BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 44 min 10 sec ago

MagicSpam 2.0.13 - Insecure File Permission Vulnerability

January 16, 2018 - 6:17am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
2113

Common Vulnerability Scoring System:
====================================
2.8

Vulnerability Class:
====================
Privacy Violation...
Categories:

Zenario v7.6 CMS - SQL Injection Web Vulnerability

January 16, 2018 - 6:10am

Posted by Vulnerability Lab on Jan 16

Document Title:
===============
Zenario v7.6 CMS - SQL Injection Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2043

Release Date:
=============
2018-01-16

Vulnerability Laboratory ID (VL-ID):
====================================
2043

Common Vulnerability Scoring System:
====================================
5.7

Vulnerability Class:
====================
SQL Injection

Current...
Categories:

[SECURITY] [DSA 4088-1] gdk-pixbuf security update

January 16, 2018 - 6:09am

Posted by Moritz Muehlenhoff on Jan 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-4088-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 15, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gdk-pixbuf
CVE ID : CVE-2017-1000422

It was...
Categories:

[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2

January 16, 2018 - 6:05am

Posted by RedTeam Pentesting GmbH on Jan 16

Advisory: Truncation of SAML Attributes in Shibboleth 2

RedTeam Pentesting discovered that the shibd service of Shibboleth 2
does not extract SAML attribute values in a robust manner. By inserting
XML entities into a SAML response, attackers may truncate attribute
values without breaking the document's signature. This might lead to a
complete bypass of authorisation mechanisms.

Details
=======

Product: Shibboleth 2
Affected Versions:...
Categories: