BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 43 min 19 sec ago

[SECURITY] [DSA 3633-1] xen security update

3 hours 28 min ago

Posted by Moritz Muehlenhoff on Jul 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3633-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2015-8338 CVE-2016-4480...
Categories:

CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal

July 27, 2016 - 12:55pm

Posted by Grebovich, Dragan (Dragan) on Jul 27

Virtual Services Platform (VOSS) Security Vulnerability CVE-2016-2783 - Release 4.1.0.0 Vulnerable to SPB Traffic
traversal

Avaya Networking was notified by Kryptos Logic and Stora, that Avaya VSP (VOSS) 4.1.0.0 has security vulnerability on
November 30, 2015. Avaya R&D has confirmed the existence and the fix is available.

CVSS v2 Base Score = 6.4 (Medium)
Vector: (AV:A/AC:M/Au:N/C:N/I:P/A:C)
Impact Subscore: = 7.8...
Categories:

[SECURITY] [DSA 3632-1] mariadb-10.0 security update

July 27, 2016 - 10:08am

Posted by Salvatore Bonaccorso on Jul 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3632-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mariadb-10.0
CVE ID : CVE-2016-3477 CVE-2016-3521...
Categories:

RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

July 27, 2016 - 8:39am

Posted by Wick, Ryan (US - Chicago) on Jul 27

Unsubscribe

This message (including any attachments) contains confidential information intended for a specific individual and
purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any
disclosure, copying, or distribution of this message, or the taking of any action based on it, by you is strictly
prohibited.

v.E.1

-----Original Message-----
From: Vulnerability Lab [mailto:research ()...
Categories:

VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

July 27, 2016 - 4:42am

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1877

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
1877

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:...
Categories:

VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

July 27, 2016 - 4:34am

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1876

Release Date:
=============
2016-07-25

Vulnerability Laboratory ID (VL-ID):
====================================
1876

Common Vulnerability Scoring System:
====================================
6.4

Product & Service Introduction:...
Categories:

DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

July 27, 2016 - 4:24am

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1885

Release Date:
=============
2016-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
1885

Common Vulnerability Scoring System:
====================================
4.3

Product & Service Introduction:...
Categories:

Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

July 27, 2016 - 4:12am

Posted by Vulnerability Lab on Jul 27

Document Title:
===============
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1875

Release Date:
=============
2016-07-13

Vulnerability Laboratory ID (VL-ID):
====================================
1875

Common Vulnerability Scoring System:
====================================
7.6

Abstract Advisory Information:
==============================...
Categories:

[SECURITY] [DSA 3631-1] php5 security update

July 27, 2016 - 12:30am

Posted by Moritz Muehlenhoff on Jul 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3631-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 26, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2016-5385 CVE-2016-5399...
Categories:

[SECURITY] [DSA 3630-1] libgd2 security update

July 27, 2016 - 12:22am

Posted by Salvatore Bonaccorso on Jul 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3630-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 26, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libgd2
CVE ID : CVE-2016-6207

Secunia Research at...
Categories:

[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS)

July 27, 2016 - 12:12am

Posted by security-alert on Jul 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05212266

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05212266
Version: 1

HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using
glibc, Remote Arbitrary Code Execution, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories:

Silurus Classifieds XSS Vulnerability

July 26, 2016 - 2:07pm

Posted by ak47464659484 on Jul 26

Title: Silurus Classifieds XSS Vulnerability
Software : Silurus Classifieds

Software Version : v2.0

Vendor: http://snowhall.com/slides/silurus

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
Silurus is a professionally developed Open Source PHP Classifieds script that was built for you. Whether you are...
Categories:

Cross-Site Scripting vulnerability in ColorWay WordPress Theme

July 26, 2016 - 1:58pm

Posted by Summer of Pwnage on Jul 26

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in ColorWay WordPress Theme
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple Cross-Site Scripting vulnerabilities were found in...
Categories:

Dropbox 6.4.14 DLL Hijacking Vulnerability

July 26, 2016 - 10:54am

Posted by mehta . himanshu21 on Jul 26

Aloha,

Summary
Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote
attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by
'DropboxInstaller.exe' improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that
could execute arbitrary code without the user's knowledge.

Affected...
Categories:

Huawei ISM Professional XSS Vulnerability

July 26, 2016 - 10:45am

Posted by ak47464659484 on Jul 26

Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
The ISM consists of device management software, cloud...
Categories:

Crashing Browsers Remotely via Insecure Search Suggestions

July 26, 2016 - 7:14am

Posted by research on Jul 26

[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-browsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected browsers areFireFox on the desktop and Android, and Chrome on
desktop and Android – other Chromium and FireFox derived browsers
maybe affected. Internet...
Categories:

MySQL 0days followup (CVE-2016-3477) CVSS 8.1

July 26, 2016 - 12:17am

Posted by lem . nikolas on Jul 25

Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server
Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits
unauthenticated users with login access to the infrastructure where MySQL Server executes to successfully compromise
and take over the database server....
Categories:

July 2016 - Bamboo Server - Critical Security Advisory

July 26, 2016 - 12:08am

Posted by David Black on Jul 25

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= version < 5.12.3.1

Fixed Bamboo product versions:
* for 5.11.x, Bamboo 5.11.4.1 has been released with a fix for this issue.
* for 5.12.x, Bamboo 5.12.3.1 has been released with a fix for...
Categories:

[SECURITY] [DSA 3629-1] ntp security update

July 25, 2016 - 11:59pm

Posted by Moritz Muehlenhoff on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3629-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntp
CVE ID : CVE-2015-7974 CVE-2015-7977...
Categories:

[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution

July 25, 2016 - 2:45pm

Posted by security-alert on Jul 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05206507

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05206507
Version: 1

HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using
Apache Commons Collections (ACC), Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as...
Categories: