BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 55 min ago

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security

December 7, 2016 - 10:18am

Posted by ESNC Security on Dec 07

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for
SAP Security

Please refer to https://www.esnc.de for the original security
advisory, updates, and additional information.

----------------------------------------------------------------------
1. Business Impact
----------------------------------------------------------------------

According to PwC website:
- "Using the proprietary ACE software, we perform diagnostics...
Categories:

CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC

December 6, 2016 - 7:27am

Posted by Berend-Jan Wever on Dec 06

Since November I have been releasing details on all vulnerabilities I
found in web-browsers that I had not released before. I will try to
continue to publish all my old vulnerabilities, including those not in
web-browser, as long as I can find some time to do so. If you find this
information useful, you can help me make more time available by donating
bitcoin to 183yyxa9s1s1f7JBp­PHPmz­Q346y91Rx5DX.

This is the twenty-sixth entry in the...
Categories:

Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption

December 6, 2016 - 5:24am

Posted by Berend-Jan Wever on Dec 06

FYI: this link to my blog was 404 until early this morning. It is now up
if you are still interested in reading it.
Categories:

CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used

December 5, 2016 - 7:05am

Posted by Eissing Stefan on Dec 05

Security Advisory - Apache Software Foundation
Apache HTTPD WebServer / httpd.apache.org

Server memory can be exhausted and service denied when HTTP/2 is used

CVE-2016-8740

The Apache HTTPD web server (from 2.4.17-2.4.23) did not apply limitations
on request headers correctly when experimental module for the HTTP/2
protocol is used to access a resource.

The net result is that a the server...
Categories:

Microsoft MSINFO32.EXE ".NFO" Files XML External Entity

December 5, 2016 - 4:34am

Posted by apparitionsec on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-MSINFO32-XXE-FILE-EXFILTRATION.txt

[+] ISR: ApparitionSec

Vendor:
=================
www.microsoft.com

Product:
==========================
Windows System Information
MSINFO32.exe v6.1.7601

Windows MSINFO32.EXE Displays a comprehensive view of your hardware, system components, and software...
Categories:

Microsoft Windows Media Center "ehshell.exe" XML External Entity

December 5, 2016 - 4:14am

Posted by apparitionsec on Dec 05

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MEDIA-CENTER-XXE-FILE-DISCLOSURE.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.microsoft.com

Product:
==================================
Windows Media Center "ehshell.exe"
version 6.1.7600

Vulnerability Type:
====================
XML External Entity

CVE Reference:...
Categories:

[slackware-security] mozilla-firefox (SSA:2016-336-01)

December 1, 2016 - 7:34am

Posted by Slackware Security Team on Dec 01

[slackware-security] mozilla-firefox (SSA:2016-336-01)

New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-45.5.1esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

[security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection

December 1, 2016 - 1:30am

Posted by security-alert on Nov 30

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05324759

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05324759
Version: 3

HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of
Service (DoS), URL Redirection

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-12-01...
Categories:

[security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege

December 1, 2016 - 1:15am

Posted by security-alert on Nov 30

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05347541

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05347541
Version: 1

HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of
Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-11-30
Last Updated:...
Categories:

[security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution

November 30, 2016 - 2:09pm

Posted by security-alert on Nov 30

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05344849

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05344849
Version: 1

HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java
Deserialization, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues

November 30, 2016 - 12:59pm

Posted by FOXMOLE Advisories on Nov 30

=== FOXMOLE - Security Advisory 2016-05-02 ===

e107 Content Management System (CMS) - Multiple Issues
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Affected Versions
=================
e107 2.1.2 Bootstrap CMS

Issue Overview
==============
Vulnerability Type: Multiple Vulnerabilities
Technical Risk: medium
Likelihood of Exploitation: medium
Vendor: e107
Vendor URL: http://www.e107.org
Credits: FOXMOLE employee Tim Herres
Advisory URL:...
Categories:

[security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access

November 30, 2016 - 12:48pm

Posted by security-alert on Nov 30

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05341463

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05341463
Version: 1

HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain
Privileged Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-11-23
Last...
Categories: