Feed aggregator

Bugtraq: iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
Categories:

Bugtraq: Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)
Categories:

Bugtraq: ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
Categories:

Bugtraq: ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability
Categories:

More rss feeds from SecurityFocus

News, Infocus, Columns, Vulnerabilities, Bugtraq ...
Categories:

3.14.47: longterm

Linux Kernel Updates - July 3, 2015 - 9:49pm
Version:3.14.47 (longterm) Released:2015-07-04 Source:linux-3.14.47.tar.xz PGP Signature:linux-3.14.47.tar.sign Patch:patch-3.14.47.xz (Incremental) ChangeLog:ChangeLog-3.14.47

3.10.83: longterm

Linux Kernel Updates - July 3, 2015 - 9:48pm
Version:3.10.83 (longterm) Released:2015-07-04 Source:linux-3.10.83.tar.xz PGP Signature:linux-3.10.83.tar.sign Patch:patch-3.10.83.xz (Incremental) ChangeLog:ChangeLog-3.10.83

next-20150703: linux-next

Linux Kernel Updates - July 2, 2015 - 11:05pm
Version:next-20150703 (linux-next) Released:2015-07-03

next-20150702: linux-next

Linux Kernel Updates - July 2, 2015 - 12:19am
Version:next-20150702 (linux-next) Released:2015-07-02

iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...

BugTraq Latest Security Advisories - July 1, 2015 - 12:03pm

Posted by Stefan Kanthak on Jul 01

Hi @ll,

the just released QuickTime 7.7.7 and iTunes 12.2 for Windows still
have quite some of the BLOODY beginners errors I already documented
in the past.

QuickTime 7.7.7, QuickTime.msi

unquoted pathname of executables in command line

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\QuickTime\shell\open\command]
@="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"

iTunes 12.2, AppleMobileDeviceSupport.msi

outdated 3rd party...
Categories:

Bugtraq: ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities
Categories:

Bugtraq: Path Traversal in BlackCat CMS

Path Traversal in BlackCat CMS
Categories:

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

BugTraq Latest Security Advisories - July 1, 2015 - 10:27am

Posted by Pierre Kim on Jul 01

Please find a text-only version below sent to security mailing-lists.

The complete version on exploits about my last advisory of ipTIME
products is posted here:

https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html

=== text-version of the advisory ===

Disclaimer

This advisory is licensed under a Creative Commons Attribution
Non-Commercial
Share-Alike 3.0 License:...
Categories:

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

BugTraq Latest Security Advisories - July 1, 2015 - 9:47am

Posted by Security Alert on Jul 01

ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability

EMC Identifier: ESA-2015-112

CVE Identifier: CVE-2015-4525

Severity Rating: CVSS v2 Base Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

• EMC Isilon OneFS 7.2.0.0 - 7.2.0.1
• EMC Isilon OneFS 7.1.1.0 - 7.1.1.4
• EMC Isilon OneFS 7.1.0.x
• EMC Isilon OneFS 7.0.2.x
• EMC Isilon OneFS 7.0.1.x
• EMC Isilon OneFS 6.5.x.x...
Categories:

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

BugTraq Latest Security Advisories - July 1, 2015 - 9:40am

Posted by Security Alert on Jul 01

ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities

EMC Identifier: ESA-2015-108

CVE Identifier: CVE-2015-0547, CVE-2015-0548

Severity Rating: CVSSv2 Base Score: See below for CVSSv2 score for individual CVEs

Affected products:

• EMC Documentum D2 version 4.1
• EMC Documentum D2 version 4.2
• EMC Documentum D2 version 4.5

Summary:
EMC Documentum D2 contains multiple DQL injection vulnerabilities...
Categories:

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

BugTraq Latest Security Advisories - July 1, 2015 - 9:30am

Posted by Security Alert on Jul 01

ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities

CVE Identifier: CVE-2015-0551, CVE-2015-4524

Severity Rating: CVSS v2 Base Score: See below for CVSSv2 scores for individual CVEs

Affected products:
• EMC Documentum WebTop, versions 6.7SP1, 6.7SP2, 6.8
• EMC Documentum Capital Projects 1.8 and 1.9
• EMC Documentum Administrator, versions 6.7SP1, 6.7SP2, 7.0, 7.1 and 7.2
• EMC Documentum...
Categories:

Path Traversal in BlackCat CMS

BugTraq Latest Security Advisories - July 1, 2015 - 9:22am

Posted by High-Tech Bridge Security Research on Jul 01

Advisory ID: HTB23263
Product: BlackCat CMS
Vendor: Black Cat Development
Vulnerable Version(s): 1.1.1 and probably prior
Tested Version: 1.1.1
Advisory Publication: June 10, 2015 [without technical details]
Vendor Notification: June 10, 2015
Vendor Patch: June 24, 2015
Public Disclosure: July 1, 2015
Vulnerability Type: Path Traversal [CWE-22]
CVE Reference: CVE-2015-5079
Risk Level: High
CVSSv2 Base Score: 7.8...
Categories:

Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

BugTraq Latest Security Advisories - July 1, 2015 - 9:16am

Posted by Vulnerability Lab on Jul 01

Document Title:
===============
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1535

Video: http://www.vulnerability-lab.com/get_content.php?id=1537

Release Date:
=============
2015-06-29

Vulnerability Laboratory ID (VL-ID):
====================================
1535

Common Vulnerability Scoring System:...
Categories:

Bugtraq: FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability

FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability
Categories:

Bugtraq: Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability

Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability
Categories: