Feed aggregator

Vuln: Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability

Security Focus Latest Security Advisories - January 16, 2018 - 12:00am
Oracle WebLogic Server CVE-2017-10271 Remote Security Vulnerability
Categories:

Vuln: Linux Kernel CVE-2017-1000405 Local Race Condition Vulnerability

Security Focus Latest Security Advisories - January 16, 2018 - 12:00am
Linux Kernel CVE-2017-1000405 Local Race Condition Vulnerability
Categories:

Broken TLS certificate pinning in VTech DigiGo Kid Connect app

BugTraq Latest Security Advisories - January 15, 2018 - 10:32am

Posted by Summer of Pwnage on Jan 15

------------------------------------------------------------------------
Broken TLS certificate pinning in VTech DigiGo Kid Connect app
------------------------------------------------------------------------
Sipke Mellema, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
VTech's DigiGo is a hand held smart device for...
Categories:

Adminer <= v4.3.1 Server Side Request Forgery

BugTraq Latest Security Advisories - January 15, 2018 - 10:29am

Posted by apparitionsec on Jan 15

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
[+] ISR: apparition security

Vendor:
==============
www.adminer.org

Product:
================
Adminer <= v4.3.1

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it...
Categories:

Authentication bypass in Kaseya VSA

BugTraq Latest Security Advisories - January 15, 2018 - 10:28am

Posted by Securify B.V. on Jan 15

------------------------------------------------------------------------
Authentication bypass in Kaseya VSA
------------------------------------------------------------------------
Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A security vulnerability was found in Kaseya VSA that allows users to...
Categories:

Seagate Media Server allows deleting of arbitrary files and folders

BugTraq Latest Security Advisories - January 15, 2018 - 10:26am

Posted by Summer of Pwnage on Jan 15

------------------------------------------------------------------------
Seagate Media Server allows deleting of arbitrary files and folders
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...
Categories:

[SECURITY] [DSA 4086-1] libxml2 security update

BugTraq Latest Security Advisories - January 15, 2018 - 10:17am

Posted by Salvatore Bonaccorso on Jan 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4086-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 13, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxml2
CVE ID : CVE-2017-15412
Debian Bug :...
Categories:

[SECURITY] [DSA 4087-1] transmission security update

BugTraq Latest Security Advisories - January 15, 2018 - 10:14am

Posted by Moritz Muehlenhoff on Jan 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4087-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : transmission
CVE ID : not yet available

Tavis...
Categories:

Multiple vulnerabilities in VTech DigiGo allow browser overlay attack

BugTraq Latest Security Advisories - January 15, 2018 - 10:13am

Posted by Summer of Pwnage on Jan 15

------------------------------------------------------------------------
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack
------------------------------------------------------------------------
Sipke Mellema, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
VTech's DigiGo is a hand held smart device...
Categories:

Arbitrary file read in Kaseya VSA

BugTraq Latest Security Advisories - January 15, 2018 - 10:12am

Posted by Securify B.V. on Jan 15

------------------------------------------------------------------------
Arbitrary file read in Kaseya VSA
------------------------------------------------------------------------
Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A security vulnerability was found in Kaseya VSA file download file...
Categories:

Broken TLS certificate validation in VTech DigiGo browser

BugTraq Latest Security Advisories - January 15, 2018 - 10:05am

Posted by Summer of Pwnage on Jan 15

------------------------------------------------------------------------
Broken TLS certificate validation in VTech DigiGo browser
------------------------------------------------------------------------
Sipke Mellema, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
VTech's DigiGo is a hand held smart device for...
Categories:

Code execution in Kaseya VSA

BugTraq Latest Security Advisories - January 15, 2018 - 9:56am

Posted by Securify B.V. on Jan 15

------------------------------------------------------------------------
Code execution in Kaseya VSA
------------------------------------------------------------------------
Kin Hung Cheng, Robert Hartshorn, May 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A security vulnerability was found in Kaseya VSA file upload file...
Categories:

[SECURITY] [DSA 4085-1] xmltooling security update

BugTraq Latest Security Advisories - January 15, 2018 - 9:41am

Posted by Moritz Muehlenhoff on Jan 15

-------------------------------------------------------------------------
Debian Security Advisory DSA-4085-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xmltooling
CVE ID : CVE-2018-0486

Philip Huppert...
Categories:

[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege

BugTraq Latest Security Advisories - January 15, 2018 - 9:38am

Posted by security-alert on Jan 15

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03800en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03800en_us
Version: 1

HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and
Local Elevation or Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass

BugTraq Latest Security Advisories - January 15, 2018 - 9:34am

Posted by security-alert on Jan 15

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbns03804en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbns03804en_us
Version: 1

HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction
Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2018-01-12
Last...
Categories: