Feed aggregator

Dropbox 6.4.14 DLL Hijacking Vulnerability

BugTraq Latest Security Advisories - July 26, 2016 - 10:54am

Posted by mehta . himanshu21 on Jul 26

Aloha,

Summary
Dropbox Installer for Windows contains a DLL hijacking vulnerability that could allow an unauthenticated, remote
attacker to execute arbitrary code on the targeted system. The vulnerability exists due to some DLL file is loaded by
'DropboxInstaller.exe' improperly. And it allows an attacker to load this DLL file of the attacker’s choosing that
could execute arbitrary code without the user's knowledge.

Affected...
Categories:

Huawei ISM Professional XSS Vulnerability

BugTraq Latest Security Advisories - July 26, 2016 - 10:45am

Posted by ak47464659484 on Jul 26

Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
The ISM consists of device management software, cloud...
Categories:

Bugtraq: July 2016 - Bamboo Server - Critical Security Advisory

Security Focus Latest Security Advisories - July 26, 2016 - 10:00am
July 2016 - Bamboo Server - Critical Security Advisory
Categories:

Bugtraq: [SECURITY] [DSA 3629-1] ntp security update

Security Focus Latest Security Advisories - July 26, 2016 - 10:00am
[SECURITY] [DSA 3629-1] ntp security update
Categories:

Bugtraq: [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution

[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
Categories:

Crashing Browsers Remotely via Insecure Search Suggestions

BugTraq Latest Security Advisories - July 26, 2016 - 7:14am

Posted by research on Jul 26

[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-browsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected browsers areFireFox on the desktop and Android, and Chrome on
desktop and Android – other Chromium and FireFox derived browsers
maybe affected. Internet...
Categories:

next-20160726: linux-next

Linux Kernel Updates - July 26, 2016 - 12:56am
Version:next-20160726 (linux-next) Released:2016-07-26

MySQL 0days followup (CVE-2016-3477) CVSS 8.1

BugTraq Latest Security Advisories - July 26, 2016 - 12:17am

Posted by lem . nikolas on Jul 25

Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server
Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits
unauthenticated users with login access to the infrastructure where MySQL Server executes to successfully compromise
and take over the database server....
Categories:

July 2016 - Bamboo Server - Critical Security Advisory

BugTraq Latest Security Advisories - July 26, 2016 - 12:08am

Posted by David Black on Jul 25

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= version < 5.12.3.1

Fixed Bamboo product versions:
* for 5.11.x, Bamboo 5.11.4.1 has been released with a fix for this issue.
* for 5.12.x, Bamboo 5.12.3.1 has been released with a fix for...
Categories:

[SECURITY] [DSA 3629-1] ntp security update

BugTraq Latest Security Advisories - July 25, 2016 - 11:59pm

Posted by Moritz Muehlenhoff on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3629-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntp
CVE ID : CVE-2015-7974 CVE-2015-7977...
Categories:

Bugtraq: Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability
Categories:

Bugtraq: Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability
Categories:

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch
Categories:

Vuln: PCRE 'find_fixedlength()' Function Heap Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
PCRE 'find_fixedlength()' Function Heap Buffer Overflow Vulnerability
Categories:

Vuln: PCRE 'match()' Function Stack Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
PCRE 'match()' Function Stack Buffer Overflow Vulnerability
Categories:

Vuln: PCRE CVE-2016-3191 Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
PCRE CVE-2016-3191 Buffer Overflow Vulnerability
Categories:

Vuln: PCRE Regular CVE-2015-8385 Pattern Handling Buffer Overflow Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
PCRE Regular CVE-2015-8385 Pattern Handling Buffer Overflow Vulnerability
Categories:

Vuln: Juniper Junos CVE-2016-1276 Multiple Denial of Service Vulnerabilities

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
Juniper Junos CVE-2016-1276 Multiple Denial of Service Vulnerabilities
Categories:

Vuln: cURL/libcURL NTLM Connection CVE-2016-0755 Remote Security Bypass Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
cURL/libcURL NTLM Connection CVE-2016-0755 Remote Security Bypass Vulnerability
Categories:

Vuln: GNU glibc CVE-2015-8777 Local Security Bypass Vulnerability

Security Focus Latest Security Advisories - July 25, 2016 - 11:00pm
GNU glibc CVE-2015-8777 Local Security Bypass Vulnerability
Categories: