Feed aggregator

[SYSS-2017-004] Simplessus Files: Path Traversal

BugTraq Latest Security Advisories - February 16, 2017 - 4:21am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

[SYSS-2017-001] Simplessus Files: SQL Injection

BugTraq Latest Security Advisories - February 16, 2017 - 4:12am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-001
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

Bugtraq: Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - February 16, 2017 - 4:00am
Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability
Categories:

Bugtraq: CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)

Security Focus Latest Security Advisories - February 16, 2017 - 4:00am
CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
Categories:

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

BugTraq Latest Security Advisories - February 16, 2017 - 12:57am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

Title: Trendmicro InterScan Remote Root Access Vulnerability
Advisory ID: KL-001-2017-003
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version...
Categories:

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

BugTraq Latest Security Advisories - February 16, 2017 - 12:47am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

Title: Trendmicro InterScan Arbitrary File Write
Advisory ID: KL-001-2017-001
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version 3.5.1321.el6.x86_64; Application...
Categories:

Bugtraq: Advisory X41-2017-002: Multiple Vulnerabilities in ytnef

Security Focus Latest Security Advisories - February 16, 2017 - 12:00am
Advisory X41-2017-002: Multiple Vulnerabilities in ytnef
Categories:

Bugtraq: CVE-2017-5586: Remote code execution in OpenText Documentum D2

Security Focus Latest Security Advisories - February 16, 2017 - 12:00am
CVE-2017-5586: Remote code execution in OpenText Documentum D2
Categories:

next-20170216: linux-next

Linux Kernel Updates - February 15, 2017 - 11:42pm
Version:next-20170216 (linux-next) Released:2017-02-16

Bugtraq: [security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

Security Focus Latest Security Advisories - February 15, 2017 - 1:00pm
[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information
Categories:

Bugtraq: Cisco Security Response: Cisco Smart Install Protocol Misuse

Security Focus Latest Security Advisories - February 15, 2017 - 1:00pm
Cisco Security Response: Cisco Smart Install Protocol Misuse
Categories:

Bugtraq: [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information

Security Focus Latest Security Advisories - February 15, 2017 - 1:00pm
[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information
Categories:

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

BugTraq Latest Security Advisories - February 15, 2017 - 12:34pm

Posted by Cisco Systems Product Security Incident Response Team on Feb 15

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170215-ucs

Revision 1.0

For Public Release 2017 February 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute
arbitrary workflow items with just an end-user profile.

The...
Categories:

CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)

BugTraq Latest Security Advisories - February 15, 2017 - 12:27pm

Posted by Andrey B. Panfilov on Feb 15

CVE Identifier: CVE-2017-5585
Vendor: OpenText
Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available

Description:

Previously announced fix for CVE-2014-2520 seems to be incomplete: when PostgreSQL Database is used and
return_top_results_row_based config option is set to false, Content...
Categories:

CVE-2017-5586: Remote code execution in OpenText Documentum D2

BugTraq Latest Security Advisories - February 15, 2017 - 5:08am

Posted by Andrey B. Panfilov on Feb 15

CVE Identifier: CVE-2017-5586
Vendor: OpenText
Affected products: Documentum D2 version 4.x
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialised data
from untrusted sources, which leads to remote code execution

Proof of concept:...
Categories:

[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

BugTraq Latest Security Advisories - February 15, 2017 - 2:31am

Posted by security-alert on Feb 14

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893
Version: 1

HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using
OpenSSL, Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Cisco Security Response: Cisco Smart Install Protocol Misuse

BugTraq Latest Security Advisories - February 15, 2017 - 2:21am

Posted by Cisco Systems Product Security Incident Response Team on Feb 14

Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Several researchers have reported on the use of Smart Install (SMI) protocol messages
toward Smart Install clients, also known as integrated branch clients (IBC), allowing an
unauthenticated,...
Categories:

[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information

BugTraq Latest Security Advisories - February 15, 2017 - 2:12am

Posted by security-alert on Feb 14

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390849

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390849
Version: 1

HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-14
Last Updated:...
Categories: