[SECURITY] [DSA 3420-1] bind9 security update

2015-12-15 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3420-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 15, 2015

[SECURITY] [DSA 3419-1] cups-filters security update

2015-12-15 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3419-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 15, 2015

Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]

2015-12-15 Thread Hector Marco-Gisbert
Hi everyone, A vulnerability in Grub2 (Back to 28) has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords)

[SECURITY] [DSA 3418-1] chromium-browser security update

2015-12-15 Thread Michael Gilbert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3418-1 secur...@debian.org https://www.debian.org/security/ Michael Gilbert December 14, 2015

[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)

2015-12-15 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04858589 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04858589 Version: 1 HPSBST03517

Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)

2015-12-15 Thread Stefan Kanthak
Hi @ll, several McAfee "security" products, most notably their Security Scan Plus (see for a previous advisory) which Adobe pushes to unsuspecting users of Adobe Reader and Flash Player, are offered as executable installers built with the vulnerabl

phpback v1.1 XSS vulnerability

2015-12-15 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-XSS.txt Vendor: www.phpback.org Product: === phpback v1.1 The open source feedback system, PHPBack is feedback a web application tha