-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04718530
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04718530
Version: 2
HPSBUX03359
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] seamonkey (SSA:2015-274-03)
New seamonkey packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--+
patches/packa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-thunderbird (SSA:2015-274-01)
New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] php (SSA:2015-274-02)
New php packages are available for Slackware 14.0, 14.1, and -current to
fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--+
patches/packages/php-5.4.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04779034
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04779034
Version: 2
HPSBST03418
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-CSRF.txt
Vendor:
www.ftgate.com
Product:
FTGate 2009 SR3 May 13 2010 Build 6.4.00
V
Document Title
Tripwire IP360 VnE Remote Administrative API Authentication
Bypass/Privilege Acquisition Vulnerability
Affected Products
===
Vendor: Tripwire
Software/Appliance: IP360 VnE Vulnerability Manager
Affected (verified) versions: v7.2.2 -> v7.2.5
CVE
==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2015-039
Product: Secure MFT
Vendor: http://www.opentext.com
Affected Version(s): 2013 R3, 2014 R1/R2, 2015 R1
Tested Version(s): 2014 R2 SP4
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Statu
Hi,
Yet another RCE bug in ManageEngine ServiceDesk.
This was disclosed by ZDI under ID ZDI-15-396 on August 20th, and fixed
in version 9103 [1].
Details below, full advisory can be obtained from my repo at [E2].
A Metasploit module that exploits this vulnerability has been submitted
upstream in
(Sorry for the "CVE-2015-ABCD" place-holders in the report, but
OpenSMTPD's developers were ready with the patches before MITRE was
ready with the CVE-IDs.)
Qualys Security Advisory
OpenSMTPD Audit Report
Contents
===
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
=
FreeBSD-SA-15:24.rpcbindSecurity Advisory
The FreeBSD Project
Topic:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: ZTE GPON F427 and possibly F460/F600 - authorization bypass and
cleartext password storage
Author: Jerzy Patraszewski
Date: 10 July 2015
Affected software :
===
ZTE GPON: F427
Version:V3.0
Firmwar
Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was
in the "BIRT Viewer" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Viewer"
was configure
Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was
in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine"
was configure
Advisory ID: HTB23273
Product: SourceBans
Vendor: Sourcebans team
Vulnerable Version(s): 1.4.11 and probably prior
Tested Version: 1.4.11
Advisory Publication: October 2, 2015 [without technical details]
Vendor Notification: October 2, 2015
Public Disclosure: October 23, 2015
Vulnerability Type
Vulnerability title: Multiple Reflected XSS in Payment Form for PayPal Pro
version 1.0.1 WordPress plugin
CVE: CVE-2015-7666
Vendor: WordPress DWBooster
Product: Payment Form for PayPal Pro
Affected version: 1.0.1
Fixed version: 1.0.2
Reported by: Ibéria Medeiros
Vulnerability Details:
==
Vulnerability title: Multiple Reflected XSS in ResAds version 1.0.1 WordPress
plugin
CVE: CVE-2015-7667
Vendor: WordPress web-mv
Product: ResAds
Affected version: 1.0.1
Fixed version: 1.0.2
Reported by: Ibéria Medeiros
Vulnerability Details:
=
It was discovered that no protect
Vulnerability title: A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin
CVE: CVE-2015-7668
Vendor: Steven Ellis
Product: Easy2Map
Affected version: 1.2.9
Fixed version: 1.3.0
Reported by: Ibéria Medeiros
Vulnerability Details:
=
It was discovered that no protection agai
Vulnerability title: Multiple Path/Directory Traversal and/or Local File
Inclusion in Easy2Map version 1.2.9 WordPress plugin
CVE: CVE-2015-7669
Vendor: Steven Ellis
Product: Easy2Map
Affected version: 1.2.9
Fixed version: 1.3.0
Reported by: Ibéria Medeiros
Vulnerability Details:
[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/AS-LANSPY-BUFFER-OVERFLOW-10052015.txt
Vendor:
www.lantricks.com
Product:
LanSpy.exe
LanSpy is network se
20 matches
Mail list logo