BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 33 min 19 sec ago

Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability

July 25, 2016 - 2:37pm

Posted by Secunia Research on Jul 25

======================================================================

Secunia Research 25/07/2016

Reprise License Manager "akey" Buffer Overflow Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

July 25, 2016 - 2:28pm

Posted by Secunia Research on Jul 25

======================================================================

Secunia Research 25/07/2016

Reprise License Manager "actserver" Buffer Overflow Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch

July 25, 2016 - 10:48am

Posted by FreeBSD Security Advisories on Jul 25

=============================================================================
FreeBSD-SA-16:25.bspatch Security Advisory
The FreeBSD Project

Topic: Heap vulnerability in bspatch

Category: core
Module: bsdiff
Announced: 2016-07-25
Affects: All supported versions of FreeBSD.
Corrected: 2016-07-25 14:52:12 UTC...
Categories:

[SECURITY] [DSA 3628-1] perl security update

July 25, 2016 - 10:39am

Posted by Salvatore Bonaccorso on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3628-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : perl
CVE ID : CVE-2016-1238 CVE-2016-6185
Debian...
Categories:

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

July 25, 2016 - 8:38am

Posted by Larry W. Cashdollar on Jul 25

Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Fixed: v1.1.7
Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva
Date: 2016-07-14
Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro
Vendor: huge-it.com
Vendor Notified: 2016-07-15, fixed 2016-07-23
Vendor Contact: info () huge-it com
Description: The plugin allows you to add multiple images to the gallery, create...
Categories:

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

July 25, 2016 - 4:25am

Posted by SEC Consult Vulnerability Lab on Jul 25

SEC Consult Vulnerability Lab Security Advisory < 20160725-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus (former Novell) Filr Appliance
vulnerable version: Filr 2 <=2.0.0.421, Filr 1.2 <= 1.2.0.846
fixed version: Filr 2 v2.0.0.465, Filr 1.2 v1.2.0.871
CVE number: CVE-2016-1607, CVE-2016-1608, CVE-2016-1609...
Categories:

[SECURITY] [DSA 3627-1] phpmyadmin security update

July 25, 2016 - 4:18am

Posted by Thijs Kinkhorst on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3627-1 security () debian org
https://www.debian.org/security/ Thijs Kinkhorst
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : phpmyadmin
CVE ID : CVE-2016-1927 CVE-2016-2039...
Categories:

Cross-Site Scripting in Code Snippets WordPress Plugin

July 25, 2016 - 4:09am

Posted by Summer of Pwnage on Jul 25

------------------------------------------------------------------------
Cross-Site Scripting in Code Snippets WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site Scripting (XSS) vulnerability has been found...
Categories:

Cross-Site Scripting in Contact Form to Email WordPress Plugin

July 25, 2016 - 4:02am

Posted by Summer of Pwnage on Jul 25

------------------------------------------------------------------------
Cross-Site Scripting in Contact Form to Email WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A reflected Cross-Site Scripting (XSS) vulnerability has...
Categories:

Neoscreen v4.5 Cross-site scripting

July 25, 2016 - 3:52am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Cross-site scripting
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen digital...
Categories:

Neoscreen v4.5 Blind SQL injection

July 25, 2016 - 3:44am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen Blind SQL injection
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------...
Categories:

Neoscreen v4.5 Authentication bypass

July 25, 2016 - 3:37am

Posted by alex_haynes on Jul 25

Exploit Title: Neoscreen v4.5 Authentication bypass
Product: Neoscreen by Cube Digital Media
Vulnerable Versions: 4.5 and all previous versions
Tested Version: 4.5
Advisory Publication: July 24, 2016
Vulnerability Type: Authentication Bypass Issues [CWE-592]
CVE Reference: NONE
Credit: Alex Haynes

Advisory Details:

(1) Vendor & Product Description
--------------------------------

Vendor:
Cube Digital Media

Product & Version:
Neoscreen...
Categories:

[SECURITY] [DSA 3626-1] openssh security update

July 25, 2016 - 3:29am

Posted by Salvatore Bonaccorso on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3626-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 24, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2016-6210
Debian Bug :...
Categories:

Autobahn|Python Insecure allowedOrigins validation >= 0.14.1

July 25, 2016 - 3:20am

Posted by mgill on Jul 25

Observation:
Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third
parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within
another browser's context.

Proof of Concept:
The following will set
```
class OriginCheckServerFactory(WebSocketServerFactory):
protocol = ...arbitrary entry here...

def...
Categories:

Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design

July 25, 2016 - 3:12am

Posted by Stefan Kanthak on Jul 25

Hi @ll,

Windows 7 introduced the "Deployment Image Servicing and Management"
tool DISM.exe; this command line program is called for example by
its predecessor PkgMgr.exe (a GUI program which requests elevated
privileges), or by Windows Update (which runs under SYSTEM account).

DISM.exe needs to be run with administrative privileges:
this condition is met in both cases named above.

When called with valid arguments, DISM.exe creates a...
Categories:

Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

July 25, 2016 - 3:02am

Posted by Stefan Kanthak on Jul 25

Hi @ll,

this is a followup to "case 36" (posted as "case 35" by mistake),
<http://seclists.org/bugtraq/2016/Jul/82>.

Proof of concept #1:
~~~~~~~~~~~~~~~~~~~~

1. On a 64-bit edition of Windows download the 32-bit and 64-bit
executable installers "eclipse-inst-win32.exe" and
"eclipse-inst-win64.exe", save them in an arbitrary directory.

2. Create the (empty) files...
Categories:

[slackware-security] bind (SSA:2016-204-01)

July 25, 2016 - 2:53am

Posted by Slackware Security Team on Jul 25

[slackware-security] bind (SSA:2016-204-01)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/bind-9.10.4_P2-i586-1_slack14.2.txz: Upgraded.
Fixed a security issue:
getrrsetbyname with a non absolute name could trigger an infinite
recursion bug in lwresd and named...
Categories:

CA20160721-01: Security Notice for CA eHealth

July 25, 2016 - 2:44am

Posted by Kotas, Kevin J on Jul 25

CA20160721-01: Security Notice for CA eHealth

Issued: 2016-07-21
Last Updated: 2016-07-21

CA Technologies Support is alerting customers to multiple potential risks
with CA eHealth. Two vulnerabilities exist in the web interface,
CVE-2016-6151 and CVE-2016-6152, that can allow a remote
authenticated attacker to cause a denial of service condition or possibly
execute arbitrary commands. CA technologies assigned a High risk rating
to these...
Categories:

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

July 25, 2016 - 2:34am

Posted by Tim Allison on Jul 25

CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: POI 3.5-3.13

Description:

Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications and users that use
XLSX2CSV and accept such files from end-users are vulnerable to XML External Entity (XXE) attacks, which allow remote...
Categories:

MySQL zero-day vulnerabilities (July 2016 CPU)

July 25, 2016 - 2:25am

Posted by lem . nikolas on Jul 25

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google,
Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to
identify and mitigate those vulnerabilities.

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report...
Categories: