BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 45 min ago

Open-Xchange Security Advisory 2016-05-25

May 25, 2016 - 7:48am

Posted by Martin Heiland on May 25

Product: OX AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 44542 (Bug ID)
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.8.0 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed versions: 7.6.2-rev40, 7.6.3-rev7, 7.8.0-rev19
Researcher credits: Satish Bommisetty
Vendor notification: 2016-03-07
Solution date: 2016-03-29
CVE reference: CVE-2016-3173
CVSSv3:...
Categories:

[slackware-security] libarchive (SSA:2016-145-01)

May 25, 2016 - 4:23am

Posted by Slackware Security Team on May 25

[slackware-security] libarchive (SSA:2016-145-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.1.2-i486-2_slack14.1.txz: Rebuilt.
Patched an issue with Zip archive handling that could allow an attacker
to overwrite parts of the heap in a controlled fashion and execute...
Categories:

[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

May 25, 2016 - 12:56am

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05149290

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149290
Version: 1

HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-05-24
Last Updated:...
Categories:

MSA-2016-01: PowerFolder Remote Code Execution Vulnerability

May 24, 2016 - 5:07am

Posted by Advisories Advisories on May 24

Mogwai Security Advisory MSA-2016-01
----------------------------------------------------------------------
Title: PowerFolder Remote Code Execution Vulnerability
Product: PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
affected)
Impact: high
Remote: yes
Product link: https://www.powerfolder.com
Reported: 02/03/2016
by:...
Categories:

AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection

May 24, 2016 - 12:57am

Posted by mehmet . ince on May 23

1. ADVISORY INFORMATION
========================================
Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection
Application: AfterLogic WebMail Pro ASP.NET
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: AfterLogic WebMail Pro ASP.NET < 6.2.7
Vendor URL: http://www.afterlogic.com/webmail-client-asp-net
Bugs: XXE Injection
Date of found: 28.03.2016
Reported:...
Categories:

[SECURITY] [DSA 3586-1] atheme-services security update

May 24, 2016 - 12:42am

Posted by Moritz Muehlenhoff on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3586-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : atheme-services
CVE ID : CVE-2016-4478

It was...
Categories:

[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections

May 23, 2016 - 2:32pm

Posted by Julien Ahrens on May 23

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...
Categories: