Feed aggregator

CollabNet Subversion Edge tail local file inclusion

BugTraq Latest Security Advisories - June 29, 2015 - 8:35am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "fileName" parameter of the "tail" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered...
Categories:

CollabNet Subversion Edge downloadHook local file inclusion

BugTraq Latest Security Advisories - June 29, 2015 - 8:27am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: Local file inclusion in CollabNet Subversion Edge Management
# Frontend via logfile "filename" parameter of the "downloadHook" action
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Local file inclusion
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw...
Categories:

CollabNet Subversion Edge Password Hash Leak

BugTraq Latest Security Advisories - June 29, 2015 - 8:20am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge Management frontend user credential
# (hash) leak
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Credential leak
#
# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted
2014-10-21 Vendor response
2014-12-08...
Categories:

CollabNet Subversion Edge Hook Script Privilege Escalation

BugTraq Latest Security Advisories - June 29, 2015 - 8:12am

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge Management Frontend SVN hook scripts
# privilege escalation
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Privilege escalation design flaw
#
# CVE : Requested
# Risk: High
#
# CVSS Vector: AV:N/Ac:L/Au:S/C:C/I:C/A:C/E:POC/RL:W/RC:UC
# CVSS Base Score: 9.0
# CVSS Temporal Score: 7.0...
Categories:

CSRF Vulnerability in C2Box application CVE-2015-4460

BugTraq Latest Security Advisories - June 29, 2015 - 8:04am

Posted by wissam . bashour on Jun 29

Please add this advisory to your archive.
Thanks.
#####################################
Title: Cross-Site Request Forgery (CSRF) Vulnerability in C2Box application Allows adding an Admin User or reset any
user's password.
Author: Wissam Bashour - Help AG Middle East
Vendor: boxautomation(B.A.S)
Product: C2Box
Version: All versions below 4.0.0(r19171)
Tested Version: Version 4.0.0(r19171)
Severity: HIGH
CVE Reference: CVE-2015-4460

#...
Categories:

Bugtraq: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information

[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
Categories:

Bugtraq: SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences
Categories:

Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
Categories:

Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10

BugTraq Latest Security Advisories - June 29, 2015 - 7:57am

Posted by Tim on Jun 29

Vulnerability: Session Fixation, Reflected XSS, Code Execution
Affected Software: PivotX (http://pivotx.net/)
Affected Version: 2.3.10 (probably also prior versions)
Patched Version: 2.3.11
Risk: Medium-High

Session Fixation
================

Risk
----

Medium; If victim clicks link and logs in, then an attacker can log in
as the victim

POC
---

1. Send victim to:...
Categories:

[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - June 29, 2015 - 7:49am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 2

HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and
MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security...
Categories:

[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - June 29, 2015 - 7:41am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04720842

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04720842
Version: 1

HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and
MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of
Information

NOTICE: The information in this Security...
Categories:

[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information

BugTraq Latest Security Advisories - June 29, 2015 - 7:32am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04724996

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04724996
Version: 1

HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with
TLS, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - June 29, 2015 - 7:24am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04576624

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04576624
Version: 3

HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

BugTraq Latest Security Advisories - June 29, 2015 - 7:14am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04718530
Version: 1

HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-06-26
Last Updated: 2015-06-26...
Categories:

[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information

BugTraq Latest Security Advisories - June 29, 2015 - 7:06am

Posted by security-alert on Jun 29

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04710027

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04710027
Version: 1

HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent
running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
Categories:

SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences

BugTraq Latest Security Advisories - June 29, 2015 - 6:59am

Posted by SEC Consult Vulnerability Lab on Jun 29

SEC Consult Vulnerability Lab Security Advisory < 20150626-0 >
=======================================================================
title: Critical vulnerabilities allow surveillance on conferences
product: Polycom RealPresence Resource Manager (RPRM)
vulnerable versions: <8.4
fixed version: 8.4
CVE numbers: CVE-2015-4681, CVE-2015-4682, CVE-2015-4683, CVE-2015-4684...
Categories:

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

BugTraq Latest Security Advisories - June 29, 2015 - 6:50am

Posted by Security Alert on Jun 29

ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities

CVE Identifier: CVE-2015-0543, CVE-2015-0544

Severity Rating: CVSS v2 Base Score: See below for individual scores for each CVE

Affected products:

• ESRS VE version 3.02
• ESRS VE version 3.03
• ESRS VE version 3.04

Summary: ESRS VE version 3.06 contains security fixes for multiple vulnerabilities that could...
Categories:

Bugtraq: Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
Categories:

Bugtraq: ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
Categories:

Bugtraq: Netgear Prosafe VPN Firewalls - Multiple vulnerabilities

Netgear Prosafe VPN Firewalls - Multiple vulnerabilities
Categories: