BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 26 min 45 sec ago

[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities

July 20, 2016 - 6:26am

Posted by Gergely Eberhardt on Jul 20

Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
-----------------------------------------------------------------

Platforms / Firmware confirmed affected:
- Cisco EPC3925, ESIP-12-v302r125573-131230c_upc

Vulnerabilities
---------------
Default SSID and passphrase can be calculated
The default SSID and passphrase are derived from the MAC address and the
DOCSIS serial number. Since the MAC address of the device is broadcasted...
Categories:

[SECURITY] [DSA 3623-1] apache2 security update

July 20, 2016 - 6:16am

Posted by Salvatore Bonaccorso on Jul 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3623-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 20, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2016-5387

Scott Geary of...
Categories:

CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]

July 19, 2016 - 4:35pm

Posted by Programa STIC on Jul 19

Fundación Dr. Manuel Sadosky - Programa STIC Advisory
www.fundacionsadosky.org.ar

Heap memory corruption in ASN.1 parsing code generated by Objective
Systems Inc. ASN1C compiler for C/C++

1. *Advisory Information*

Title: Heap memory corruption in ASN.1 parsing code generated by
Objective Systems Inc. ASN1C compiler for C/C++
Advisory ID: STIC-2016-0603
Advisory URL:...
Categories:

Multiple SQL injection vulnerabilities in WordPress Video Player

July 19, 2016 - 4:23pm

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Multiple SQL injection vulnerabilities in WordPress Video Player
------------------------------------------------------------------------
David Vaartjes & Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that WordPress...
Categories:

Cross-Site Request Forgery in Icegram WordPress Plugin

July 19, 2016 - 4:13pm

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Cross-Site Request Forgery in Icegram WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Request Forgery vulnerability was found in the Icegram...
Categories:

Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin

July 19, 2016 - 3:00pm

Posted by Summer of Pwnage on Jul 19

------------------------------------------------------------------------
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress
Plugin
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple reflected Cross-Site Scripting (XSS)...
Categories:

Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking

July 19, 2016 - 2:51pm

Posted by Stefan Kanthak on Jul 19

Hi @ll,

eclipse-inst-win32.exe (and of course eclipse-inst-win64.exe
too) loads and executes multiple DLLs (in version 4.5 also
CMD.EXE) from its "application directory".

* version 4.5 ("Mars") on Windows 7:
UXTheme.dll, WindowsCodecs.dll, AppHelp.dll, SrvCli.dll,
Slc.dll, NTMarta.dll, ProfAPI.dll, SAMLib.dll

* version 4.6 ("Neon") on Windows 7:
IEFrame.dll, Version.dll

* version 4.5 on Windows XP:...
Categories:

Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

July 19, 2016 - 2:43pm

Posted by Vulnerability Lab on Jul 19

Document Title:
===============
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1869

Security Release: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6186

CVE-ID:
=======
CVE-2016-6186

Release Date:
=============
2016-07-19

Vulnerability...
Categories:

APPLE-SA-2016-07-18-6 iTunes 12.4.2

July 19, 2016 - 2:33pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-6 iTunes 12.4.2

iTunes 12.4.2 for Windows is now available and addresses the following:

libxml2
Impact: Multiple vulnerabilities in libxml2
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological
University
CVE-2016-4448 : Apple
CVE-2016-4483 :...
Categories:

APPLE-SA-2016-07-18-5 Safari 9.1.2

July 19, 2016 - 2:24pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-5 Safari 9.1.2

Safari 9.1.2 is now available and addresses the following:

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a malicious website may disclose image data from
another website
Description: A timing issue existed in the processing of SVG. This
issue was addressed through improved validation.
CVE-2016-4583 : Roeland Krak

WebKit
Available for: OS X El Capitan v10.11.6
Impact: Visiting a...
Categories:

APPLE-SA-2016-07-18-4 tvOS 9.2.2

July 19, 2016 - 1:59pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-4 tvOS 9.2.2

tvOS 9.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple TV (4th generation)
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO
Available for: Apple TV (4th generation)
Impact: A...
Categories:

APPLE-SA-2016-07-18-3 watchOS 2.2.2

July 19, 2016 - 1:29pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-3 watchOS 2.2.2

watchOS 2.2.2 is now available and addresses the following:

CoreGraphics
Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition,
and Apple Watch Hermes
Impact: A remote attacker may be able to execute arbitrary code
Description: A memory corruption issue was addressed through
improved memory handling.
CVE-2016-4637 : Tyler Bohan of Cisco Talos (talosintel.com
/vulnerability-reports)

ImageIO...
Categories:

APPLE-SA-2016-07-18-2 iOS 9.3.3

July 19, 2016 - 1:19pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-2 iOS 9.3.3

iOS 9.3.3 is now available and addresses the following:

Calendar
Available for: iPhone 4s and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A maliciously crafted calendar invite may cause a device to
unexpectedly restart
Description: A null pointer dereference was addressed through
improved memory handling.
CVE-2016-4605 : Henry Feldman MD at Beth Israel Deaconess Medical
Center...
Categories:

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004

July 19, 2016 - 1:09pm

Posted by Apple Product Security on Jul 19

APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update
2016-004

OS X El Capitan v10.11.6 and Security Update 2016-004 is now
available and addresses the following:

apache_mod_php
Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 and later
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in PHP versions prior to
5.5.36. These were addressed by updating PHP to...
Categories:

[SECURITY] [DSA 3622-1] python-django security update

July 19, 2016 - 12:58pm

Posted by Salvatore Bonaccorso on Jul 19

-------------------------------------------------------------------------
Debian Security Advisory DSA-3622-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 18, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2016-6186

It was...
Categories: