BugTraq Latest Security Advisories
Posted by Security Advisories on Apr 21Product: Starscream websocket library
CVE Reference: CVE-2017-7192
Type: SSL Pinning bypass / Information disclosure
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning
bypass because of incorrect management of the certValidated variable
(it can be set to true but cannot be set to false).
The open-source Starscream library provides a SWIFT implementation of
Posted by Moritz Muehlenhoff on Apr 20-------------------------------------------------------------------------
Debian Security Advisory DSA-3831-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 20, 2017 https://www.debian.org/security/faq
Package : firefox-esr
CVE ID : CVE-2017-5429 CVE-2017-5432...
Posted by Hafez Kamal on Apr 20FINAL CALL!
CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!
Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/
HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agenda of talks and and to meet with the
speakers they voted for.
We are looking for 60-minute, offensive and defensive focused
Posted by Anti Räis on Apr 20October CMS v1.0.412 several vulnerabilities
Name: October CMS v1.0.412 (build 412)
Vulnerability: several issues, including PHP code execution
Prerequisites: attacker has to be authenticated user with media or asset
Credit: Anti Räis
DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
Posted by DefenseCode on Apr 19DefenseCode ThunderScan SAST Advisory
Ultimate Form Builder
Cross-Site Scripting (XSS) Vulnerability
Advisory ID: DC-2017-01-027
Software: Ultimate Form Builder WordPress plugin
Software Language: PHP
Vendor Status: Vendor contacted
Release Date: 20170419
# Advisory Overview
During the security audit, security vulnerability was discovered in
Ultimate Form Builder...
CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.
Posted by Andrey B. Panfilov on Apr 19CVE Identifier: CVE-2017-7220
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Initially this vulnerability was...
Posted by Filippo Cavallarin on Apr 19Advisory ID: SGMA17-001
Title: Squirrelmail Remote Code Execution
Version: 1.4.22 and probably prior
Type: Command Injection
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
Vendor notification: 2017-04-04
Vendor fix: N/A...
Posted by Slackware Security Team on Apr 19[slackware-security] minicom (SSA:2017-108-01)
New minicom packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
Fix an out of bounds data access that can lead to remote code execution.
This issue was found by Solar Designer of Openwall...
Posted by hyp3rlinx on Apr 18[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
[+] ISR: ApparitionSec
Mantis Bug Tracker
v1.3.0 / 2.3.0
MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL...
Posted by Simon Steiner on Apr 18CVE-2017-5661:
Apache XML Graphics FOP information disclosure vulnerability
The Apache Software Foundation
FOP 1.0 - 2.1
Files lying on the filesystem of the server which uses batik can
be revealed to arbitrary users who send maliciously formed SVG
files. The file types that can be shown depend on the user context
Posted by Bryan Call on Apr 18There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a DoS. Versions 6.0.0 to 6.2.0 are
affected. Please upgrade to ATS 6.2.1 or 7.0.0.
Posted by David Fernandez on Apr 17Watchguard’s Firebox and XTM are a series of enterprise grade network
security appliances providing advanced security services like next
generation firewall, intrusion prevention, malware detection and
blockage and others. Two vulnerabilities were discovered affecting the
XML-RPC interface of the Web UI used to manage Fireware, the operating
system running on Watchguard Firebox and XTM appliances. To exploit
any of the flaws discovered, no...