Feed aggregator

PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

BugTraq Latest Security Advisories - May 24, 2018 - 2:05am

Posted by reggie . dodd30 on May 24

[Title]
PHP Login & User Management <= 4.1.0 - Arbitrary File Upload (CVE-2018-11392)

[Product]
PHP Login & User Management
https://codecanyon.net/item/php-login-user-management/49008

[CVE]
CVE-2018-11392

[Credit]
Reginald Dodd

[Description]
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before
4.1.1, as distributed in the Envato Market, allows any...
Categories:

Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2018-142-02)

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)
Categories:

Vuln: GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability

GNU glibc CVE-2018-11237 Local Buffer Overflow Vulnerability
Categories:

[security bulletin] MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting

BugTraq Latest Security Advisories - May 23, 2018 - 10:42am

Posted by cyber-psrt on May 23

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03164778

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03164778
Version: 1

MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-05-23
Last Updated: 2018-05-23

Potential Security...
Categories:

Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)
Categories:

[CVE-2018-8013] Apache Batik information disclosure vulnerability

BugTraq Latest Security Advisories - May 23, 2018 - 9:30am

Posted by Simon Steiner on May 23

CVE-2018-8013:
Apache Batik information disclosure vulnerability

Severity:
Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Batik 1.0 - 1.9.1

Description:
When deserializing subclass of `AbstractDocument`, the class takes a
string from the inputStream as the class name which then use it to call the
no-arg constructor of the class.
Fix was to check the class type before calling...
Categories:

Bugtraq: [SECURITY] [DSA 4208-1] procps security update

[SECURITY] [DSA 4208-1] procps security update
Categories:

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)

BugTraq Latest Security Advisories - May 23, 2018 - 3:45am

Posted by Slackware Security Team on May 23

[slackware-security] mozilla-thunderbird (SSA:2018-142-02)

New mozilla-thunderbird packages are available for Slackware 14.2 and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-52.8.0-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

K2 smartforms runtime application - 4.6.11 SSRF

BugTraq Latest Security Advisories - May 23, 2018 - 3:45am

Posted by fuming22 on May 23

# Vulnerability type: Server Side Request Forgery
# Vendor: https://www.k2.com/
# Product: K2 Smartforms
# Affected version: 4.6.11
# Credit: Foo Jong Meng
# CVE ID: CVE-2018-9920

# DESCRIPTION:

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an
https://*/Identity/STS/Forms/Scripts URL.

By replacing the "GET" parameter to any external domain (i.e....
Categories:

[SECURITY] [DSA 4208-1] procps security update

BugTraq Latest Security Advisories - May 23, 2018 - 3:37am

Posted by Salvatore Bonaccorso on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4208-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : procps
CVE ID : CVE-2018-1122 CVE-2018-1123...
Categories:

[slackware-security] procps-ng (SSA:2018-142-03)

BugTraq Latest Security Advisories - May 23, 2018 - 3:30am

Posted by Slackware Security Team on May 23

[slackware-security] procps-ng (SSA:2018-142-03)

New procps-ng packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/procps-ng-3.3.15-i586-1_slack14.2.txz: Upgraded.
Shared library .so-version bump.
This update fixes bugs and security issues:
library: Fix integer overflow and LPE in file2strvec
library: Use...
Categories:

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

BugTraq Latest Security Advisories - May 23, 2018 - 3:21am

Posted by Slackware Security Team on May 23

[slackware-security] Slackware 14.2 kernel (SSA:2018-142-01)

New kernel packages are available for Slackware 14.2 to fix a regression in the
getsockopt() function and to fix two denial-of-service security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.132/*: Upgraded.
This kernel upgrade is being provided primarily to fix a regression in the
getsockopt() function,...
Categories:

[SECURITY] [DSA 4207-1] packagekit security update

BugTraq Latest Security Advisories - May 23, 2018 - 3:14am

Posted by Salvatore Bonaccorso on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-4207-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 22, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : packagekit
CVE ID : CVE-2018-1106
Debian Bug :...
Categories:

Bugtraq: [SECURITY] [DSA 4206-1] gitlab security update

[SECURITY] [DSA 4206-1] gitlab security update
Categories:

Bugtraq: Qualys Security Advisory - Procps-ng Audit Report

Qualys Security Advisory - Procps-ng Audit Report
Categories:

Bugtraq: [SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for

[SECURITY] [DSA 4205-1] Advance notification for upcoming end-of-life for
Categories:

Bugtraq: [SECURITY] [DSA 4204-1] imagemagick security update

[SECURITY] [DSA 4204-1] imagemagick security update
Categories:

Vuln: Apache Batik CVE-2018-8013 Information Disclosure Vulnerability

Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
Categories:

Vuln: Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability

Adobe Acrobat and Reader NT LAN Manager CVE-2018-4993 Information Disclosure Vulnerability
Categories:

Vuln: Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability

Adobe Acrobat and Reader CVE-2018-4990 Arbitrary Code Execution Vulnerability
Categories: