Feed aggregator

Bugtraq: [security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification

Security Focus Latest Security Advisories - August 25, 2015 - 6:30am
[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification
Categories:

Bugtraq: [SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5

Security Focus Latest Security Advisories - August 25, 2015 - 6:30am
[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5
Categories:

Bugtraq: [SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

Security Focus Latest Security Advisories - August 25, 2015 - 6:30am
[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
Categories:

Bugtraq: [SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

Security Focus Latest Security Advisories - August 25, 2015 - 6:30am
[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
Categories:

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

BugTraq Latest Security Advisories - August 25, 2015 - 6:22am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019
Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-24
Last Updated:...
Categories:

[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification

BugTraq Latest Security Advisories - August 25, 2015 - 6:14am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04772946

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04772946
Version: 1

HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-24
Last...
Categories:

next-20150825: linux-next

Linux Kernel Updates - August 25, 2015 - 3:27am
Version:next-20150825 (linux-next) Released:2015-08-25

Bugtraq: [SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5

Security Focus Latest Security Advisories - August 24, 2015 - 1:00pm
[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5
Categories:

Bugtraq: [SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5

Security Focus Latest Security Advisories - August 24, 2015 - 1:00pm
[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5
Categories:

[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by security-alert on Dec 31

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773241

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773241
Version: 1

HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins
(iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of
Information, Unauthorized Modification

NOTICE: The information in...
Categories:

[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-026
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Denial of Service (CWE-730)
Overly Restrictive Account Lockout Mechanism (CWE-645)
Risk Level: Medium
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:...
Categories:

[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-027
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned
Author of Advisory: Dr....
Categories:

[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-028
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned
Author of Advisory: Dr....
Categories:

[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-029
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Insecure Direct Object Reference (CWE-932)
Risk Level: Medium
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned
Author of...
Categories:

[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-032
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Broken Authentication and Session Management (CWE-930)
Risk Level: High
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned...
Categories:

[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-030
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Improper Handling of Insufficient Privileges (CWE-274)
Risk Level: High
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned...
Categories:

SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by erlijn . vangenuchten on Dec 31

Advisory ID: SYSS-2015-033
Product: Page2Flip
Vendor: w!ssenswerft GmbH
Affected Version(s): Premium App 2.5, probably also in Business App
and Basic App, and in lower versions
Tested Version(s): Premium App 2.5
Vulnerability Type: Missing Function Level Access Control (CWE-935)
Risk Level: High
Solution Status: Open
Vendor Notification: 2015-06-29
Solution Date:
Public Disclosure:
CVE Reference: Not yet assigned
Author of...
Categories:

Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by ajs on Dec 31

Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation

Vendor Website : http://www.sonicwall.com

INDEX
---------------------------------------
1. CVE
2. Background
3. Description
4. Affected Products
5. Solution
6. Credit
7. Disclosure Timeline

1. CVE
---------------------------------------
CVE: 2015-4173

2. BACKGROUND
---------------------------------------
SonicWALL NetExtender is a transparent...
Categories:

[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by matthias . deeg on Dec 31

Advisory ID: SYSS-2015-025
Product: Netop Remote Control
Vendor: Netop
Affected Version(s): 11.52, 12.11
Tested Version(s): 11.52, 12.11
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Insufficiently Protected Credentials (CWE-522)
Risk Level: Medium
Solution Status: Not fixed
Vendor Notification: 2015-06-19
Solution Date: -
Public Disclosure: 2015-08-24
CVE Reference: Not yet assigned
Author of Advisory:...
Categories:

Cross site request forgery vulnerability in Linksys WAG120N

BugTraq Latest Security Advisories - August 24, 2015 - 12:45pm

Posted by DonVallejo . on Dec 31

Hello all,

i want to share a problem that i found with Linksys router WAG120N. It
could be possible to modify router's configuration when a user visit a
webpage with an specific <form> (it is a similar problem that i sent
some days ago with Comtrend routers:
http://www.securityfocus.com/archive/1/536232).

Linksys WAG120N doesn’t accept the configuration if it is sent in the
url by method GET. In this case it is necessary to send...
Categories: