BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 1 min ago

Broken TLS certificate validation in VTech DigiGo browser

January 15, 2018 - 10:05am

Posted by Summer of Pwnage on Jan 15

------------------------------------------------------------------------
Broken TLS certificate validation in VTech DigiGo browser
------------------------------------------------------------------------
Sipke Mellema, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
VTech's DigiGo is a hand held smart device for...
Categories:

Code execution in Kaseya VSA

January 15, 2018 - 9:56am

Posted by Securify B.V. on Jan 15

------------------------------------------------------------------------
Code execution in Kaseya VSA
------------------------------------------------------------------------
Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A security vulnerability was found in Kaseya VSA file upload file...
Categories:

[SECURITY] [DSA 4085-1] xmltooling security update

January 15, 2018 - 9:41am

Posted by Moritz Muehlenhoff on Jan 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4085-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xmltooling
CVE ID : CVE-2018-0486

Philip Huppert...
Categories:

[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege

January 15, 2018 - 9:38am

Posted by security-alert on Jan 15

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03800en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03800en_us
Version: 1

HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and
Local Elevation or Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass

January 15, 2018 - 9:34am

Posted by security-alert on Jan 15

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03804en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03804en_us
Version: 1

HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction
Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-01-12
Last...
Categories:

Magento Connect T1 - (Claim) Persistent Vulnerability

January 12, 2018 - 8:11am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Magento Connect T1 - (Claim) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1469

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
====================================
1469

Common Vulnerability Scoring System:
====================================
3.8

Vulnerability Class:
====================
Cross Site Scripting -...
Categories:

Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

January 12, 2018 - 8:08am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2111

Release Date:
=============
2018-01-07

Vulnerability Laboratory ID (VL-ID):
====================================
2111

Common Vulnerability Scoring System:
====================================
4.8

Vulnerability Class:
====================...
Categories:

Magento Commerce - SSRF & XSPA Web Vulnerability

January 12, 2018 - 8:06am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Magento Commerce - SSRF & XSPA Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1631

Release Date:
=============
2018-01-03

Vulnerability Laboratory ID (VL-ID):
====================================
1631

Common Vulnerability Scoring System:
====================================
4.7

Vulnerability Class:
====================
Server Side Request...
Categories:

[SECURITY] [DSA 4084-1] gifsicle security update

January 12, 2018 - 8:04am

Posted by Sebastien Delafond on Jan 12

-------------------------------------------------------------------------
Debian Security Advisory DSA-4084-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gifsicle
CVE ID : CVE-2017-1000421

It was...
Categories:

MagicSpam 2.0.13 - Insecure File Permission Vulnerability

January 12, 2018 - 8:03am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
MagicSpam 2.0.13 - Insecure File Permission Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2113

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
2113

Common Vulnerability Scoring System:
====================================
2.8

Vulnerability Class:
====================
Privacy Violation...
Categories:

Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

January 12, 2018 - 7:55am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2005

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
2005

Common Vulnerability Scoring System:
====================================
3.6

Vulnerability Class:
====================
Cross...
Categories:

Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

January 12, 2018 - 7:48am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1943

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282

CVE-ID:
=======
CVE-2018-5282

Release Date:
=============
2018-01-04

Vulnerability Laboratory ID (VL-ID):
====================================
1943

Common Vulnerability Scoring System:...
Categories:

SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

January 12, 2018 - 7:42am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1819

Release Notes: http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867

Release Date:
=============
2018-01-12

Vulnerability Laboratory ID (VL-ID):
====================================
1819

Common...
Categories:

Flash Operator Panel v2.31.03 - Command Execution Vulnerability

January 12, 2018 - 7:32am

Posted by Vulnerability Lab on Jan 12

Document Title:
===============
Flash Operator Panel v2.31.03 - Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1907

Release Date:
=============
2018-01-08

Vulnerability Laboratory ID (VL-ID):
====================================
1907

Common Vulnerability Scoring System:
====================================
6.2

Vulnerability Class:
====================
Command...
Categories: