BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 7 min 33 sec ago

Privilege escalation Vulnerability in ManageEngine Network Configuration Management

6 hours 27 min ago

Posted by kingkaustubh on Feb 09

===================================================================================
Privilege escalation Vulnerability in ManageEngine Network Configuration Management
===================================================================================

. contents:: Table Of Content

Overview
========

Title:- Privilege escalation Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product:...
Categories:

[slackware-security] curl (SSA:2016-039-01)

11 hours 11 min ago

Posted by Slackware Security Team on Feb 09

[slackware-security] curl (SSA:2016-039-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/curl-7.47.1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue where NTLM credentials are not checked
for proxy connection reuse. The effects of this flaw is that...
Categories:

[slackware-security] libsndfile (SSA:2016-039-02)

11 hours 20 min ago

Posted by Slackware Security Team on Feb 09

[slackware-security] libsndfile (SSA:2016-039-02)

New libsndfile packages are available for Slackware 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/flac-1.3.1-i486-1_slack14.1.txz: Upgraded.
This update is needed by the latest version of libsndfile.
patches/packages/libsndfile-1.0.26-i486-1_slack14.1.txz: Upgraded.
This release...
Categories:

[SECURITY] [DSA 3472-1] wordpress security update

11 hours 28 min ago

Posted by Salvatore Bonaccorso on Feb 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-3472-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 08, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wordpress
CVE ID : CVE-2016-2221 CVE-2016-2222...
Categories:

[SECURITY] [DSA 3470-1] qemu-kvm security update

11 hours 34 min ago

Posted by Sebastien Delafond on Feb 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-3470-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu-kvm
CVE ID : CVE-2015-7295 CVE-2015-7504...
Categories:

[SECURITY] [DSA 3469-1] qemu security update

11 hours 42 min ago

Posted by Sebastien Delafond on Feb 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-3469-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2015-7295 CVE-2015-7504...
Categories:

[SECURITY] [DSA 3471-1] qemu security update

11 hours 50 min ago

Posted by Sebastien Delafond on Feb 09

-------------------------------------------------------------------------
Debian Security Advisory DSA-3471-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 08, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qemu
CVE ID : CVE-2015-7295 CVE-2015-7504...
Categories:

WordPress WP User Frontend Plugin [Unrestricted File Upload]

February 8, 2016 - 9:29am

Posted by Panagiotis Vagenas on Feb 08

* Exploit Title: WordPress WP User Frontend Plugin [Unrestricted File
Upload]
* Discovery Date: 2016-02-04
* Public Disclosure: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://wedevs.com
* Software Link: https://wordpress.org/plugins/wp-user-frontend
* Version: 3.4.6
* Tested on: WordPress 4.4.2
* Category: WebApps, WordPress

Description
-----------

WordPress plugin _WP User...
Categories:

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation]

February 8, 2016 - 7:58am

Posted by Panagiotis Vagenas on Feb 08

* Exploit Title: WordPress WooCommerce - Store Toolkit Plugin [Privilege
Escalation]
* Discovery Date: 2016-02-06
* Public Disclosure Date: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://www.visser.com.au/
* Software Link: https://wordpress.org/plugins/woocommerce-store-toolkit/
* Version: 1.5.5
* Tested on: WordPress 4.4.2
* Category: webapps

Description
-----------

The...
Categories:

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

February 8, 2016 - 7:48am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1676

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2016/02/08/researcher-uncovers-multiple-sql-injection-vulnerabilities-dpa-presseportal

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):...
Categories:

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

February 8, 2016 - 7:38am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1626

Release Date:
=============
2016-02-07

Vulnerability Laboratory ID (VL-ID):
====================================
1626

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...
Categories:

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

February 8, 2016 - 7:27am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1714

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1714

Common Vulnerability Scoring System:
====================================
7.7

Abstract Advisory Information:
==============================...
Categories:

Getdpd BB #4 - (name) Persistent Validation Vulnerability

February 8, 2016 - 7:17am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Getdpd BB #4 - (name) Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1568

ID: #14772

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1568

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Getdpd BB #5 - Persistent Filename Vulnerability

February 8, 2016 - 7:08am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Getdpd BB #5 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1569

ID: #14773

Release Date:
=============
2016-02-05

Vulnerability Laboratory ID (VL-ID):
====================================
1569

Common Vulnerability Scoring System:
====================================
4.2

Product & Service Introduction:...
Categories:

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

February 8, 2016 - 6:56am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1709

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1709

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys)

February 8, 2016 - 6:44am

Posted by Ralf Spenneberg on Feb 08

OS-S Security Advisory 2016–02-08
Prolific Ser2co64.sys Stack Buffer Overflow

Date: December 23th, 2015
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: Not assigned yet
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Title: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-
Driver (ser2co64.sys)
Severity: Critical. The OS halts (BSOD). Arbitrary code execution propable.
Ease of Exploitation: Trivial
Vulnerability...
Categories:

Symphony CMS multiple vulnerabilities

February 8, 2016 - 4:04am

Posted by Filippo Cavallarin on Feb 08

Advisory ID: SGMA-16002
Title: Symphony CMS multiple vulnerabilities
Product: Symphony CMS
Version: 2.6.5 and probably prior
Vendor: www.getsymphony.com
Vulnerability type: SQL-injection, Unrestriced File Upload
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE: N/A
Vendor notification: 2016-02-02
Vendor fix: 2016-02-05
Public disclosure: 2016-02-08

Details

Symphony CMS suffers from multiple vulnerabilities:

- SQL...
Categories:

WordPress User Meta Manager Plugin [Information Disclosure]

February 8, 2016 - 2:21am

Posted by Panagiotis Vagenas on Feb 07

* Exploit Title: WordPress User Meta Manager Plugin [Information Disclosure]
* Discovery Date: 2015-12-28
* Public Disclosure Date: 2016-02-01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4
* Category: webapps

## Description

User Meta Manager for WordPress...
Categories:

Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege

February 8, 2016 - 2:11am

Posted by Stefan Kanthak on Feb 07

Hi @ll,

the executable installers of WinRAR 5.30 and earlier versions
as well as ALL self-extracting archives created with them
load and execute UXTheme.dll, RichEd32.dll and RichEd20.dll
from their "application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory: see
<...
Categories:

CFP: SIN 2016 - 9th International Conference on Security of Information and Networks

February 8, 2016 - 2:02am

Posted by Hossain Shahriar on Feb 07

=========================================================================
Please accept our apologies if you receive multiple copies of this CFP
=========================================================================

CALL FOR CONTRIBUTIONS
======================
9th International Conference on Security of Information and Networks (SIN 2016)
20-22 July 2016, Rutgers University, New Jersey, USA, www.sinconf.org

In Technical Cooperation with ACM...
Categories: