MySQL 0days followup (CVE-2016-3477) CVSS 8.1

2016-07-25 Thread lem . nikolas
Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server Parser subcomponent issue(CVE-2016-3477) and one of our findings. Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits

July 2016 - Bamboo Server - Critical Security Advisory

2016-07-25 Thread David Black
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Note: the current version of this advisory can be found at https://confluence.atlassian.com/x/rSGSMQ . CVE ID: * CVE-2016-5229 - Deserialisation in Bamboo. Product: Bamboo Affected Bamboo product versions: 2.3.1 <= version < 5.11.4.1 5.12.0 <=

[SECURITY] [DSA 3629-1] ntp security update

2016-07-25 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3629-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 25, 2016

[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution

2016-07-25 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05206507 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05206507 Version: 1 HPSBGN03630

Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability

2016-07-25 Thread Secunia Research
== Secunia Research 25/07/2016 Reprise License Manager "akey" Buffer Overflow Vulnerability == Table of Contents Affected

Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

2016-07-25 Thread Secunia Research
== Secunia Research 25/07/2016 Reprise License Manager "actserver" Buffer Overflow Vulnerability == Table of Contents Affected

[SECURITY] [DSA 3628-1] perl security update

2016-07-25 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3628-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2016

FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch

2016-07-25 Thread FreeBSD Security Advisories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-16:25.bspatchSecurity Advisory The FreeBSD Project Topic:

XSS and SQLi in huge IT gallery v1.1.5 for Joomla

2016-07-25 Thread Larry W. Cashdollar
Title: XSS and SQLi in huge IT gallery v1.1.5 for Joomla Fixed: v1.1.7 Author: Larry W. Cashdollar, @_larry0 and Elitza Neytcheva, @ElitzaNeytcheva Date: 2016-07-14 Download Site: http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro Vendor: huge-it.com Vendor

SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr

2016-07-25 Thread SEC Consult Vulnerability Lab
SEC Consult Vulnerability Lab Security Advisory < 20160725-0 > === title: Multiple vulnerabilities product: Micro Focus (former Novell) Filr Appliance vulnerable version: Filr 2 <=2.0.0.421,

[SECURITY] [DSA 3627-1] phpmyadmin security update

2016-07-25 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - - Debian Security Advisory DSA-3627-1 secur...@debian.org https://www.debian.org/security/ Thijs Kinkhorst July 24, 2016

Cross-Site Scripting in Code Snippets WordPress Plugin

2016-07-25 Thread Summer of Pwnage
Cross-Site Scripting in Code Snippets WordPress Plugin Burak Kelebek, July 2016

Cross-Site Scripting in Contact Form to Email WordPress Plugin

2016-07-25 Thread Summer of Pwnage
Cross-Site Scripting in Contact Form to Email WordPress Plugin Burak Kelebek, July 2016

Neoscreen v4.5 Cross-site scripting

2016-07-25 Thread alex_haynes
Exploit Title: Neoscreen Cross-site scripting Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: NONE Credit: Alex Haynes Advisory

Neoscreen v4.5 Blind SQL injection

2016-07-25 Thread alex_haynes
Exploit Title: Neoscreen Blind SQL injection Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Neoscreen v4.5 Authentication bypass

2016-07-25 Thread alex_haynes
Exploit Title: Neoscreen v4.5 Authentication bypass Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Authentication Bypass Issues [CWE-592] CVE Reference: NONE Credit: Alex Haynes

[SECURITY] [DSA 3626-1] openssh security update

2016-07-25 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3626-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2016

Autobahn|Python Insecure allowedOrigins validation >= 0.14.1

2016-07-25 Thread mgill
Observation: Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. Proof of Concept:

Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design

2016-07-25 Thread Stefan Kanthak
Hi @ll, Windows 7 introduced the "Deployment Image Servicing and Management" tool DISM.exe; this command line program is called for example by its predecessor PkgMgr.exe (a GUI program which requests elevated privileges), or by Windows Update (which runs under SYSTEM account). DISM.exe needs to

Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking

2016-07-25 Thread Stefan Kanthak
Hi @ll, this is a followup to "case 36" (posted as "case 35" by mistake), . Proof of concept #1: 1. On a 64-bit edition of Windows download the 32-bit and 64-bit executable installers "eclipse-inst-win32.exe" and

[slackware-security] bind (SSA:2016-204-01)

2016-07-25 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] bind (SSA:2016-204-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog:

CA20160721-01: Security Notice for CA eHealth

2016-07-25 Thread Kotas, Kevin J
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CA20160721-01: Security Notice for CA eHealth Issued: 2016-07-21 Last Updated: 2016-07-21 CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface, CVE-2016-6151 and

[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example

2016-07-25 Thread Tim Allison
CVE-2016-5000: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example Severity: Important Vendor: The Apache Software Foundation Versions Affected: POI 3.5-3.13 Description: Apache POI's XLSX2CSV example uses Java's XML components to parse OpenXML files. Applications

MySQL zero-day vulnerabilities (July 2016 CPU)

2016-07-25 Thread lem . nikolas
MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy, Google, Facebook, Twitter just to cite a few.. In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source product, and to identify and mitigate