BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 16 min 6 sec ago

ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability

May 20, 2015 - 8:37am

Posted by akashchavan0708 on May 20

=========================================================================================
CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001
=========================================================================================

. contents:: Table Of Content

Overview
========

* Title : ManageEngine EventLog Analyzer Version 10.0 Cross Site Request Forgery
* Author: Akash S. Chavan
* Product Homepage:...
Categories:

Staff FTP v3.04 Software - DLL Hijacking Vulnerability

May 20, 2015 - 8:31am

Posted by metacom27 on May 20

A local dll injection vulnerability has been discovered in the official Staff-FTP v3.04 software.
The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher
access privileges.

The windows software is vulnerable to dll hijacking attacks. The vulnerability is located in the netapi32.dll and
dwmapi.dll file extensions.
The software does not specify the fully qualified path to a...
Categories:

[SECURITY] [DSA 3263-1] proftpd-dfsg security update

May 20, 2015 - 8:22am

Posted by Sebastien Delafond on May 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3263-1 security () debian org
http://www.debian.org/security/ Sebastien Delafond
May 19, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : proftpd-dfsg
CVE ID : CVE-2015-3306
Debian Bug...
Categories:

[SECURITY] [DSA 3264-1] icedove security update

May 20, 2015 - 8:14am

Posted by Moritz Muehlenhoff on May 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3264-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 19, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2015-0797 CVE-2015-2708...
Categories:

[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

May 20, 2015 - 8:05am

Posted by security-alert on May 20

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04594015

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04594015
Version: 1

HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-05-19
Last Updated: 2015-05-19

Potential...
Categories:

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

May 19, 2015 - 1:38pm

Posted by Apple Product Security on May 19

APPLE-SA-2015-05-19-1 Watch OS 1.0.1

Watch OS 1.0.1 is now available and addresses the following:

Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch,
and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at
https://support.apple.com/kb/204873

FontParser
Available for: Apple Watch Sport, Apple Watch,...
Categories:

[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access

May 19, 2015 - 9:43am

Posted by security-alert on May 19

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04649315
Version: 1

HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-05-19
Last Updated: 2015-05-19

Potential Security Impact: Local unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A...
Categories:

WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability

May 19, 2015 - 6:51am

Posted by metacom27 on May 19

Technical Details & Description:
================================
A local dll injection vulnerability has been discovered in the official Wise-FTP v8.0.2 software.
The issue allows local attackers to inject code to vulnerable libraries to compromise the process or to gain higher
access privileges.

The windows software is vulnerable to dll hijacking attacks. The vulnerability is located in the Linkinfo.dll , mpr.dll
, netutils.dll ,...
Categories:

[SECURITY] [DSA 3175-2] kfreebsd-9 security update

May 19, 2015 - 6:44am

Posted by Alessandro Ghedini on May 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3175-2 security () debian org
http://www.debian.org/security/ Alessandro Ghedini
May 18, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kfreebsd-9
CVE ID : CVE-2015-1414 CVE-2015-2923...
Categories:

[SECURITY] [DSA 3262-1] xen security update

May 19, 2015 - 6:37am

Posted by Moritz Muehlenhoff on May 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3262-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 18, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2015-3456

Jason Geffner...
Categories:

OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities

May 19, 2015 - 6:31am

Posted by Vulnerability Lab on May 19

Document Title:
===============
OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1494

Release Date:
=============
2015-05-18

Vulnerability Laboratory ID (VL-ID):
====================================
1493

Common Vulnerability Scoring System:
====================================
6.9

Product & Service Introduction:...
Categories:

iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability

May 19, 2015 - 6:23am

Posted by Vulnerability Lab on May 19

Document Title:
===============
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1494

Release Date:
=============
2015-05-13

Vulnerability Laboratory ID (VL-ID):
====================================
1494

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...
Categories:

Wireless Photo Transfer v3.0 iOS - File Include Vulnerability

May 19, 2015 - 6:14am

Posted by Vulnerability Lab on May 19

Document Title:
===============
Wireless Photo Transfer v3.0 iOS - File Include Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1492

Release Date:
=============
2015-05-12

Vulnerability Laboratory ID (VL-ID):
====================================
1492

Common Vulnerability Scoring System:
====================================
6.5

Product & Service Introduction:...
Categories:

CRUCMS Crucial Networking - SQL Injection Vulnerability

May 19, 2015 - 6:04am

Posted by Vulnerability Lab on May 19

Document Title:
===============
CRUCMS Crucial Networking - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1497

Release Date:
=============
2015-05-18

Vulnerability Laboratory ID (VL-ID):
====================================
1497

Common Vulnerability Scoring System:
====================================
8.2

Product & Service Introduction:...
Categories:

[slackware-security] mozilla-thunderbird (SSA:2015-137-01)

May 18, 2015 - 1:18pm

Posted by Slackware Security Team on May 18

[slackware-security] mozilla-thunderbird (SSA:2015-137-01)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-31.7.0-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability

May 18, 2015 - 1:09pm

Posted by Security Alert on May 18

ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability

CVE Identifier: CVE-2015-0540

Severity Rating: CVSSv2 Base Score: 8.0 (AV:N/AC:L/Au:S/C:P/I:P/A:C)

Affected products:

• EMC Document Sciences xPression 4.2
• EMC Document Sciences xPression 4.5 SP1

Summary:

EMC Document Sciences xPression contains fixes for a SQL injection vulnerability that could potentially be exploited by
malicious users to...
Categories:

[SECURITY] [DSA 3261-1] libmodule-signature-perl security update

May 15, 2015 - 1:16pm

Posted by Salvatore Bonaccorso on May 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-3261-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
May 15, 2015 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libmodule-signature-perl
CVE ID : CVE-2015-3406...
Categories: