BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 50 min 33 sec ago

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

10 hours 44 min ago

Posted by Florian Bogner on May 29

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

Metadata
===============================================================================
Release Date: 28-May-2017
Author: Florian Bogner @ https://bogner.sh
Affected product: Acunetix Web Vulnerability Scanner 11 (https://www.acunetix.com/)
Issue verified on: Windows 7
Vulnerability Status: Fixed
Fixed Version: Acunetix WVS 11.0.170941159 released on...
Categories:

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token

May 26, 2017 - 3:55pm

Posted by kyle Lovett on May 26

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys
CWE-522 :Insufficiently Protected Credentials

Products:
Wordpress Social Stream
Versions 1.6.0 and lower
https://codecanyon.net/item/wordpress-social-stream/2201708

Social Network Tabs
Versions 1.7.4 and lower
https://codecanyon.net/item/social-network-tabs-for-wordpress/1982987

Fix:
Wordpress Social Stream, V 1.6.1
https://codecanyon.net/item/wordpress-social-stream/2201708...
Categories:

[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities

May 26, 2017 - 3:45pm

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03730en_us
Version: 1

HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last...
Categories:

[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass

May 26, 2017 - 3:34pm

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03754en_us
Version: 1

HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5
Processor, Remote Access Restriction Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)

May 26, 2017 - 1:46am

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03750en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03750en_us
Version: 1

HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and
VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification,
Local Denial of Service (DoS)

NOTICE: The information...
Categories:

[SECURITY] [DSA 3863-1] imagemagick security update

May 26, 2017 - 1:35am

Posted by Moritz Muehlenhoff on May 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3863-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-7606 CVE-2017-7619...
Categories:

[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

May 25, 2017 - 2:06pm

Posted by HPE Product Security Response Team on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03746en_us
Version: 1

HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-05-14...
Categories:

WebKitGTK+ Security Advisory WSA-2017-0004

May 25, 2017 - 8:46am

Posted by Carlos Alberto Lopez Perez on May 25

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0004
------------------------------------------------------------------------

Date reported : May 25, 2017
Advisory ID : WSA-2017-0004
Advisory URL : https://webkitgtk.org/security/WSA-2017-0004.html
CVE identifiers : CVE-2017-2496, CVE-2017-2504, CVE-2017-2505,...
Categories:

[slackware-security] samba (SSA:2017-144-01)

May 25, 2017 - 1:04am

Posted by Slackware Security Team on May 24

[slackware-security] samba (SSA:2017-144-01)

New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded.
This update fixes a remote code execution vulnerability, allowing a
malicious client to upload a shared library to a writable share,...
Categories:

[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

May 25, 2017 - 12:55am

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03751en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03751en_us
Version: 1

HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last Updated:...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

May 24, 2017 - 11:38am

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress AffiliateWP Plugin
Security Vulnerability

Advisory ID: DC-2017-05-05
Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress AffiliateWP Plugin
Language: PHP
Version: 2.0.8 and below (taken from the official GitHub repo)
Vendor...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

May 24, 2017 - 11:29am

Posted by DefenseCode on May 24

DefenseCode ThunderScan SAST Advisory
WordPress Huge-IT Video Gallery Plugin
Security Vulnerability

Advisory ID: DC-2017-01-009
Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection
vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Huge-IT Video Gallery plugin
Language: PHP
Version: 2.0.4 and below
Vendor Status:...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability

May 24, 2017 - 11:18am

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability

Advisory ID: DC-2017-01-002
Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress All In One Schema.org Rich Snippets Plugin
Language: PHP...
Categories:

[SECURITY] [DSA 3861-1] libtasn1-6 security update

May 24, 2017 - 8:28am

Posted by Sebastien Delafond on May 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
May 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-6
CVE ID : CVE-2017-6891
Debian Bug :...
Categories:

Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

May 23, 2017 - 7:38am

Posted by Secunia Research on May 23

======================================================================

Secunia Research 2016/05/22

Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

May 22, 2017 - 1:51pm

Posted by HPE Product Security Response Team on May 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03744en_us
Version: 1

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible....
Categories: