Feed aggregator

Vuln: Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
Categories:

Vuln: Google Chrome Logic Error Security Bypass Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
Google Chrome Logic Error Security Bypass Vulnerability
Categories:

Vuln: ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 11:00pm
ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability
Categories:

[SECURITY] [DSA 3673-1] openssl security update

BugTraq Latest Security Advisories - September 22, 2016 - 2:15pm

Posted by Moritz Muehlenhoff on Sep 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3673-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 22, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2016-2177 CVE-2016-2178...
Categories:

Bugtraq: [slackware-security] irssi (SSA:2016-265-03)

Security Focus Latest Security Advisories - September 22, 2016 - 12:00pm
[slackware-security] irssi (SSA:2016-265-03)
Categories:

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK

BugTraq Latest Security Advisories - September 22, 2016 - 10:25am

Posted by Jamie R on Sep 22

BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting
leading to disclosure of PSK.

A firmware update is required to resolve this issue.

The essential problem is that if you hit the following URL on your
wifi extender, it will pop up a whole load of private data, including
your PSK. Instead of doing a pop up, we could exfiltrate that data to
our server....
Categories:

Bugtraq: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Security Focus Latest Security Advisories - September 22, 2016 - 10:00am
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Categories:

IE11 is not following CORS specification for local files

BugTraq Latest Security Advisories - September 22, 2016 - 4:10am

Posted by Ricardo Iramar dos Santos on Sep 22

IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.

files as supposed to be.
In order to prove I've created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...
Categories:

Bugtraq: [security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access

Security Focus Latest Security Advisories - September 22, 2016 - 4:00am
[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access
Categories:

[slackware-security] irssi (SSA:2016-265-03)

BugTraq Latest Security Advisories - September 22, 2016 - 3:56am

Posted by Slackware Security Team on Sep 22

[slackware-security] irssi (SSA:2016-265-03)

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/irssi-0.8.20-i586-1_slack14.2.txz: Upgraded.
This update fixes two remote crash and heap corruption vulnerabilites
in Irssi's format parsing code. Impact: Remote crash...
Categories:

[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities

BugTraq Latest Security Advisories - September 22, 2016 - 3:40am

Posted by security-alert on Sep 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05270839

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05270839
Version: 1

HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-21
Last...
Categories:

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

BugTraq Latest Security Advisories - September 22, 2016 - 3:30am

Posted by Larry W. Cashdollar on Sep 22

Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-15
Download Site: http://huge-it.com/joomla-video-gallery/
Vendor: www.huge-it.com, fixed v1.1.0
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description: A video slideshow gallery.
Vulnerability:
The following code does not prevent an unauthenticated user from injecting SQL into functions located...
Categories:

[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access

BugTraq Latest Security Advisories - September 22, 2016 - 3:20am

Posted by security-alert on Sep 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05273584

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05273584
Version: 2

HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction
Bypass, Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-15...
Categories:

[slackware-security] pidgin (SSA:2016-265-01)

BugTraq Latest Security Advisories - September 22, 2016 - 3:05am

Posted by Slackware Security Team on Sep 22

[slackware-security] pidgin (SSA:2016-265-01)

New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/pidgin-2.11.0-i586-1_slack14.2.txz: Upgraded.
This release fixes bugs and security issues.
For more information, see:
https://www.pidgin.im/news/security/
(* Security...
Categories:

[SECURITY] [DSA 3672-1] irssi security update

BugTraq Latest Security Advisories - September 22, 2016 - 2:50am

Posted by Salvatore Bonaccorso on Sep 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3672-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 21, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : irssi
CVE ID : CVE-2016-7044 CVE-2016-7045

Gabriel...
Categories:

Bugtraq: Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 2:00am
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
Categories:

Bugtraq: Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability

Security Focus Latest Security Advisories - September 22, 2016 - 2:00am
Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability
Categories:

Bugtraq: APPLE-SA-2016-09-20-6 tvOS 10

Security Focus Latest Security Advisories - September 22, 2016 - 2:00am
APPLE-SA-2016-09-20-6 tvOS 10
Categories:

Bugtraq: APPLE-SA-2016-09-20-5 watchOS 3

Security Focus Latest Security Advisories - September 22, 2016 - 2:00am
APPLE-SA-2016-09-20-5 watchOS 3
Categories:

next-20160922: linux-next

Linux Kernel Updates - September 22, 2016 - 1:08am
Version:next-20160922 (linux-next) Released:2016-09-22