cm9sIFJlcG9zaXRvcnkgTWFuYWdlciAoVkNSTSksIE11bHRpcGxl DQpSZW1vdG...

[SECURITY] [DSA 3736-1] libupnp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3736-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libupnp CVE ID : CVE-2016-6255 CVE-2016-8...

CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom

Description of the potential vulnerability:Lack of appropriate exception handling in some receivers of the Telecom application allows attackers crash the system easily resulting in a possible DoS attack Affected versions: L(5.0/5.1), M(6.0) Disclosure status: Privately disclosed. The patch prevents system crashes by handling unexpected exceptions. Fix: http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 SVE-2016-7119, SVE-2016-7120, and SVE-2016-7121: Possible Privilege Escalat...

CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free

--ULn1Q2gdo1ejrjoMLib9Rq845CTmWf3nN Content-Type: multipart/mixed; boundary="N8F0NI2svgEMvcLMqA5L2GNJ6DRbD8Lvd"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <8a162f75-01a4-c650-349e-42234aa25247@nwever.nl> Subject: CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free --N8F0NI2svgEMvcLMqA5L2GNJ6DRbD8Lvd Content-Type: multipart/mixed; boundary="------------B34EDE250B5B1B063...

=?UTF-8?Q?MSIE_9_IEFRAME_CMarkup=c2=adPointer::Move=c2=adTo=c2=adGa?= =?UTF-8?Q?p_use-after-free?=

--PLsaQRAwLdanVC7o0hKRiIJPNIFtlMvqm Content-Type: multipart/mixed; boundary="lE3wcv5cguNG3wl74uUpqAjepf5fna3At"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: =?UTF-8?Q?MSIE_9_IEFRAME_CMarkup=c2=adPointer::Move=c2=adTo=c2=adGa?= =?UTF-8?Q?p_use-after-free?= --lE3wcv5cguNG3wl74uUpqAjepf5fna3At Content-Type: multipart/mixed; b...

Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]

Vulnerability: Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution CVE-2016-9565 Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Severity: High Nagios Core comes with a PHP/CGI front-end which allows to view status of the monitored hosts. This front-end contained a Command Injection vulnerability in a RSS feed reader class that loads (via insecure clear-text HTTP or HTTPS accepting self-signed certificates) the latest Nagios new...

Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt [+] ISR: ApparitionSec Vendor: ============= www.adobe.com Product(s): ============================= Adobe Animate 15.2.1.95 and earlier versions Adobe Animate (formerly Adobe Flash Professional, Macromedia Flash, and FutureSplash Animator) is a multimedia authoring and computer anima...

Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability

====================================================================== Secunia Research 2016/12/14 Microsoft Windows Type 1 Font Processing Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solutio...

=?UTF-8?Q?CVE-2013-3143:_MSIE_9_IEFRAME_CMarkup..Remove=c2=adPointe?= =?UTF-8?Q?r=c2=adPos_use-after-free?=

--li4oIRDALM3jocBDNjLVV2dG2ItA0MOJT Content-Type: multipart/mixed; boundary="Mj0lItvgnt16jIdHJtCPxmfdHt0Fggh3C"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: =?UTF-8?Q?CVE-2013-3143:_MSIE_9_IEFRAME_CMarkup..Remove=c2=adPointe?= =?UTF-8?Q?r=c2=adPos_use-after-free?= --Mj0lItvgnt16jIdHJtCPxmfdHt0Fggh3C Content-Type: text/plain;...

[slackware-security] mozilla-firefox (SSA:2016-348-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-348-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.6.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.o...

MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free

--7FRit1KWduCQRuC1DD6WXHOas29VoLWkA Content-Type: multipart/mixed; boundary="9ACk88tXmODvwbC6FLnb89Xm67u5U8JXP"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <10a6188e-ec3f-9dd9-8b14-206f1753697e@nwever.nl> Subject: MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free --9ACk88tXmODvwbC6FLnb89Xm67u5U8JXP Content-Type: multipart/mixed; boundary="------------CA2122E674C6ADF39B74A57...

APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 watchOS 3.1.1 addresses the following: Accounts Available for: All Apple Watch models Impact: An issue existed which did not reset the authorization settings on app uninstall Description: This issue was addressed through improved sanitization. CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro Audio Available for: All Apple Watch models Impac...

APPLE-SA-2016-12-13-8 Transporter 1.9.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-8 Transporter 1.9.2 Transporter 1.9.2 is now available and addresses the following: iTMSTransporter Available for: iTunes Producer 3.1.1, OS X v10.6 and later (64 bit), Windows 7 and later (32 bit), and Red Hat Enterprise Linux (64 bit) Impact: Parsing maliciously crafted EPUB may lead to disclosure of user information Description: An information disclosure issue existed in the parsing of EPUB. This issue was add...

APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 iOS 10.2 addresses the following: Accessibility Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A nearby user may be able to overhear spoken passwords Description: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords. CVE-20...

APPLE-SA-2016-12-13-2 Safari 10.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-2 Safari 10.0.2 Safari 10.0.2 is now available and addresses the following: Safari Reader Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.1 Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting Description: Multiple validation issues were addressed through improved input sanitization. CVE-2016-7650: Erling E...

APPLE-SA-2016-12-13-3 iTunes 12.5.4

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-13-3 iTunes 12.5.4 iTunes 12.5.4 is now available and addresses the following: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4692: Apple CVE-2016-7635: Apple CVE-2016-7652: Apple WebKit Impact: Processing maliciously crafted web content may result in the disc...

[slackware-security] kernel (SSA:2016-347-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kernel (SSA:2016-347-01) New kernel packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.38/*: Upgraded. This kernel fixes a security issue with a race condition in net/packet/af_packet.c that can be exploited to gain kernel code execution from unprivileged processe...

[slackware-security] php (SSA:2016-347-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-347-03) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.29-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.29 https://cve.mitre.or...

Apple iOS/tvOS/watchOS Remote memory corruption through certificate

Apple iOS/tvOS/watchOS Remote memory corruption through certificate file Source: https://cxsecurity.com/issue/WLB-2016110046 -------------------------------------------------------------------------------------- 0. Short description Special crafted certificate file may lead to memory corruption of several processes and the vector attack may be through Mobile Safari or Mail app. Attacker may control the overflow through the certificate length in OCSP field ------------------------------...

APPLE-SA-2016-12-12-2 watchOS 3.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-12-2 watchOS 3.1.1 watchOS 3.1.1 is now available and addresses the following: Accounts Available for: All Apple Watch models Impact: An issue existed which did not reset the authorization settings on app uninstall Description: This issue was addressed through improved sanitization. CVE-2016-7651: Ju Zhu and Lilang Wu of Trend Micro Profiles Available for: All Apple Watch models Impact: Opening a maliciously c...

APPLE-SA-2016-12-12-3 tvOS 10.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-12-3 tvOS 10.1 tvOS 10.1 is now available and addresses the following: Profiles Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of certificate profiles. This issue was addressed through improved input validation. CVE-2016-7626: Maksymilian Arciemowicz (cxsecurity.com) In...

APPLE-SA-2016-12-12-1 iOS 10.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-12-12-1 iOS 10.2 iOS 10.2 is now available and addresses the following: Accessibility Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: A nearby user may be able to overhear spoken passwords Description: A disclosure issue existed in the handling of passwords. This issue was addressed by disabling the speaking of passwords. CVE-2016-7634: Davut Hari Access...

[SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure

CVE-2016-8745 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M13 Apache Tomcat 8.5.0 to 8.5.8 Earlier versions are not affected. Description The refactoring of the Connector code for 8.5.x onwards introduced a regression in the error handling of the send file code for the NIO HTTP connector. An error during send file processing resulted in the current Processor object being adde...

[SECURITY] [DSA 3730-1] icedove security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3730-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 11, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icedove CVE ID : CVE-2016-5290 CVE-2016-5...

=?UTF-8?Q?MSIE_9_MSHTML_CElement::Has=c2=adFlag_memory_corruption?=

--59r1omF6FD6I76TVhrhSxGVRkTOEP5o3p Content-Type: multipart/mixed; boundary="unhxOuA3hCCnEvpr0D8WEPtvIu5Ndgt4o"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <6877b613-599a-d51e-eb32-de6626274554@nwever.nl> Subject: =?UTF-8?Q?MSIE_9_MSHTML_CElement::Has=c2=adFlag_memory_corruption?= --unhxOuA3hCCnEvpr0D8WEPtvIu5Ndgt4o Content-Type: multipart/mixed; boundary="------------964E9BEE53B7...

Symantec VIP Access Desktop Arbitrary DLL Execution

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-VIP-ACCESS-ARBITRARY-DLL-EXECUTION.txt [+] ISR: ApparitionSec Vendor: ================ www.symantec.com Product: =================== Symantec VIP Access Desktop versions prior to 2.2.2 Vulnerability Type: ======================= Arbitrary DLL Execution CVE Reference: ============== CVE-2016-6593 Vulnerabili...

AST-2016-009:

Asterisk Project Security Advisory - ASTERISK-2016-009 Product Asterisk Summary Nature of Advisory Authentication Bypass Susceptibility Remote unauthenticated sessions Severity Minor Exploits Known No ...

AST-2016-008: Crash on SDP offer or answer from endpoint using Opus

Asterisk Project Security Advisory - AST-2016-008 Product Asterisk Summary Crash on SDP offer or answer from endpoint using Opus Nature of Advisory Remote Crash Susceptibility Remote unauthenticated sessions Severity Critical...

=?UTF-8?Q?CVE-2013-1306:_MSIE_9_MSHTML_CDisp=c2=adNode::Insert?= =?UTF-8?Q?=c2=adSibling=c2=adNode_use-after-free_details?=

--OL1jH63odqD4G1X7pElP6NgkuF4Eqpo8r Content-Type: multipart/mixed; boundary="msNPadATCMoSsgpqAjsFfDiF3Wl1w37ru"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: =?UTF-8?Q?CVE-2013-1306:_MSIE_9_MSHTML_CDisp=c2=adNode::Insert?= =?UTF-8?Q?=c2=adSibling=c2=adNode_use-after-free_details?= --msNPadATCMoSsgpqAjsFfDiF3Wl1w37ru Content-T...

[security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzQ5NDk5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNDk0OTkNClZlcnNpb246IDENCg0KSFBTQkhGMDM2NzQgcmV2LjEgSFBFIENv bXdhcmUgNSBhbmQgQ29td2FyZSA3IE5ldHdvcmsgUHJvZHVjdHMgdXNpbmcgU1NML1RM UywNClJlbW...

Microsoft Remote Desktop Client for Mac Remote Code Execution

--Apple-Mail=_1DA8D90D-BC7A-4311-BA9F-94D5154AB514 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Advisory ID: SGMA16-004 Title: Microsoft Remote Desktop Client for Mac Remote Code Execution Product: Microsoft Remote Desktop Client for Mac Version: 8.0.36 and probably prior Vendor: www.microsoft.com Vulnerability type: Undisclosed Risk level: 4 / 5 Credit: filippo.cavallarin@wearesegment.com CVE: N/A Vendor notification: 2016-07-13 Vendo...

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security Please refer to https://www.esnc.de for the original security advisory, updates, and additional information. ---------------------------------------------------------------------- 1. Business Impact ---------------------------------------------------------------------- According to PwC website: - "Using the proprietary ACE software, we perform diagnostics of SAP=E2=80= =99s inherent risks and back...

=?UTF-8?Q?CVE-2015-1730:_MSIE_jscript9_Java=c2=adScript=c2=adStack?= =?UTF-8?Q?=c2=adWalker_memory_corruption_details_and_PoC?=

--NtjlAJv6FDR6aDGkB4wg6fg1VTNNhdhXo Content-Type: multipart/mixed; boundary="KJewa9DcWKIU2viOXwtnefA03koebJsSA"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <97f6ca3a-0c99-b122-9b39-96e3101f51f9@nwever.nl> Subject: =?UTF-8?Q?CVE-2015-1730:_MSIE_jscript9_Java=c2=adScript=c2=adStack?= =?UTF-8?Q?=c2=adWalker_memory_corruption_details_and_PoC?= --KJewa9DcWKIU2viOXwtnefA03koebJsSA Conte...

CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used

--Apple-Mail=_A210AFCA-A125-4B40-8862-15D1E39382BC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Security Advisory - Apache Software Foundation Apache HTTPD WebServer / httpd.apache.org Server memory can be exhausted and service denied when HTTP/2 is = used CVE-2016-8740 The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply = limitations on request headers correctly when experiment...

Microsoft MSINFO32.EXE ".NFO" Files XML External Entity

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt [+] ISR: ApparitionSec Vendor: ================= www.microsoft.com Product: ========================== Windows System Information MSINFO32.exe v6.1.7601 Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system components, and software environment. Parameters FileName...

Microsoft Windows Media Center "ehshell.exe" XML External Entity

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt [+] ISR: ApparitionSec Vendor: ================== www.microsoft.com Product: ================================== Windows Media Center "ehshell.exe" version 6.1.7600 Vulnerability Type: ==================== XML External Entity CVE Reference: ============== N/A ...

[slackware-security] mozilla-firefox (SSA:2016-336-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-336-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.o...

[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI0NzU5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjQ3NTkNClZlcnNpb246IDMNCg0KSFBTQlVYMDM2NjUgcmV2LjMgLSBIUC1V WCBUb21jYXQtYmFzZWQgU2VydmxldCBFbmdpbmUsIFJlbW90ZSBEZW5pYWwgb2YNClNl cnZpY2UgKE...

[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzQ3NTQxDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNDc1NDENClZlcnNpb246IDENCg0KSFBTQkdOMDM2ODAgcmV2LjEgLSBIUEUg UHJvcGVsLCBMb2NhbCBEZW5pYWwgb2YgU2VydmljZSAoRG9TKSwgRXNjYWxhdGlvbiBv Zg0KUHJpdm...

[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzQ0ODQ5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNDQ4NDkNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NzcgcmV2LjEgLSBIUEUg TmV0d29yayBBdXRvbWF0aW9uIHVzaW5nIFJQQ1NlcnZsZXQgYW5kIEphdmENCkRlc2Vy aWFsaXphdG...

[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-05-02 === e107 Content Management System (CMS) - Multiple Issues ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Affected Versions ================= e107 2.1.2 Bootstrap CMS Issue Overview ============== Vulnerability Type: Multiple Vulnerabilities Technical Risk: medium Likelihood of Exploitation: medium Vendor: e107 Vendor URL: http://www.e107.org Credits: FOXMOLE employee Tim Her...

[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzQxNDYzDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzNDE0NjMNClZlcnNpb246IDENCg0KSFBTQkhGMDM2ODIgcmV2LjEgLSBIUEUg Q29td2FyZSA3IE5ldHdvcmsgUHJvZHVjdHMgdXNpbmcgU1NML1RMUywgTG9jYWwgR2Fp bg0KUHJpdm...

[RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler

--CblX+4bnyfN0pR09 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting discovered behaviour in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled. Details =3D=3D=3D=3D=3D=3D=3D Product: Less Compiler Affected Versio...

XSS in tooltip plugin of Zurb Foundation 5

XSS vulnerabilty in the tooltip plugin of Zurb Foundation 5.x ============================================================= URL to this advisory: https://nop.li/foundation5tooltipxss Vendor ====== http://zurb.com/ Product ======= (Taken from http://foundation.zurb.com/sites/docs/v/5.5.3/) Foundation is the most advanced, responsive front-end framework in the world. The framework is mobile friendly and ready for you to customize it any way you want to use it. Vulnerability Ty...

Google Chrome Accessibility blink::Node corruption details

--CWSAVFqm0T57tBcr5JTb8L1bT0HPTegJ0 Content-Type: multipart/mixed; boundary="4QxlvlXLcQOkhJdIup1aorJs5McchACsB"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <6918d741-8aca-deb0-db61-3b5e0a6790be@nwever.nl> Subject: Google Chrome Accessibility blink::Node corruption details --4QxlvlXLcQOkhJdIup1aorJs5McchACsB Content-Type: multipart/mixed; boundary="------------6ACE69CB8211BF2D654E6...

SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic

--------------ms040207030605040705080702 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20161128-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Denial of service & heap-based buffer overflow prod...

[SECURITY] [DSA 3725-1] icu security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3725-1 security@debian.org https://www.debian.org/security/ Luciano Bello November 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2014-9911 CVE-2015-2632 ...

Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/CORE-FTP-REMOTE-SSH-SFTP-BUFFER-OVERFLOW.txt [+] ISR: ApparitionSec Vendor: =============== www.coreftp.com Product: ======================== Core FTP LE (client) v2.2 build 1883 Core FTP LE - free Windows software that includes the client FTP features you need. Features like SFTP (SSH), SSL, TLS, FTPS, IDN, browser integration, site...

WorldCIST2017 - Submission deadline: November 30

* Best papers published in several SCI/SSCI-indexed journals ** Proceedings by Springer, indexed by ISI, Scopus, DBLP, EI-Compendex= , etc. ----------------------------------------------------------------------= ----------- WorldCIST17 - 5th World Conference on Information Systems and Technol= ogies=20 Porto Santo Island, Madeira, Portugal 11th-13th of April 2017 http://www.worldcist.org/ ------------------------------------------------------------------------- SCOPE The Worl...

CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2016-6803 Apache OpenOffice Advisory Title: Windows Installer Can Enable Privileged Trojan Execution Version 1.0 Announced October 11, 2016 Description The Apache OpenOffice installer for Windows contained a defective operation that could trigger execution of unwanted software installed by a Trojan Hors...

Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic

********************************************************************* Call for Participation CyberSec2017: The Fifth International Conference on Cyber Security, Cyber Welfare and Digital Forensic 22-24 April 2017, St. Marys University, Addis Ababa, Ethiopia https://goo.gl/mbDr7F ********************************************************************* You are cordially invited to participate the 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic ...

Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic

[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3724-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-good0.10 CVE ID : CVE-2016-96...

[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3723-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gst-plugins-good1.0 CVE ID : CVE-2016-963...

WorldCIST17 - Submission deadline: November 27

* Best papers published in SCI/SSCI-indexed journals ** Proceedings by Springer, indexed in ISI, Scopus, DBLP, EI-Compendex= , etc. ----------------------------------------------------------------------= ----------- WorldCIST17 - 5th World Conference on Information Systems and Technol= ogies=20 Porto Santo Island, Madeira, Portugal 11th-13th of April 2017 http://www.worldcist.org/ ------------------------------------------------------------------------- SCOPE The WorldCist17 ...

[SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-107 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Low Solution Status: Open Manufacturer Notification: 2016-10-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier (SySS GmbH) ~...

[SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-071 Product: Smart GSM Alarm SA 2500 Kit Manufacturer: Blaupunkt Affected Version(s): v1.0 Tested Version(s): v1.0 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-14 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~...

[SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-064 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Improper Restriction of Excessive Authentication Attempts (CWE-307) Risk Level: High Solution Status: Open Manufacturer Notification: 2016-07-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of A...

[SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-066 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier, SySS GmbH ~...

[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition

Vulnerability: GNU Wget < 1.18 Access List Bypass / Race Condition CVE-2016-7098 Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Severity: Medium GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode, is affected by a Race Condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with -A parameter. This might allow attackers to place malicious/restricted files onto the system....

[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzM2ODg4DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMzY4ODgNClZlcnNpb246IDENCg0KSFBTQkhGMDM2NzMgcmV2LjEgLSBIUEUg Q29td2FyZSA1IGFuZCBDb213YXJlIDcgTmV0d29yayBQcm9kdWN0cyB1c2luZw0KU1NM L1RMUywgTX...

=?UTF-8?Q?CVE-2015-1251:_Chrome_blink_Speech=c2=adRecognition=c2=ad?= =?UTF-8?Q?Controller_use-after-free_details?=

--o403ejNLWeq7gI2AQF430c0PqE1puMRwe Content-Type: multipart/mixed; boundary="r9AxE6iVI7itlQfVctSXnlarTOQnO5FKU"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <2d8d5f15-6547-0d5b-50c1-63491c07bbf1@nwever.nl> Subject: =?UTF-8?Q?CVE-2015-1251:_Chrome_blink_Speech=c2=adRecognition=c2=ad?= =?UTF-8?Q?Controller_use-after-free_details?= --r9AxE6iVI7itlQfVctSXnlarTOQnO5FKU Content-Type: mul...

[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-106 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-09-26 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS Gmb...

[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-072 Product: Protect 9061 Manufacturer: Olympia Affected Version(s): Article No. 5943 rev.03 Tested Version(s): Article No. 5943 rev.03 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-21 Solution Date: 2016-11-14 Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ...

[CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities

1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL: http://www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode: User release 2. Vulnerability Information Class: Missing Authentication for Critical Function [CWE-306], Buffer Copy without Checking Size of Input (Classic Buffer Overflow) [CWE-120] Impact: Code...

CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details

--Bbe3FNqqXtdG5i6qNqsGMwXaCtiRb58Gc Content-Type: multipart/mixed; boundary="oIScxQrNQdVVFxRBgsmF1KDR0lLEHnxws"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <3fe8d791-0a0b-de40-f24e-8a4168e86c32@nwever.nl> Subject: CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details --oIScxQrNQdVVFxRBgsmF1KDR0lLEHnxws Content-Type: multipart/mixed...

Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1

The following vulnerabilities have been reported to Siemens CERT and are now covered by by Siemens Security Advisory SSA-603476, published today (2016-11-21) and available at the following URL: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf -- CVE-016-8672 --------------------------------------------------------- Summary: Lack of cookie protection for management web interface. Affected products: SIMATIC CP 343-1 Advanced: All versions < V3.0.53 ...

[SECURITY] [DSA 3719-1] wireshark security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3719-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond November 21, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wireshark CVE ID : CVE-2016-9373 CVE-2016...

[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-034] SAP NetWeaver AS JAVA =E2=80=93 XXE vulnerability = in BC-BMT-BPM-DSK component Advisory ID:[ERPSCAN-...

Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)

Vulnerability: Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247) Discovered by: Dawid Golunski (@dawid_golunski) https://legalhackers.com Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who h...

[RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting

--ifQbMluis72B0l2pkBgLJp440KJgtQAU4 Content-Type: multipart/mixed; boundary="9uhWUkUEt3s9C3smTNFiuHaic5F3IbR8f"; protected-headers="v1" From: Julien Ahrens To: bugtraq@securityfocus.com Message-ID: <6d5c4db3-7e6a-2a1a-9e23-b59db4022458@rcesecurity.com> Subject: [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting --9uhWUkUEt3s9C3smTNFiuHaic5F3IbR8f Content-Type: text/plain; charset=utf-8 Content-...

[RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure

--tiWMXUgjs9RlQsQd5t7fsK9Ai2tEELslw Content-Type: multipart/mixed; boundary="sPOESVcpHjvUrwSEG6945r5mRc9oqBQbe"; protected-headers="v1" From: Julien Ahrens To: bugtraq@securityfocus.com Message-ID: <3b935538-be05-456e-a121-e50b2de85230@rcesecurity.com> Subject: [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure --sPOESVcpHjvUrwSEG6945r5mRc9oqBQbe Content-Type: text/plain; charset=utf-8 Content...

[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution

--FGq11c6T58KrRIJNdcvmT3BdijFvBAaGX Content-Type: multipart/mixed; boundary="fgMrFvQOxIUleF1nRttO5Bsrl9IUbkciC"; protected-headers="v1" From: Julien Ahrens To: bugtraq@securityfocus.com Message-ID: Subject: [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution --fgMrFvQOxIUleF1nRttO5Bsrl9IUbkciC Content-Type: text/plain; cha...

[RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution

--H2M4c7l4V4w4xKdMSMe1hErc9ThorlWM5 Content-Type: multipart/mixed; boundary="8URENhUVpgMO3KLU5IOEjBvQwOL1erdO1"; protected-headers="v1" From: Julien Ahrens To: bugtraq@securityfocus.com Message-ID: <2521ebcb-465c-c04f-ef6d-d3b56b9bd53c@rcesecurity.com> Subject: [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution --8URENhUVpgMO3KLU5IOEjBvQwOL1erdO1 Content-Type: text/p...

Multiple issues in OpManager 12100 & 12200

Title: Multiple issues in OpManager Author: Michael Heydon Product: OpManager Tested Versions: 12100 & 12200 Vendor: Zoho ManageEngine Vendor Notified: 2016-08-14 Disclosure Date: 2016-11-20 Product Description: ==================== OpManager is a web-based network monitoring system. It is used primarily by IT staff and it stores credentials in order to log in to systems which are to be monitored. According to ManageEngine it is "Trusted by over a Million administrators wor...

[security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzM3MDI1DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMzcwMjUNClZlcnNpb246IDENCg0KSFBTQkhGMDM2NzUgcmV2LjEgLSBIUEUg SW50ZWdyYXRlZCBMaWdodHMtT3V0IDMgYW5kIDQgKGlMTyAzLCBpTE8gNCksDQpDcm9z cy1TaXRlIF...

Putty Cleartext Password Storage

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUTTY.EXE-INSECURE-PASSWORD-STORAGE.txt [+] ISR: ApparitionSec Vendor: ========================== www.chiark.greenend.org.uk Product: =========== Putty.exe v0.67 PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rl...

Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin

------------------------------------------------------------------------ Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the WP Canvas - Shortcodes WordPress Plugin...

Cross-Site Scripting in Check Email WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting in Check Email WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Check Email WordPress Plugin. This issue allows an atta...

Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Huge IT Portfolio Gallery WordPress Plugi...

[slackware-security] mozilla-firefox (SSA:2016-323-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2016-323-01) New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-45.5.0esr-i586-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: http://www.mozilla.or...

CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details

--MWSTeCgAIvBHvkM12pv4Ap9Db7RVlRJVw Content-Type: multipart/mixed; boundary="2p7hjMKcHRS3Ljh1GcPXcpkls3pQkQN94"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <1dac5446-0936-fa79-776d-e308aef21681@nwever.nl> Subject: CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details --2p7hjMKcHRS3Ljh1GcPXcpkls3pQkQN94 Content-Type: multipart/mixed; boundary="------------2CF...

Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability

Document Title: =============== Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2003 Release Date: ============= 2016-11-14 Vulnerability Laboratory ID (VL-ID): ==================================== 2003 Common Vulnerability Scoring System: ==================================== 4 Product & Service Introduction: ==========================...

=?UTF-8?Q?=5BERPSCAN=2D16=2D031=5D_SAP_NetWeaver_AS_ABAP_=E2=80=93_directory?= =?UTF-8?Q?_traversal_using_READ_DATASET?=

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria Prosochkina (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP =E2=80=93 directory traversal using READ DATASET Advisory ID...

=?UTF-8?Q?=5BERPSCAN=2D16=2D032=5D_SAP_Telnet_Console_=E2=80=93_Directory_tr?= =?UTF-8?Q?aversal_vulnerability?=

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-032] SAP Telnet Console =E2=80=93 Directory traversal vu= lnerability Advisory ID:[ER...

Executable installers are vulnerable^WEVIL (case 41): EmsiSofts Emergency Kit allows elevation of privilege for everybody

Hi @ll, in response to EmsiSoft fixed some of the DLL hijacking vulnerabilities in some of their executable installers and unpackers. EmsisoftEmergencyKit.exe still has beginners errors which allow escalation of privilege for EVERY local user: 0. while the self-extracting WinRAR archive EmsisoftEmergencyKit.exe doesnt load DLLs from its "application directory" any more, its payload but shows this vulnerability! 1. due to "re...

[SECURITY] [DSA 3716-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3716-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2016-5290 CVE-20...

[security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzMzMzg0DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMzMzODQNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NzYgcmV2LjEgLSBIUEUg SGVsaW9uIE9wZW5TdGFjayBHbGFuY2UgSW1hZ2UgU2VydmljZSwgUmVtb3RlIERlbmlh bA0Kb2YgU2...

CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details

--D1ltsKI4mKf2N8PrU6tICRInPi6Mgkdc1 Content-Type: multipart/mixed; boundary="IdgiuuSWXT2A2MFtBxbK3o92sPjObXs80"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <9d965d98-37dd-1b68-5279-4ab358e4d4e3@nwever.nl> Subject: CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details --IdgiuuSWXT2A2MFtBxbK3o92sPjObXs80 Content-Type: multipart/mixed; boundary="------------05B...

[security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzMzMjk3DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMzMyOTcNClZlcnNpb246IDENCg0KSFBTQlNUMDM2NzEgcmV2LjEgLSBIUEUg U3RvcmVFdmVyIE1TTDY0ODAgVGFwZSBMaWJyYXJ5LCBSZW1vdGUgVW5hdXRob3JpemVk DQpEaXNjbG...

Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset

### Device Details Vendor: Actiontec (Telus Branded) Model: WCB3000N Affected Firmware: v0.16.2.5 Device Manual: http://static.telus.com/common/cms/files/internet/wifi_plus_= extender.pdf Reported: November 2015 Status: Fixed on newest pushed firmware version CVE: Update is handled by the vendor, therefore no CVE needed. The Telus Actiontec WCB3000N is a access-point/bridge for MoCA, Gigabit Ethernet, and both 802.11AGN 2.4GHz and 5GHz wireless spectrums. It provides a web interfa...

CVE-2016-4484: - Cryptsetup Initrd root Shell

--kqals4uPuqWG7BVPtEbcKEbgx9K91VBRI Content-Type: multipart/mixed; boundary="PtFoJUpcgAUQBTdNRUdd3oGa8PSnNF7vB" From: Hector Marco To: fulldisclosure@seclists.org, oss security list , bugtraq@securityfocus.com Message-ID: <88958a9e-25c1-97ce-1800-bc4bff93d9a9@hmarco.org> Subject: CVE-2016-4484: - Cryptsetup Initrd root Shell --PtFoJUpcgAUQBTdNRUdd3oGa8PSnNF7vB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quo...

[security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI0NzU5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjQ3NTkNClZlcnNpb246IDINCg0KSFBTQlVYMDM2NjUgcmV2LjIgLSBIUC1V WCBUb21jYXQtYmFzZWQgU2VydmxldCBFbmdpbmUsIFJlbW90ZSBEZW5pYWwgb2YNClNl cnZpY2UgKE...

[security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI0NzU1DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjQ3NTUNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NjkgcmV2LjEgLSBIUEUg U2l0ZVNjb3BlLCBMb2NhbCBFbGV2YXRpb24gb2YgUHJpdmlsZWdlLCBSZW1vdGUNCkRl bmlhbCBvZi...

Multiple vulnerabilities in Barco Clickshare

CVE-2016-3149 - Remote Code Execution in Barco ClickShare CSC-1 and CSM-1 Affected versions: all versions prior to v01.09.03 (CSC-1) and v01.06.02 (C= SM-1). A remote code execution vulnerability exists within the Barco ClickShare ba= se unit software, that could lead to full compromise of the appliance. CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and C= SE-200 Affected versions:=A0 all versions prior to v01.09.03 (CSC-1), v01.06.02 (C= SM-1) and v01.03.02 (CS...

SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2

--------------ms060003080804070802010807 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20161114-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: Multiple vulnerabilities product: I-Panda SolarEagl...

CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details

--SQWrE5EmQEjjRPEq81eBUBrPSVBtvXF5X Content-Type: multipart/mixed; boundary="3CEsmTAMD3006cXBf7XTBT5fpnURDu1vs"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: <835dc12e-fcc6-4569-8b84-1c64d9a72d93@nwever.nl> Subject: CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details --3CEsmTAMD3006cXBf7XTBT5fpnURDu1vs Content-Type: multipart/mixed; boun...

WHM Panel Mail Delivery Reports crash database Vulnerability

Mail Delivery Reports crash database Local Vulnerability in WHM Panel All Version ########################### # WHM Panel Mail Delivery Reports crash database Vulnerability ########################### ##################################### # Iranian Exploit DataBase And Security Team - iedb.ir # Title : WHM Panel Mail Delivery Reports crash database Vulnerability # Vulnerability : Crash sendmail Database in whm panel # Version : WHM 60.0 (build 17) # L...

[CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: Apache Openmeetings is vulnerable to Remote Code Execution via RMI deserialization attack The issue was fixed in 3.1.2 All users are recommended to upgrade to Apache OpenMeetings 3.1.3 Credit: This issue was identified by Jacob Baines, Tenable Network Security Apache OpenMeetings Team ...

WHM Panel Mail Delivery Reports crash database Vulnerability

Mail Delivery Reports crash database in whm panel 60.0 ( build 17) version local exploit Pic:http://kkli.ir/C6LGY ##################################### # Iranian Exploit DataBase And Security Team - iedb.ir # Title : WHM Panel Mail Delivery Reports crash database Vulnerability # Vulnerability : Crash sendmail Database in whm panel # Version : WHM 60.0 (build 17) # Local Vulnerability # Method(s): POST # pic : http://kkli.ir/C6LGY # Author : IeDb.Ir ...

CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart

Description of the potential vulnerability: Severity: Low Affected versions: L(5.0/5.1), M(6.0) Disclosure status: Privately disclosed. One of the activities in SystemUI can produce array index out of bounds exception as a combination of some APIs and it leads to UI restart. The patch fixes the vulnerability in the corresponding APIs. Fix: http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 SVE-2016-6906: A IDX Out of Bound vulnerability in systemui can make crash and ui rest...

[SECURITY] [DSA 3711-1] mariadb-10.0 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3711-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : mariadb-10.0 CVE ID : CVE-2016-3492 CVE-2...

Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability

====================================================================== Secunia Research 2016/11/10 Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability...

=?UTF-8?Q?CVE-2016-6809_=E2=80=93_Arbitrary_Code_Execution_Vu?= =?UTF-8?Q?lnerability_in_Apache_Tika=E2=80=99s_MATLAB_Parser_?=

CVE-2016-6809 =E2=80=93 Arbitrary Code Execution Vulnerability in Apache Ti= ka=E2=80=99s MATLAB Parser=20 Severity: Important=20 Vendor: The Apache Software Foundation=20 Versions Affected: 1.6-1.13=20 Description: Apache Tika wraps the jmatio parser (https://github.com/gradus= nikov/jmatio) to handle MATLAB files. The parser uses native deserializati= on on serialized Java objects embedded in MATLAB files. A malicious user co= uld inject arbitrary code into a MATLAB file that ...

Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability

====================================================================== Secunia Research 2016/11/10 Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3...

Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability

====================================================================== Secunia Research 2016/11/10 Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................

WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details

--sJtjg2sfuWpdLmwm7jIb8QpbvKNIoKDDV Content-Type: multipart/mixed; boundary="kn1bukmL7q32VLKmL22svLsefDgArgpo5"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details --kn1bukmL7q32VLKmL22svLsefDgArgpo5 Content-Type: multipart/mixed; boundary="------------3E73AA165D...

Blind SQL Injection Vulnerability in Exponent CMS 2.4.0

Document Title: =============== Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 References (Source): ==================== https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4 https://github.com/exponentcms/exponent-cms/commit/fffb2038de4c603931b785a4c3ec69cfd06181ba Release Date: ============= 2016-11-06 Product & Service Introduction: =============================== Exponent CMS is an exciting web-b...

MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details

--9nEK8MbnS2fpVJlhokGRPo7Ue4aJwj2vD Content-Type: multipart/mixed; boundary="vN0nfFJ1n0a46XBtJAFvAQHTMOxdakwfs"; protected-headers="v1" From: Berend-Jan Wever To: fulldisclosure@seclists.org, Bugtraq Message-ID: Subject: MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details --vN0nfFJ1n0a46XBtJAFvAQHTMOxdakwfs Content-Type: multipart/mixed; boundary="------------3...

[SECURITY] [DSA 3709-1] libxslt security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3709-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxslt CVE ID : CVE-2016-4738 Debian Bu...

[security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI3NDQ3DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjc0NDcNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NzAgcmV2LjEgLSBIUEUg QnVzaW5lc3MgU2VydmljZSBNYW5hZ2VtZW50IChCU00pIHVzaW5nIEphdmENCkRlc2Vy aWFsaXphdG...

URL Redirection Vulnerability In Verint Impact 360

URL Redirection Vulnerability In Verint Impact 360 Overview ======== * Title : URL Redirection Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ================= Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help ...

Cross-Site Scripting in Calendar WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting in Calendar WordPress Plugin ------------------------------------------------------------------------ Remco Vermeulen, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Calendar WordPress Plugin. This issue allows an attacker t...

Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin

------------------------------------------------------------------------ Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, October 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A stored Cross-Site Scripting (XSS) vulnerability has been found in the WassUp Re...

Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin ------------------------------------------------------------------------ Yorick Koster, July 2016 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Quotes Collection WordPress Plugin. T...

Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability

Document Title: =============== Edusson (Robotdon) BB - Client Side Cross Site Scripting Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1871 Release Date: ============= 2016-11-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1871 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== M...

Cross Site Scripting Vulnerability In Verint Impact 360

Overview ======== * Title : Cross Site Scripting Vulnerability In Verint Impact 360 * Author: Sanehdeep Singh * Plugin Homepage: http://www.verint.com * Severity: Medium * Version Affected: 11.1 * Version patched: Patches available. Contact Vendor Description =========== About the Product ================= Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationsh...

WinaXe v7.7 FTP Server Ready CMD Remote Buffer Overflow

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINAXE-FTP-CLIENT-REMOTE-BUFFER-OVERFLOW.txt [+] ISR: Apparition Security Vendor: ============ www.labf.com Product: ================ WinaXe v7.7 FTP The X Window System, SSH, TCP/IP, NFS, FTP, TFTP and Telnet software are built and provided in the package. All that you need to run remote UNIX and X Applications is included within Win...

Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability

Document Title: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability References (Source): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D http://www.vulnerability-lab.com/get_content.php?id=3D1870 Release Date: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 2016-11-03 Vulnerability Laboratory ID (VL-ID): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D...

[SECURITY] [DSA 3707-1] openjdk-7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3707-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openjdk-7 CVE ID : CVE-2016-5542 CVE-2016...

[CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow

--s0HMcXiprPwlBuXFBttGB45TVSJ28DGOa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable tl;dr A stack bof in several Dlink routers, which can be exploited by an unauthenticated attacker in the LAN. There is no patch as Dlink did not respond to CERTs requests. As usual, a Metasploit module is in the queue (see [9] below) and should hopefully be integrated soon. The interesting thing about this vulnerability is that it affects both ARM and MIPS device...

[security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI1ODM2DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjU4MzYNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NDMgcmV2LjEgLSAgSFBF IEtleVZpZXcgdXNpbmcgRmlsdGVyIFNESywgUmVtb3RlIENvZGUgRXhlY3V0aW9uDQoN Ck5PVElDRT...

Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability

Document Title: =============== Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1931 Release Date: ============= 2016-11-07 Vulnerability Laboratory ID (VL-ID): ==================================== 1931 Common Vulnerability Scoring System: ==================================== 6.7 Product & Service Introduction: =============================== Sch...

Faraznet Cms Cross-Site Scripting Vulnerability

Cross-Site Scripting in Faraznet Cms Version 4.x ########################### # Faraznet Cms Cross-Site Scripting Vulnerability ########################### ##################################### # Iranian Exploit DataBase And Security Team - iedb.ir # Title : Faraznet Cms Cross-Site Scripting Vulnerability # Vulnerability : Cross-Site Scripting (xss) # Vulnerability on : s_search.php # Version : 4.x # Dork : "Designed By Faraznet" # Vendor site : http://www.faraz...

Faraznet Cms Cross-Site Scripting Vulnerability

Axessh 4.2.2 Denial Of Service

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt [+] ISR: ApparitionSec Vendor: ============ www.labf.com Product: ============= Axessh 4.2.2 Axessh is a SSH client. It is a superb terminal emulator/telnet client for Windows. It provides SSH capabilities to Axessh without sacrificing any of existing functionality. Furthermore, Axessh has been developed en...

Rapid PHP Editor CSRF Remote Command Execution

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt [+] ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Product: =============================== Rapid PHP Editor IDE rapidphp2016.exe v14.1 Rapid PHP editor is a faster and more powerful PHP editor for Windows combining features of a fully-packed PHP IDE with the spee...

[security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI1ODIzDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjU4MjMNClZlcnNpb246IDENCg0KSFBTQkdOMDM2NTYgcmV2LjEgLSBIUEUg TmV0d29yayBOb2RlIE1hbmFnZXIgaSAoTk5NaSkgU29mdHdhcmUgdXNpbmcgSmF2YQ0K RGVzZXJpYW...

[security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI1ODExDQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjU4MTENClZlcnNpb246IDENCg0KSFBTQkdOMDM2NTcgcmV2LjEgLSBIUEUg TmV0d29yayBOb2RlIE1hbmFnZXIgaSAoTk5NaSkgU29mdHdhcmUsIExvY2FsIENvZGUN CkV4ZWN1dG...

KL-001-2016-009 : Sophos Web Appliance Remote Code Execution

--CfkIBaU1SF4UDOg720bVTGeeK620luFkJ Content-Type: multipart/mixed; boundary="U0Tnq2LUp4GaxEs6P0c2W4WacNQoLc60d"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <601c4096-486e-e72c-3958-d20ffab5f7a2@korelogic.com> Subject: KL-001-2016-009 : Sophos Web Appliance Remote Code Execution --U0Tnq2LUp4GaxEs6P0c2W4WacNQoLc60d Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding:...

KL-001-2016-008 : Sophos Web Appliance Privilege Escalation

--NDHgicTXRXd1iVbvuhKc0raIKlo2aaP0B Content-Type: multipart/mixed; boundary="7j7wfxr7IpsW4mGIGQhvaW8TO4d7147A9"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2016-008 : Sophos Web Appliance Privilege Escalation --7j7wfxr7IpsW4mGIGQhvaW8TO4d7147A9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: ...

MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )

CVE-2016-6664 / (Oracle)CVE-2016-5617 Vulnerability: MySQL / MariaDB / PerconaDB - Root Privilege Escalation Discovered by: Dawid Golunski @dawid_golunski https://legalhackers.com MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user (for example through CVE-2016-6663) to further escalate their privileges to root user allowing them to fully compromise the ...

[security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzI0NzU5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjQ3NTkNClZlcnNpb246IDENCg0KSFBTQlVYMDM2NjUgcmV2LjEgLSBIUC1V WCBUb21jYXQtYmFzZWQgU2VydmxldCBFbmdpbmUsIFJlbW90ZSBEZW5pYWwgb2YNClNl cnZpY2UgKE...

Axessh 4.2.2 Denial Of Service

[security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS)

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzIxMTA3DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjExMDcNClZlcnNpb246IDENCg0KSFBTQlVYMDM2NjQgU1NSVDExMDI0OCBy ZXYuMSAtIEhQLVVYIEJJTkQgU2VydmljZSBydW5uaW5nIG5hbWVkLCBSZW1vdGUNCkRl bmlhbCBvZi...

Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability Advisory ID: cisco-sa-20161102-cms Revision: 1.0 For Public Release 2016 November 2 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected syst...

Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability Advisory ID: cisco-sa-20161102-tl1 Revision: 1.0 For Public Release 2016 November 2 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker t...

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which Ive not released before. This is the first entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161101001.html. There you can find a repro that triggered this issue in addition to the information below. Follow me on twitter.com/berendjanwever for daily browser bugs. MSIE 9 MSHTML CAttrArray use-after-free ======================================...

[slackware-security] php (SSA:2016-305-04)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-305-04) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.27-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.27 (* Security fix *) +-...

[slackware-security] mariadb (SSA:2016-305-03)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mariadb (SSA:2016-305-03) New mariadb packages are available for Slackware 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mariadb-10.0.28-i586-1_slack14.2.txz: Upgraded. This update fixes several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-561...

[slackware-security] x11 (SSA:2016-305-02)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] x11 (SSA:2016-305-02) New x11 packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libX11-1.6.4-i586-1_slack14.2.txz: Upgraded. Insufficient validation of data from the X server can cause out of boundary memory read in XGetImage() or write in XList...

CfP and Special Session :: CyberSec2017

You are invited to participate in the following conference: THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND DIGITAL FORENSIC (CyberSec2017) Venue: St. Marys University, Addis Ababa, Ethiopia Dates: April 22-24, 2017 URL: http://sdiwc.net/conferences/6th-international-cyber-security-cyber-welfare-digital-forensic/ The conference aims to enable researchers build connections between different digital applications and engineering. Topics (not limited to): ...

OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())

OS-S Security Advisory 2016-23 Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic()) Date: October 31th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: Not yet assigned CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C) Severity: Critical Ease of Exploitation: Trivial Vulnerability Type: Error handling leads to conscious panic() call Abstract: Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privi...

[HITB-Announce] HITB2017AMS CFP

The Call for Papers for the 8th annual Hack In The Box Security Conference in The Netherlands is now open! Call for Papers: https://cfp=2Ehackinthebox=2Eorg/ Event Website: https://conference=2Ehitb=2Eorg/hitbsecconf2017ams/ HITBSecConf has always been an attack oriented deep-knowledge research event aimed at not only bringing the security community together, but one that also highlights and showcases cutting edge research from up and coming talent=2E If youre working on new ways to b...

October 2016 - Crowd - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/wykQMw . CVE ID: * CVE-2016-6496 - Crowd LDAP Java Object Injection Product: Crowd Affected Crowd Versions: 1.4.1 <= version < 2.8.8 2.9.0 <= version < 2.9.5 Fixed Crowd versions: * for 2.8.x, Crowd 2.8.8 has been released with a fix for this issue. * for 2.9.x, Crowd 2.9.5 has been released with a fix for this issue. * for 2.10.x, C...

[SECURITY] [DSA 3691-2] ghostscript regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3691-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ghostscript Debian Bug : 840691 The update...

[SECURITY] [DSA 3701-2] nginx regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3701-2 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 28, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Debian Bug : 842276 The update for n...

APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows iTunes 12.5.2 for Windows is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may result in the disclosure of user information Description: An input validation issue was addressed through improved state management. CVE-2016-4613: Chris Palmer WebKit Available for: Windows 7 and later Impact: ...

[security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQpIYXNoOiBTSEEyNTYKCk5v dGU6IHRoZSBjdXJyZW50IHZlcnNpb24gb2YgdGhlIGZvbGxvd2luZyBkb2N1bWVudCBp cyBhdmFpbGFibGUgaGVyZToNCmh0dHBzOi8vaDIwNTY0Lnd3dzIuaHBlLmNvbS9ocHNj L2RvYy9wdWJsaWMvZGlzcGxheT9kb2NJZD1lbXJfbmEtYzA1MzIwMTQ5DQoNClNVUFBP UlQgQ09NTVVOSUNBVElPTiAtIFNFQ1VSSVRZIEJVTExFVElODQoNCkRvY3VtZW50IElE OiBjMDUzMjAxNDkNClZlcnNpb246IDENCg0KSFBTQk1VMDM2NTMgcmV2LjEgLSAgSFBF IFN5c3RlbSBNYW5hZ2VtZW50IEhvbWVwYWdlIChTTUgpLCBSZW1vdGUgQXJiaXRyYXJ5 DQpDb2RlIE...

[security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=3Demr_na-c05239646 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05239646 Version: 1 HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege NOTICE: The information in this Security Bulletin should be acted upon as s= oon as possible. Release Date: 2016-08-17 Last Updated: 2016-08...

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation

I added a simple PoC video for the CVE-2016-1240 vulnerability. In the PoC I used Ubuntu 16.04 with the latest tomcat7 package (version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos which appears vulnerable still. The video poc can be found at: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html -- Regards, Dawid Golunski http://legalhackers.com ...

[SECURITY] [DSA 3700-1] asterisk security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3700-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : asterisk CVE ID : CVE-2015-3008 CVE-2016-...

[SECURITY] [DSA 3701-1] nginx security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3701-1 security@debian.org https://www.debian.org/security/ Florian Weimer October 25, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2016-1247 Dawid Golunski r...

FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory The FreeBSD Project Topic: Incorrect argument validation in sysarch(2) Category: core Module: kernel Announced: 2016-10-25 Credits: Core Security, ahaha from Chaitin Tech Affects: ...

CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2016-6804 Apache OpenOffice Advisory Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges Version 1.0 Announced October 11, 2016 Description The Apache OpenOffice installer for Windows contained a defective operation that allows execution of arbitrary code with elevated privi...

wincvs-2.0.2.4 Privilege Escalation

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.txt [+] ISR: ApparitionSec Vendor: ====================== cvsgui.sourceforge.net www.wincvs.org Product: =========== WinCvs v2.1.1.1 (Build 1) downloads as wincvs-2.0.2.4 v2.0.2.4 WinCVS is a free app for Windows that will help you simplify the development of files for groups of people working on the sam...

APPLE-SA-2016-10-24-3 Safari 10.0.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-10-24-3 Safari 10.0.1 Safari 10.0.1 is now available and addresses the following: WebKit Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2016-4666: Apple WebKit Available for: OS X Yosemi...

[SECURITY] [DSA 3698-1] php5 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3698-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : not yet available Severa...

Puppet Enterprise Web Interface Authentication Redirect

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt [+] ISR: ApparitionSec Vendor: ============== www.puppet.com Product: ================================ Puppet Enterprise Web Interface Version < 2016.4.0 Puppet Enterprise is the leading platform for automatically delivering, operating and securing your infrastructure. Vulnerability Type: =====...

Puppet Enterprise Web Interface User Enumeration

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt [+] ISR: ApparitionSec Vendor: ============== www.puppet.com Product: =============================== Puppet Enterprise Web Interface Tested in version < 2016.4.0 Puppet Enterprise is the leading platform for automatically delivering, operating and securing your infrastructure. Vulnerability Type: ...

Puppet Enterprise Web Interface Authentication Redirect

Oracle Netbeans IDE v8.1 Import Directory Traversal

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: =============== www.oracle.com Product: ================= Netbeans IDE v8.1 Vulnerability Type: ========================= Import Directory Traversal CVE Reference: ============== CVE-2016-5537 Vulnerability Details: ===================== ...

[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability

Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195 Redhat: https://access.redhat.com/security/cve/cve-2016-5195 FAQ: https://dirtycow.ninja/ ...

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

--_002_1BF8853173D9704A93EF882F85952A89186CB0MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A89186CB0MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-111.txt" Content-Description: ESA-2016-111.txt Content-Disposition: attachment; filename="ESA-2016-111.txt"; size=3453; creation-date="Tue, 18 Oct 2016 13:46:30 GMT"; modification-date="Wed, 19 Oct 2016 17:22:51 GMT" Content-...

Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update

Hi @ll, since more than a year now, Windows Update fails (not only, but most notably) on FRESH installations of Windows 7/8/8.1 (especially their 32-bit editions), which then get NO security updates at all [°]! One of the many possible causes: Windows Update Client runs out of (virtual) memory during the search for updates and yields 0x8007000E alias E_OUTOFMEMORY []. According to | This update addresses an issue in which Windows ...

Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory

Hi @ll, on x64 editions of Windows, RegEdit.exe exists both as %windir% egedit.exe and %windir%SysWOW64 egedit.exe. states | [...] whenever a 32-bit application attempts to access [...] | %windir% egedit.exe is redirected to %windir%SysWOW64 egedit.exe. But what is the "application directory" when a 32-bit application runs %windir% egedit.exe? Is it %windir% or %windir%SysWOW64, i.e. is it determined before or after the re...

[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05313743 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05313743 Version: 1 HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-10-19 Last Updated: 2016-10...

Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability Advisory ID: cisco-sa-20161019-asa-idfw Revision: 1.0 For Public Release 2016 October 19 16:00 GMT +--------------------------------------------------------------------- Summary ======= A vulnerability in the Identity Firewall feature of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to rem...

[SECURITY] [DSA 3695-1] quagga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3695-1 security@debian.org https://www.debian.org/security/ Florian Weimer October 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : quagga CVE ID : CVE-2016-1245 Debian Bug ...

[SECURITY] [DSA 3694-1] tor security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3694-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tor CVE ID : not yet available It has ...

[ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability

Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin (ERPScan) Description 1. ADVISORY INFORMATION Title: [ERPSCAN-16-030] SAP NetWeaver =E2=80=93 buffer overflow vulnerabil= ity Advisory ID: [ERPSCAN-16-030] ...

=?UTF-8?Q?Du_har_n=C3=A5_en_egen_mappe_til_spam_p=C3=A5_bugtraq@ahazu.com?=

------=_Part_67995_478468145.1476705487863 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Spam-post blir automatisk flyttet til en egen mappe Vi arbeider kontinuerlig for =C3=A5 gj=C3=B8re din opplevelse av v=C3=A5re = produkter bedre, og vi kan n=C3=A5 tilby hjelp til =C3=A5 holde orden i innboksen din= . Hils p=C3=A5 din nye Spam-mappe Du har en egen mappe til u=C3=B8nsket e-post p=C3=A5 bugtraq@ahazu.com. Tidligere merket vi e-post me...

[SECURITY] [DSA 3693-1] libgd2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3693-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 14, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgd2 CVE ID : CVE-2016-7568 Multiple...

Evernote for Windows DLL Loading Remote Code Execution Vulnerability

Aloha, Summary Evernote contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by Evernote_6.1.2.2292.exe improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that could execute arbitrary code without the users knowledge. Affected Product: Evernote 6.1.2.2292 Fixed in: Evernote for Windows 6.3 WINNOTE-15637...

[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05307589 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05307589 Version: 1 HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-10-12 Last Updated: 2016-1...

Snort v2.9.7.0-WIN32 DLL Hijack

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt [+] ISR: ApparitionSec Vendor: ============= www.snort.org Product: =================== Snort v2.9.7.0-WIN32 Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Vulnerability Type: =================== DLL Hijack ...

ZendStudio IDE v13.5.1 Privilege Escalation

[+] Credits: John Page aka hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALATION.txt [+] ISR: ApparitionSec Vendor: ============ www.zend.com Product: ====================== ZendStudio IDE v13.5.1 Zend Studio is the leading PHP IDE. It is the only PHP IDE that combines mobile development with PHP and includes a sample mobile app with source code. Vulnerability Type: ========...

Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Meeting Server Client Authentication Bypass Vulnerability Advisory ID: cisco-sa-20161012-msc Revision 1.0 For Public Release 2016 October 12 16:00 UTC (GMT) Last Updated 2016 October 12 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) could allow an u...

Multiple Vulnerabilities in Plone CMS

[Product Description] Plone is a free and open source content management system built on top of the Zope application server. Plone is positioned as an "Enterprise CMS" and is most commonly used for intranets and as part of the web presence of large organizations [Systems Affected] Product : Plone Version : All supported Plone versions (4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version). Previous versions could be affected but have not been fully teste...

[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04819635 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04819635 Version: 2 HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-09-29 Last Updated: 2016-10-...

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

Document Title: =============== Facebook API v2.1 - RFC6749 Open Redirect Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1972 Vulnerability Magazine: https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21-hit-rfc6749-open-redirect-attack-vulnerability Release Date: ============= 2016-10-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1972 Common Vulnerabilit...

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities

Document Title: =============== Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1928 Release Date: ============= 2016-10-10 Vulnerability Laboratory ID (VL-ID): ==================================== 1928 Common Vulnerability Scoring System: ==================================== 3.7 Product & Service Introduction: =============================== The German-la...

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities

Avtech devices multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Every Avtech device (IP camera, NVR, DVR) and firmware version. [4] contains the list of confirmed firmware versions, which are affected. - Product page: http://www.avtech.com.tw/ Ã´AVTECH, founded in 1996, is one of the worldÃ†s leading CCTV manufacturers. With stably increasing revenue and practical business running philosophy, AVTECH has been...

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)

--------------ms080109060509050606070902 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable SEC Consult Vulnerability Lab Security Advisory < 20161011-0 > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D title: XML External Entity Injection (XXE) product: RSA En...

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-043 Product: Microsoft Wireless Desktop 2000 Manufacturer: Microsoft Affected Version(s): Ver. A Tested Version(s): Ver. A Vulnerability Type: Cryptographic Issues (CWE-310) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of A...

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]

Original at: https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-= 2/ Summary Android devices can be crashed remotely forcing a halt and then a soft reboot by a MITM attacker manipulating assisted GPS/GNSS data provided by Qualcomm. This issue affects the open source code in AOSP and proprietary code in a Java XTRA downloader provided by Qualcomm. The Android issue was fixed by in the October 2016 Android bulletin. Additional patches have been issued by Qualco...

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-068 Product: Wireless Keyboard Set LX901 Manufacturer: Fujitsu Affected Version(s): Model No. GK900 Tested Version(s): Model No. GK900 Vulnerability Type: Cryptographic Issues (CWE-310) Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-07 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Author...

[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-033 Product: Microsoft Wireless Desktop 2000 Manufacturer: Microsoft Affected Version(s): Ver. A Tested Version(s): Ver. A Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisor...

September 2016 - HipChat Plugin for various products - Critical Security Advisory

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the following advisory pages: * Bitbucket Server - https://confluence.atlassian.com/x/0QkcMg * Confluence - https://confluence.atlassian.com/x/yIGbMg * JIRA - https://confluence.atlassian.com/x/w4GbMg CVE ID: * CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance. Product: Bitbucket Server and the Atlassian Hipchat Integration Plugi...

KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials

--lRi2DiIVTfwuGATvUjBpSO91fom0ksKVC Content-Type: multipart/mixed; boundary="ls9hIeaqVaFog1WKCwA3OhchWxLpUce6S"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: <1763c2b9-74f7-96dc-396e-0a98950ee165@korelogic.com> Subject: KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials --ls9hIeaqVaFog1WKCwA3OhchWxLpUce6S Content-Type: text/plain; charset=utf...

KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service

--Q7EMkWvQj5Kb7ac5KbIdqeh60SO3ng8e2 Content-Type: multipart/mixed; boundary="AXvRgGJK5A3QP2RXMKH0kJlQAsA9SPM3f"; protected-headers="v1" From: KoreLogic Disclosures To: fulldisclosure@seclists.org, bugtraq@securityfocus.com Message-ID: Subject: KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service --AXvRgGJK5A3QP2RXMKH0kJlQAsA9SPM3f Content-Type: text/plain; charset=...

[SECURITY] [DSA 3688-1] nss security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3688-1 security@debian.org https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2015-4000 CVE-2015-7181 CV...

[SECURITY] [DSA 3687-1] nspr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3687-1 security@debian.org https://www.debian.org/security/ Florian Weimer October 05, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nspr CVE ID : CVE-2016-1951 Debian Bug ...

[security bulletin] HPSBGN03639 rev.1 - HPE KeyView, Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05297477 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05297477 Version: 1 HPSBGN03639 rev.1 - HPE KeyView, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-29 Last Updated: 2016-09-29 Potential...

Cisco Security Advisory: Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-bgp Revision 1.0 For Public Release 2016 October 5 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to cause a denial of service (D...

Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-dhcp2 Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the implementation of the DHCPv4 relay agent in Cisco NX-OS Software could allow an unauthenticated, remote attacker...

Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability Advisory ID: cisco-sa-20161005-dhcp1 Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the implementation of the DHCPv4 relay agent and smart relay agent in Cisco NX-OS Software could allow an unauthentica...

Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability Advisory ID: cisco-sa-20161005-nxaaa Revision: 1.0 For Public Release: 2016 October 5 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the SSH subsystem of the Cisco Nexus family of products could allow an authenticated, remo...

Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability

Document Title: =============== Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1850 Cyberoam ID: #1059276 Security ID: NCR-2064 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1850 Common Vulnerability Scoring System: ==================================== 3.3 Product & Service Introduction...

Clean Master v1.0 - Unquoted Path Privilege Escalation

Document Title: =============== Clean Master v1.0 - Unquoted Path Privilege Escalation References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1968 Release Date: ============= 2016-10-05 Vulnerability Laboratory ID (VL-ID): ==================================== 1968 Common Vulnerability Scoring System: ==================================== 4 Product & Service Introduction: =============================== Clean Master Clean...

ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities

--_002_1BF8853173D9704A93EF882F85952A8917C6CFMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8917C6CFMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-121.txt" Content-Description: ESA-2016-121.txt Content-Disposition: attachment; filename="ESA-2016-121.txt"; size=4547; creation-date="Mon, 03 Oct 2016 14:46:48 GMT"; modification-date="Mon, 03 Oct 2016 19:02:47 GMT" Content-...

ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability

--_002_1BF8853173D9704A93EF882F85952A8917C6BEMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8917C6BEMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-063.txt" Content-Description: ESA-2016-063.txt Content-Disposition: attachment; filename="ESA-2016-063.txt"; size=3768; creation-date="Mon, 03 Oct 2016 15:42:51 GMT"; modification-date="Mon, 03 Oct 2016 19:04:06 GMT" Content-...

Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities

Document Title: =============== Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1942 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1942 Common Vulnerability Scoring System: ==================================== 3.4 Product & Service Introduction: =============================== S...

AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit

Document Title: =============== AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=1966 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID (VL-ID): ==================================== 1966 Common Vulnerability Scoring System: ==================================== 4.3 Product & Service Introduction: =============================== Aura DVD Rip...

TeempIp XSS Cookie Theft

[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/TEEMIP-XSS-COOKIE-THEFT.txt [+] ISR: ApparitionSec Vendor: =============== www.combodo.com Product: ============== TeemIp v2.0.2 Offer your customers a professional and economically viable approach to cope with the complexity of managing IP addresses. TeemIP has a CMDB and service management functions to industrialize the daily tasks of network admi...

[SECURITY] [DSA 3684-1] libdbd-mysql-perl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3684-1 security@debian.org https://www.debian.org/security/ Florian Weimer October 03, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libdbd-mysql-perl CVE ID : CVE-2016-1246 ...

[SECURITY] [DSA 3681-2] wordpress regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3681-2 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 01, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress Debian Bug : #839190 It was disc...

CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation

CVE: CVE-2016-1240 Vulnerability: Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2) Systems affected: Debian & Ubuntu & possibly others (using the affected deb packages) Discovered by: Dawid Golunski (http://legalhackers.com) Tomcat (6, 7, 8) packages provided by default repositories on Debian-based distributions (including Debian, Ubuntu etc.) provide a vulnerable tomcat init script that allows ...

ezmlm warning

Hi! This is the ezmlm program. Im managing the bugtraq@securityfocus.com mailing list. Im working for my owner, who can be reached at bugtraq-owner@securityfocus.com. Messages to you from the bugtraq mailing list seem to have been bouncing. Ive attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the bugtraq mailing list, without further notice. Ive kept a list of whic...

Multiple exposures in Sophos UTM

Hello @all,=20 together with my colleague we found two uncritical vulnerabilities youll f= ind below. Product: Sophos UTM Vendor: Sophos ltd.=20 Internal reference: ? (Bug ID) Vulnerability type: Information Disclosure Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (= not tested) Vulnerable component: Frontend Report confidence: yes Solution status: Not fixed by Vendor, no further responses from vendor.=20 Fixed versions: - Researcher credits: Tim Sc...

[SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-060 Product: M520 (Mouse of Wireless Combo MK520) Manufacturer: Logitech Affected Version(s): Model Y-R0012 Tested Version(s): Model Y-R0012 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assi...

Persistent XSS in Abus Security Center - CVSS 8.0

Hi@all,=20 Product: Abus Security Cams=20 Vendor:Abus Group =20 Internal reference: -=20 Vulnerability type: Cross Site Scripting=20 Vulnerable version: 0101a and possible other versions affected (not = tested) Vulnerable component: FTP Report confidence: Confirmed Solution status: Not fixed by Vendor, will not patch the vuln.=20 Fixed versions: - Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks Vendor notification: 2016-09-21 Solution date:=20 Public disc...

[security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05281739 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05281739 Version: 1 HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-28 Last...

Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability Advisory ID: cisco-sa-20160928-smi Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote atta...

Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities Advisory ID: cisco-sa-20160928-msdp Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote at...

Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-ios-ikev1 Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS an...

Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-esp-nat Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, r...

Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-cip Revison: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote...

Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability Advisory ID: cisco-sa-20160928-aaados Revision: 1.0 For Public Release: 2016 September 28 16:00 GMT +------------------------------------------------------------------------------ Summary ======= A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to t...

[REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities

--u5e4JKkaiXDuiBrPVH60X687dkPcu3t1O Content-Type: multipart/mixed; boundary="QmXUvq2r6dogSgl5Fi4wWK0n7IniD1JAK"; protected-headers="v1" From: Matteo Beccati To: bugtraq@securityfocus.com, fulldisclosure@seclists.org Message-ID: Subject: [REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities --QmXUvq2r6dogSgl5Fi4wWK0n7IniD1JAK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-print...

Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)

Hello, Please find a text-only version below sent to security mailing lists. The complete version on analysing the security in Dlink 932B LTE routers is posted here: https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html === text-version of the advisory without technical explanations === -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ## Advisory Information Title: Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, b...

Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016 Advisory ID: cisco-sa-20160927-openssl Revision: 1.0 For Public Release 2016 September 27 22:40 UTC (GMT) +--------------------------------------------------------------------- Summary ======= On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Softwa...

[slackware-security] bind (SSA:2016-271-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2016-271-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.4_P3-i586-1_slack14.2.txz: Upgraded. This update fixes a denial-of-service vulnerability. Testing by ISC has uncovered a critical error condition which...

[SECURITY] [DSA 3680-1] bind9 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3680-1 security@debian.org https://www.debian.org/security/ Florian Weimer September 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : bind9 CVE ID : CVE-2016-2775 CVE-2016-2776 ...

ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability

--_002_1BF8853173D9704A93EF882F85952A8917958CMX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A8917958CMX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-127.txt" Content-Description: ESA-2016-127.txt Content-Disposition: attachment; filename="ESA-2016-127.txt"; size=3123; creation-date="Tue, 27 Sep 2016 14:21:00 GMT"; modification-date="Tue, 27 Sep 2016 14:31:29 GMT" Content-...

[SECURITY] [DSA 3679-1] jackrabbit security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3679-1 security@debian.org https://www.debian.org/security/ Florian Weimer September 27, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jackrabbit CVE ID : CVE-2016-6801 Debian B...

[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289840 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289840 Version: 1 HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. R...

[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289935 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289935 Version: 1 HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-0...

[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289984 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289984 Version: 1 HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date:...

[SECURITY] [DSA 3678-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3678-1 security@debian.org https://www.debian.org/security/ Florian Weimer September 26, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django CVE ID : CVE-2016-7401 Ser...

[slackware-security] openssl (SSA:2016-270-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssl (SSA:2016-270-01) New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Missing CRL sanity check (CVE-2016-7052) For more information, see: https://www.openssl.org/news/...

[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05278882 Version: 1 HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-20 L...

OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt info@os-s.net OS-S Security Advisory 2016-19 Title: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates Authors: Yves-Noel Weweler , Ralf Spenneberg , Hendrik Schwartke Date: September 26th 2015 Vendor contacted: September 29th 2015 Vendor response: December 12th 2015 Updated firmware ava...

[slackware-security] php (SSA:2016-267-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2016-267-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.26-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.26 https://cve.mitre.or...

ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability

--_002_1BF8853173D9704A93EF882F85952A89177FA2MX304CL04corpemcc_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_002_1BF8853173D9704A93EF882F85952A89177FA2MX304CL04corpemcc_ Content-Type: text/plain; name="ESA-2016-097.txt" Content-Description: ESA-2016-097.txt Content-Disposition: attachment; filename="ESA-2016-097.txt"; size=5477; creation-date="Wed, 21 Sep 2016 12:47:05 GMT"; modification-date="Wed, 21 Sep 2016 12:50:00 GMT" Content-...

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium

` . R E C O N * B R U S S E L S . . . C F P . https://recon.cx . 27 - 29 January 2017 . . . Brussels, Belgium . . -6)) + â€ . . | ....

[SECURITY] [DSA 3674-1] firefox-esr security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3674-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2016-5250 CVE-2016...

[SECURITY] [DSA 3673-1] openssl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3673-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2016-2177 CVE-2016-217...

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK

BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting leading to disclosure of PSK. A firmware update is required to resolve this issue. The essential problem is that if you hit the following URL on your wifi extender, it will pop up a whole load of private data, including your PSK. Instead of doing a pop up, we could exfiltrate that data to our server. /cgi-bin/webproc?%3Asessionid=3Ddeadbeef&obj-action=3Dauth&%3Aaction=3Dlogi= n&errorpage=3Dhtml%2Fmain.html&getpage...

IE11 is not following CORS specification for local files

IE11 is not following CORS specification for local files like Chrome and Firefox. Ive contacted Microsoft and they say this is not a security issue so Im sharing it. From my tests IE11 is not following CORS specifications for local files as supposed to be. In order to prove Ive created a malicious html file with the content below.