BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 29 min 53 sec ago

Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]

July 24, 2015 - 8:56am

Posted by apparitionsec on Jul 24

***[UPDATED CORRECTION] ***

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt

Vulnerability Type:
===================
CSRF

CVE Reference:
==============
CVE-2015-2878

Vendor:
===================
www.hexiscyber.com

Product:
=====================================================================
Hawkeye-G v3.0.1.4912

Hawkeye G is an active...
Categories:

[SECURITY] [DSA 3315-1] chromium-browser security update

July 24, 2015 - 8:32am

Posted by Michael Gilbert on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3315-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
July 23, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2015-1266...
Categories:

Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878

July 24, 2015 - 8:08am

Posted by apparitionsec on Jul 24

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-HAWKEYEG0724.txt

Vulnerability Type:
===================
CSRF

CVE Reference:
==============
CVE-2015-2878

Vendor:
===================
www.hexiscyber.com

Product:
=====================================================================
Hawkeye-G v3.0.1.4912

Hawkeye G is an active defense disruptive technology...
Categories:

[SECURITY] [DSA 3314-1] typo3-src end of life

July 24, 2015 - 6:26am

Posted by Moritz Muehlenhoff on Jul 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3314-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 23, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : typo3-src

Upstream security support for Typo3 4.5.x ended...
Categories:

Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser

July 23, 2015 - 1:58pm

Posted by Qualys Security Advisory on Jul 23

Hello, it is July 23, 2015, 17:00 UTC, the Coordinated Release Date for
CVE-2015-3245 and CVE-2015-3246. Please find our advisory below, and
our exploit attached.

Qualys Security Advisory

CVE-2015-3245 userhelper chfn() newline filtering

CVE-2015-3246 libuser passwd file handling

--[ Summary ]-----------------------------------------------------------------

The libuser library implements a standardized interface for manipulating
and...
Categories:

ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

July 23, 2015 - 8:57am

Posted by Vulnerability Lab on Jul 23

Document Title:
===============
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1555

Release Date:
=============
2015-07-23

Vulnerability Laboratory ID (VL-ID):
====================================
1555

Common Vulnerability Scoring System:
====================================
8.6

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3313-1] linux security update

July 23, 2015 - 5:58am

Posted by Salvatore Bonaccorso on Jul 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3313-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-3290 CVE-2015-3291...
Categories:

Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability

July 22, 2015 - 12:54pm

Posted by Cisco Systems Product Security Incident Response Team on Jul 22

Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability

Advisory ID: cisco-sa-2015722-tftp

Revision 1.0

For Public Release 2015 July 22 16:00 UTC (GMT)

------------------------------------------------------------------------------------------

Summary
=======

A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated,
remote attacker to cause a denial of...
Categories:

Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

July 22, 2015 - 12:43pm

Posted by Cisco Systems Product Security Incident Response Team on Jul 22

Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability

Advisory ID: cisco-sa-20150722-mp

Revision 1.0

For Public Release 2015 July 22 16:00 UTC (GMT)

----------------------------------------------------------------------------------------

Summary
=======

The password change functionality in the Cisco Unified MeetingPlace Web Conferencing application could allow an
unauthenticated remote, attacker to...
Categories:

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability

July 22, 2015 - 12:31pm

Posted by Cisco Systems Product Security Incident Response Team on Jul 22

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability

Advisory ID: cisco-sa-20150722-apic

Revision 1.0

For Public Release 2015 July 22 16:00 UTC (GMT)

-----------------------------------------------------------------------------------------

Summary
=======

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller
(APIC) and the...
Categories:

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability

July 22, 2015 - 12:23pm

Posted by Security Alert on Jul 22

ESA-2015-118: EMC Avamar Directory Traversal Vulnerability

EMC Identifier: ESA-2015-118

CVE Identifier: CVE-2015-4527

Severity Rating: CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

Affected products:

• EMC Avamar Server all versions from 7.0 to 7.1.1-145 (inclusive)
• EMC Avamar Virtual Addition (AVE) all versions from 7.0 to 7.1.1-145 (inclusive)

Summary:

EMC Avamar includes a directory traversal vulnerability...
Categories: