Feed aggregator

Bugtraq: Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

Security Focus Latest Security Advisories - February 5, 2016 - 2:00am
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass
Categories:

Bugtraq: AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

Security Focus Latest Security Advisories - February 5, 2016 - 2:00am
AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.
Categories:

next-20160205: linux-next

Linux Kernel Updates - February 4, 2016 - 10:42pm
Version:next-20160205 (linux-next) Released:2016-02-05

WordPress User Meta Manager Plugin [Blind SQLI]

BugTraq Latest Security Advisories - February 4, 2016 - 11:59am

Posted by pan . vagenas on Feb 04

* Exploit Title: WordPress User Meta Manager Plugin [Blind SQLI]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4.1
* Category: webapps

Description...
Categories:

WordPress User Meta Manager Plugin [Privilege Escalation]

BugTraq Latest Security Advisories - February 4, 2016 - 11:43am

Posted by pan . vagenas on Feb 04

* Exploit Title: WordPress User Meta Manager Plugin [Privilege Escalation]
* Discovery Date: 2015/12/28
* Public Disclosure Date: 2016/02/04
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: http://jasonlau.biz/home/
* Software Link: https://wordpress.org/plugins/user-meta-manager/
* Version: 3.4.6
* Tested on: WordPress 4.4.1
* Category: webapps

Description...
Categories:

Bugtraq: AST-2016-002: File descriptor exhaustion in chan_sip

Security Focus Latest Security Advisories - February 4, 2016 - 11:00am
AST-2016-002: File descriptor exhaustion in chan_sip
Categories:

Bugtraq: AST-2016-001: BEAST vulnerability in HTTP server

Security Focus Latest Security Advisories - February 4, 2016 - 11:00am
AST-2016-001: BEAST vulnerability in HTTP server
Categories:

Bugtraq: [slackware-security] php (SSA:2016-034-04)

Security Focus Latest Security Advisories - February 4, 2016 - 7:00am
[slackware-security] php (SSA:2016-034-04)
Categories:

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

BugTraq Latest Security Advisories - February 4, 2016 - 6:32am

Posted by Vulnerability Lab on Feb 04

Document Title:
===============
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1710

Apple Follow-up ID: 631627909

Video: http://www.vulnerability-lab.com/get_content.php?id=1711

Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2016/02/04/apple-ios-v9x-application-update-loop-pass-code-bypass...
Categories:

[slackware-security] mozilla-firefox (SSA:2016-034-01)

BugTraq Latest Security Advisories - February 4, 2016 - 3:11am

Posted by Slackware Security Team on Feb 04

[slackware-security] mozilla-firefox (SSA:2016-034-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.6.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...
Categories:

Bugtraq: [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300

Security Focus Latest Security Advisories - February 4, 2016 - 3:00am
[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
Categories:

[slackware-security] openssl (SSA:2016-034-03)

BugTraq Latest Security Advisories - February 4, 2016 - 2:58am

Posted by Slackware Security Team on Feb 03

[slackware-security] openssl (SSA:2016-034-03)

New openssl packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.1r-i486-1_slack14.1.txz: Upgraded.
This update fixes the following security issue:
SSLv2 doesn't block disabled ciphers (CVE-2015-3197).
For more information, see:...
Categories:

[slackware-security] php (SSA:2016-034-04)

BugTraq Latest Security Advisories - February 4, 2016 - 2:44am

Posted by Slackware Security Team on Feb 03

[slackware-security] php (SSA:2016-034-04)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.6.17-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs and security issues.
*****************************************************************
* IMPORTANT: READ BELOW ABOUT POTENTIALLY...
Categories:

[slackware-security] MPlayer (SSA:2016-034-02)

BugTraq Latest Security Advisories - February 4, 2016 - 2:27am

Posted by Slackware Security Team on Feb 03

[slackware-security] MPlayer (SSA:2016-034-02)

New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
and -current to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz: Upgraded.
This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release.
The bundled ffmpeg has been upgraded to...
Categories:

AST-2016-002: File descriptor exhaustion in chan_sip

BugTraq Latest Security Advisories - February 4, 2016 - 2:03am

Posted by Asterisk Security Team on Feb 03

Asterisk Project Security Advisory - AST-2016-002

Product Asterisk
Summary File descriptor exhaustion in chan_sip
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
Categories:

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.

BugTraq Latest Security Advisories - February 4, 2016 - 1:50am

Posted by Asterisk Security Team on Feb 03

Asterisk Project Security Advisory - AST-2016-003

Product Asterisk
Summary Remote crash vulnerability when receiving UDPTL FAX
data.
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions...
Categories:

AST-2016-001: BEAST vulnerability in HTTP server

BugTraq Latest Security Advisories - February 4, 2016 - 1:38am

Posted by Asterisk Security Team on Feb 03

Asterisk Project Security Advisory - AST-2016-001

Product Asterisk
Summary BEAST vulnerability in HTTP server
Nature of Advisory Unauthorized data disclosure due to
man-in-the-middle attack
Susceptibility Remote unauthenticated sessions...
Categories:

[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300

BugTraq Latest Security Advisories - February 4, 2016 - 1:24am

Posted by Pedro Ribeiro on Feb 03

Hi,

CERT/CC has helped me disclose two vulnerabilities in NETGEAR's
Pro"safe" Network Management System 300 [1]. Two classical bugs: one
remote code execution via arbitrary file upload and an authenticated
arbitrary file download.

The full advisory can be seen in my repo at [2] and it is also pasted
below. I've also released two Metasploit modules to exploit these
vulnerabilities [3][4].

There is currently no fix for these...
Categories:

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability

BugTraq Latest Security Advisories - February 4, 2016 - 1:07am

Posted by David Coomber on Feb 03

Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
Categories:

Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

BugTraq Latest Security Advisories - February 4, 2016 - 12:43am

Posted by Cisco Systems Product Security Incident Response Team on Feb 03

Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability

Advisory ID: cisco-sa-20160203-n9knci

Revision 1.0

For Public Release 2016 February 3 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the ICMP implementation in the Cisco Nexus 9000
Series Application Centric Infrastructure (ACI) Mode Switch could
allow an unauthenticated, remote attacker to...
Categories: