BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 58 min ago

WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation]

February 8, 2016 - 7:58am

Posted by Panagiotis Vagenas on Feb 08

* Exploit Title: WordPress WooCommerce - Store Toolkit Plugin [Privilege
Escalation]
* Discovery Date: 2016-02-06
* Public Disclosure Date: 2016-02-08
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://www.visser.com.au/
* Software Link: https://wordpress.org/plugins/woocommerce-store-toolkit/
* Version: 1.5.5
* Tested on: WordPress 4.4.2
* Category: webapps

Description
-----------

The...
Categories:

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

February 8, 2016 - 7:48am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1676

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2016/02/08/researcher-uncovers-multiple-sql-injection-vulnerabilities-dpa-presseportal

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):...
Categories:

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

February 8, 2016 - 7:38am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1626

Release Date:
=============
2016-02-07

Vulnerability Laboratory ID (VL-ID):
====================================
1626

Common Vulnerability Scoring System:
====================================
3.4

Product & Service Introduction:...
Categories:

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

February 8, 2016 - 7:27am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1714

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1714

Common Vulnerability Scoring System:
====================================
7.7

Abstract Advisory Information:
==============================...
Categories:

Getdpd BB #4 - (name) Persistent Validation Vulnerability

February 8, 2016 - 7:17am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Getdpd BB #4 - (name) Persistent Validation Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1568

ID: #14772

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1568

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Getdpd BB #5 - Persistent Filename Vulnerability

February 8, 2016 - 7:08am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
Getdpd BB #5 - Persistent Filename Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1569

ID: #14773

Release Date:
=============
2016-02-05

Vulnerability Laboratory ID (VL-ID):
====================================
1569

Common Vulnerability Scoring System:
====================================
4.2

Product & Service Introduction:...
Categories:

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

February 8, 2016 - 6:56am

Posted by Vulnerability Lab on Feb 08

Document Title:
===============
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1709

Release Date:
=============
2016-02-08

Vulnerability Laboratory ID (VL-ID):
====================================
1709

Common Vulnerability Scoring System:
====================================
3.8

Product & Service Introduction:...
Categories:

Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys)

February 8, 2016 - 6:44am

Posted by Ralf Spenneberg on Feb 08

OS-S Security Advisory 2016–02-08
Prolific Ser2co64.sys Stack Buffer Overflow

Date: December 23th, 2015
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: Not assigned yet
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Title: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-
Driver (ser2co64.sys)
Severity: Critical. The OS halts (BSOD). Arbitrary code execution propable.
Ease of Exploitation: Trivial
Vulnerability...
Categories:

Symphony CMS multiple vulnerabilities

February 8, 2016 - 4:04am

Posted by Filippo Cavallarin on Feb 08

Advisory ID: SGMA-16002
Title: Symphony CMS multiple vulnerabilities
Product: Symphony CMS
Version: 2.6.5 and probably prior
Vendor: www.getsymphony.com
Vulnerability type: SQL-injection, Unrestriced File Upload
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE: N/A
Vendor notification: 2016-02-02
Vendor fix: 2016-02-05
Public disclosure: 2016-02-08

Details

Symphony CMS suffers from multiple vulnerabilities:

- SQL...
Categories:

WordPress User Meta Manager Plugin [Information Disclosure]

February 8, 2016 - 2:21am

Posted by Panagiotis Vagenas on Feb 07

* Exploit Title: WordPress User Meta Manager Plugin [Information Disclosure]
* Discovery Date: 2015-12-28
* Public Disclosure Date: 2016-02-01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4
* Category: webapps

## Description

User Meta Manager for WordPress...
Categories:

Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege

February 8, 2016 - 2:11am

Posted by Stefan Kanthak on Feb 07

Hi @ll,

the executable installers of WinRAR 5.30 and earlier versions
as well as ALL self-extracting archives created with them
load and execute UXTheme.dll, RichEd32.dll and RichEd20.dll
from their "application directory".

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory: see
<...
Categories:

CFP: SIN 2016 - 9th International Conference on Security of Information and Networks

February 8, 2016 - 2:02am

Posted by Hossain Shahriar on Feb 07

=========================================================================
Please accept our apologies if you receive multiple copies of this CFP
=========================================================================

CALL FOR CONTRIBUTIONS
======================
9th International Conference on Security of Information and Networks (SIN 2016)
20-22 July 2016, Rutgers University, New Jersey, USA, www.sinconf.org

In Technical Cooperation with ACM...
Categories:

[SECURITY] [DSA 3468-1] polarssl security update

February 8, 2016 - 1:53am

Posted by Sebastien Delafond on Feb 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-3468-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 06, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : polarssl
CVE ID : CVE-2015-5291 CVE-2015-8036...
Categories:

[SECURITY] [DSA 3467-1] tiff security update

February 8, 2016 - 1:44am

Posted by Salvatore Bonaccorso on Feb 07

-------------------------------------------------------------------------
Debian Security Advisory DSA-3467-1 security () debian org
https://www.debian.org/security/ Laszlo Boszormenyi (GCS)
February 06, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
CVE ID : CVE-2015-8665 CVE-2015-8683...
Categories:

Multiple vulnerabilities in Open Real Estate v 1.15.1

February 8, 2016 - 1:34am

Posted by Simon Waters (Surevine) on Feb 07

Introduction: Open Real Estate is an open source CMS for managing estate agent websites.

It is written in PHP and uses the YII CMF. It supports multiple languages.

It is supported by MonoRay.net

The product has a number of commercial support offerings available and an internal market for extensions.

http://open-real-estate.info/

The core application was examined using Burp Suite Pro, SQLmap, and manual inspection (no extensions were...
Categories:

[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

February 8, 2016 - 1:26am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04872416

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04872416
Version: 3

HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-11-03
Last Updated:...
Categories:

[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

February 8, 2016 - 1:17am

Posted by Stefan Kanthak on Feb 07

Hi @ll,

the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for
Windows load and execute several DLLs from their "application directory".

* The online installer jxpiinstall.exe:
UXTheme.dll and RASAdHlp.dll plus
(on Windows XP) SetupAPI.dll, HNetCfg.dll and XPSP2Res.dll
(on Windows Vista and above) ProfAPI.dll, Secur32.dll, NTMarta.dll
and Version.dll

* The offline installer jre-8u66-windows-i586.exe:...
Categories:

[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution

February 8, 2016 - 1:08am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04958567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04958567
Version: 1

HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java
Deserialization, Remote Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

February 8, 2016 - 12:59am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 2

HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security
Restrictions, Indirect Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories: