Feed aggregator

ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability

BugTraq Latest Security Advisories - 10 hours 25 min ago

Posted by EMC Product Security Response Center on Jan 23

ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2016-150

CVE Identifier: CVE-2016-8215

Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products: RSA Security Analytics versions prior to 10.6.2

Summary:

RSA Security Analytics contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be
exploited by malicious users...
Categories:

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - 10 hours 36 min ago

Posted by EMC Product Security Response Center on Jan 23

ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-146
CVE Identifier: CVE-2016-8214
Severity Rating: CVSSv3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected products:
• EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1.

Summary:
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and...
Categories:

Bugtraq: [SECURITY] [DSA 3769-1] libphp-swiftmailer security update

[SECURITY] [DSA 3769-1] libphp-swiftmailer security update
Categories:

Bugtraq: Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution

Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
Categories:

Microsoft Remote Desktop Client for Mac Remote Code Execution - Update

BugTraq Latest Security Advisories - 15 hours 57 min ago

Posted by Filippo Cavallarin on Jan 23

Advisory ID: SGMA16-004
Title: Microsoft Remote Desktop Client for Mac Remote Code Execution
Product: Microsoft Remote Desktop Client for Mac
Version: 8.0.36 and probably prior
Vendor: www.microsoft.com
Type: Arbitrary file read/write (leads to RCE)
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE:...
Categories:

Bugtraq: NTOPNG Web Interface v2.4 CSRF Token Bypass

NTOPNG Web Interface v2.4 CSRF Token Bypass
Categories:

[SECURITY] [DSA 3770-1] mariadb-10.0 security update

BugTraq Latest Security Advisories - 19 hours 24 min ago

Posted by Salvatore Bonaccorso on Jan 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3770-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mariadb-10.0
CVE ID : CVE-2016-6664 CVE-2017-3238...
Categories:

[SECURITY] [DSA 3769-1] libphp-swiftmailer security update

BugTraq Latest Security Advisories - 19 hours 33 min ago

Posted by Sebastien Delafond on Jan 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3769-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 22, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libphp-swiftmailer
CVE ID : CVE-2016-10074
Debian...
Categories:

Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution

BugTraq Latest Security Advisories - 19 hours 42 min ago

Posted by Stefan Kanthak on Jan 22

Hi @ll,

the executable installers of "Pelle's C",
<http://smorgasbordet.com/pellesc/800/setup64.exe> and,
<http://smorgasbordet.com/pellesc/800/setup.exe>, available
from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable
to DLL hijacking: they load (tested on Windows 7) at least the
following DLLs from their "application directory" instead Windows'
"system directory":...
Categories:

NTOPNG Web Interface v2.4 CSRF Token Bypass

BugTraq Latest Security Advisories - 19 hours 52 min ago

Posted by hyp3rlinx on Jan 22

[+]#####################################################################################
[+] Credits / Discovery: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NTOPNG-CSRF-TOKEN-BYPASS.txt
[+] ISR: ApparitionSEC
[+]#####################################################################################

Vendor:
============
www.ntop.org

Product:
====================...
Categories:

Bugtraq: [SECURITY] [DSA 3767-1] mysql-5.5 security update

[SECURITY] [DSA 3767-1] mysql-5.5 security update
Categories:

Bugtraq: Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day

Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day
Categories:

Bugtraq: Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day

Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day
Categories:

Bugtraq: [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection

[RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection
Categories:

Vuln: Linux Kernel CVE-2017-5547 Local Denial of Service Vulnerability

Linux Kernel CVE-2017-5547 Local Denial of Service Vulnerability
Categories:

Vuln: Foxit Reader and PhantomPDF Multiple Security Vulnerabilities

Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
Categories:

Vuln: PHP 'process_nested_data()' Incomplete Fix Use After Free Remote Code Execution Vulnerability

PHP 'process_nested_data()' Incomplete Fix Use After Free Remote Code Execution Vulnerability
Categories:

Vuln: FiberHome Fengine S5800 Switches CVE-2017-5544 Denial of Service Vulnerability

FiberHome Fengine S5800 Switches CVE-2017-5544 Denial of Service Vulnerability
Categories:

Vuln: LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability

LibTIFF CVE-2017-5563 Heap Based Buffer Overflow Vulnerability
Categories:

Vuln: OnePlus 3 and 3T CVE-2017-5554 Local Denial of Service Vulnerability

OnePlus 3 and 3T CVE-2017-5554 Local Denial of Service Vulnerability
Categories: