Feed aggregator

Vuln: IBM Tealeaf Customer Experience CVE-2016-5975 Cross Site Scripting Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
IBM Tealeaf Customer Experience CVE-2016-5975 Cross Site Scripting Vulnerability
Categories:

Vuln: IBM Tealeaf Customer Experience CVE-2016-5976 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
IBM Tealeaf Customer Experience CVE-2016-5976 Information Disclosure Vulnerability
Categories:

Vuln: Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
Categories:

Vuln: IBM Tealeaf Customer Experience CVE-2016-5976 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
IBM Tealeaf Customer Experience CVE-2016-5976 Information Disclosure Vulnerability
Categories:

Vuln: ImageMagick Multiple Heap Overflow Vulnerabilities

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
ImageMagick Multiple Heap Overflow Vulnerabilities
Categories:

Vuln: IBM Security Guardium CVE-2016-0248 Man in the Middle Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
IBM Security Guardium CVE-2016-0248 Man in the Middle Information Disclosure Vulnerability
Categories:

Vuln: Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Network Time Protocol CVE-2015-7871 Authentication Bypass Vulnerability
Categories:

Vuln: HP Network Automation Java Deserialization CVE-2016-4385 Remote Code Execution Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
HP Network Automation Java Deserialization CVE-2016-4385 Remote Code Execution Vulnerability
Categories:

Vuln: Kerio Control Prior to 9.1.3 Multiple Security Vulnerabilities

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Kerio Control Prior to 9.1.3 Multiple Security Vulnerabilities
Categories:

Vuln: Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Multiple EMC Products CVE-2016-0918 Information Disclosure Vulnerability
Categories:

Vuln: ImageMagick CVE-2016-7513 Denial of Service Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
ImageMagick CVE-2016-7513 Denial of Service Vulnerability
Categories:

Vuln: Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
Categories:

Vuln: Google Chrome Logic Error Security Bypass Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Google Chrome Logic Error Security Bypass Vulnerability
Categories:

Vuln: ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability
Categories:

[SECURITY] [DSA 3673-1] openssl security update

BugTraq Latest Security Advisories - September 22, 2016 - 2:15pm

Posted by Moritz Muehlenhoff on Sep 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3673-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2016-2177 CVE-2016-2178...
Categories:

Bugtraq: [slackware-security] irssi (SSA:2016-265-03)

Security Focus Latest Security Advisories - September 22, 2016 - 12:00pm
[slackware-security] irssi (SSA:2016-265-03)
Categories:

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK

BugTraq Latest Security Advisories - September 22, 2016 - 10:25am

Posted by Jamie R on Sep 22

BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting
leading to disclosure of PSK.

A firmware update is required to resolve this issue.

The essential problem is that if you hit the following URL on your
wifi extender, it will pop up a whole load of private data, including
your PSK. Instead of doing a pop up, we could exfiltrate that data to
our server....
Categories:

Bugtraq: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Security Focus Latest Security Advisories - September 22, 2016 - 10:00am
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Categories:

IE11 is not following CORS specification for local files

BugTraq Latest Security Advisories - September 22, 2016 - 4:10am

Posted by Ricardo Iramar dos Santos on Sep 22

IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.

files as supposed to be.
In order to prove I've created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...
Categories:

Bugtraq: [security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access

Security Focus Latest Security Advisories - September 22, 2016 - 4:00am
[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access
Categories: