[USN-2711-1] Net-SNMP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2711-1 August 17, 2015 net-snmp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

EMC RSA Archer CSRF

Multiple CSRF vulnerabilities...

sysadmin privilege in EMC Documentum Content Server

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed In 2011 Yuri Simone discovered a security flaw in EMC Documentum Content Server, which allows users with sysadmin privileges to elevate their privileges to superuser see CVE-2011-4144. On...

Insufficient certificate validation in EMC Secure Remote Services Virtual Edition

------------------------------------------------------------------------ Insufficient certificate validation in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014...

[ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow

ERPSCAN Research Advisory ERPSCAN-15-012 SAP Afaria 7 XComms – Buffer Overflow Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow Sent: 13.03.2015 Reported: 14.03.2015 Vendor response: 14.03.2015 Date of Public Advisory:...

Multiple XSS vulnerabilities in FortiSandbox WebUI

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt Vendor: ================================ www.fortinet.com PSIRT ID: 1418018 Product: ================================== FortiSandbox 3000D v2.02...

BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities

Blue Frost Security GmbH https://www.bluefrostsecurity.de/ researchatbluefrostsecurity.de BFS-SA-2015-002 13-August-2015 Affected Product: OpenSSH http://www.openssh.com Affected Version: Portable versions = 6.9p1 Vulnerability: Vulnerabilities in PAM Privilege Separation Code I. Impact Two...

SAP Afaria 7 multiple security vulnerabilities

Buffer overflow, information leakage, DoS...

Cross site request forgery vulnerability in Linksys WAG120N

Hello all, i want to share a problem that i found with Linksys router WAG120N. It could be possible to modify router's configuration when a user visit a webpage with an specific form it is a similar problem that i sent some days ago with Comtrend routers:...

Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532)

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see attached VRFHUFG9EBA.txt and VRFHX5OLZ0F.txt, for vendor announcement see CVE-2015-4532 in http://seclists.org/bugtraq/2015/Aug/86. The problem is PoC code...

OpenSSH resreictions bypass

It's possible to bypass MaxAuthTries restrictions...

VLC uninitialized pointer dereference

Uninitialized pointer dereference on 3GP parsing...

QNAP devices protection bypass

Decyphering ispossible without knowledge of key information...

CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation

Title =================== Cumulus Linux's Switch Configuration Tools Backend, clcmdserver, Vulnerable to Local Privilege Escalation Summary =================== Cumulus Linux's Switch Configuration Tools Backend, clcmdserver, is vulnerable to local privilege escalation via Command Injection. Cumul...

[USN-2720-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

[security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04771027 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04771027 Version: 1 HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux,...

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

Advisory ID: HTB23265 Product: qTranslate WordPress plugin Vendor: Qian Qin Vulnerable Versions: 2.5.39 and probably prior Tested Version: 2.5.39 Advisory Publication: July 1, 2015 without technical details Vendor Notification: July 1, 2015 Public Disclosure: July 29, 2015 Vulnerability Type:...

Websense Triton Content Manager buffer overflow

Buffer overflow on request parsing...

PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault Predictable encryption passwordsfor Configuration Values 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile...

AirDroid ID - Client Side JSONP Callback Vulnerability

Document Title: =============== AirDroid ID - Client Side JSONP Callback Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1544 Release Date: ============= 2015-07-10 Vulnerability Laboratory ID VL-ID: ==================================== 154...

UDID+ v2.5 iOS - Mail Command Inject Vulnerability

Document Title: =============== UDID+ v2.5 iOS - Mail Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1542 Release Date: ============= 2015-07-06 Vulnerability Laboratory ID VL-ID: ==================================== 1542...

HP Central View applications information leakage

No description provided...

ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability EMC Identifier: ESA-2015-130 CVE Identifier: CVE-2015-4530 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected products: • EMC...

[SECURITY] [DSA 3332-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3332-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst August 11, 2015 https://www.debian.org/security/faq -...

Design Infotech CMS - SQL Injection Vulnerability

========================================================== + Title :- Design Infotech CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.designinfotech.in/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :-...

Basware Banking/Maksuliikenne security vulnerabilities

No description provided...

Microsoft Windows multiple security vulnerabilities

OLE code execution, Internet Explorer multiple vulnerabilities, Schannel code execution, XML Core Services code execution, TCP/IP privilege escalation, Windows Audio Service privilege escalation, .NET Framework privilege escalation, RDP restrictions bypass, IIS restrictions bypass, IME privilege...

[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Discl

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04751893 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04751893 Version: 1 HPSBGN03386 rev.1 - HP Central View Fraud Risk Management,...

phpipam-1.1.010 XSS Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt Vendor: ================================ phpipam.net Product: ====================================== phpipam-1.1.010 Vulnerability Type:...

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...

[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-026 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Denial of Service...

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

Document Title: =============== UBNT Bug Bounty 1 - Client Side Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1465 52988 Release Date: ============= 2015-08-17 Vulnerability Laboratory ID VL-ID:...

SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20150728-0 ======================================================================= title: McAfee Application Control Multiple Vulnerabilities product: McAfee Application Control vulnerable version: verified in version 6.1.3.353 fixed version: a fixe...

Net-SNMP memory corruption

Memory corruption on server response parsing...

Trend Micro Deep Discovery security vulnerabilities

Authentication bypass, crossite scripting...

EMC RSA BSAFE multiple security vulnerabilities

Integer overflow in base64 decode, multiple crypto vulnerabilities...

[SECURITY] [DSA 3340-1] zendframework security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3340-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini August 19, 2015 https://www.debian.org/security/faq -...

[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0

Overview =============== WiFi Pineapples are a penetration testing tool used in offensive wireless activities. These devices run on a modified OpenWRT based on netBSD operating system. They include a web-based management interface. It has been discovered they have predictable anti-CSRF tokens bas...

PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability

Document Title: =============== PDF Shaper v3.5 - MSF Remote Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1579 Video: https://youtu.be/-HTEIisSiH8 Release Date: ============= 2015-08-16 Vulnerability Laboratory ID VL-ID:...

Trend Micro Deep Discovery XSS

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-081815b.txt Vendor: ================================ www.trendmicro.com Product: ============================================================== Trend Micro...

Apache ActiveMQ DoS

Undocumented shutdown command...

[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-032 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Broken Authentication...

phpipam-1.1.010 XSS Vulnerability

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPIPAM0812.txt Vendor: ================================ phpipam.net Product: ====================================== phpipam-1.1.010 Vulnerability Type:...

[USN-2721-1] Subversion vulnerabilities

========================================================================== Ubuntu Security Notice USN-2721-1 August 20, 2015 subversion vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2015-094 CVE Identifier: CVE-2015-0542 Severity Rating: CVSS v2 Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Affected Products: RSA Archer GRC 5.5 SP1...

[SECURITY] [DSA 3328-1] wordpress security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3328-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst August 04, 2015 https://www.debian.org/security/faq -...

Thomson Reuters FATCA - Arbitrary File Upload

Title: Thomson Reuters FATCA - Arbitrary File Upload Author: Jakub Paaczyski Date: 10. June 2015 CVE: CVE-2015-5951 Affected software: ================== All versions of Thomson Reuters FATCA below v5.2 Exploit was tested on: ====================== Thomson Reuters FATCA v5.1.0.30 Description:...

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-028 Product: Page2Flip Vendor: w!ssenswerft GmbH Affected Versions: Premium App 2.5, probably also in Business App and Basic App, and in lower versions Tested Versions: Premium App 2.5 Vulnerability Type: Cross-Site Scripting...