[SECURITY] [DSA 3673-1] openssl security update

2016-09-22 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3673-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 22, 2016

Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK

2016-09-22 Thread Jamie R
BT Wifi Extenders - 300, 600 and 1200 models - Cross Site Scripting leading to disclosure of PSK. A firmware update is required to resolve this issue. The essential problem is that if you hit the following URL on your wifi extender, it will pop up a whole load of private data, including your PSK.

IE11 is not following CORS specification for local files

2016-09-22 Thread Ricardo Iramar dos Santos
IE11 is not following CORS specification for local files like Chrome and Firefox. I've contacted Microsoft and they say this is not a security issue so I'm sharing it. >From my tests IE11 is not following CORS specifications for local files as supposed to be. In order to prove I've created a malici

[slackware-security] irssi (SSA:2016-265-03)

2016-09-22 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] irssi (SSA:2016-265-03) New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +

[security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities

2016-09-22 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05270839 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05270839 Version: 1 HPSBHF03646 rev.1 - HPE Com

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

2016-09-22 Thread Larry W. Cashdollar
Title: Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Author: Larry W. Cashdollar, @_larry0 Date: 2016-09-15 Download Site: http://huge-it.com/joomla-video-gallery/ Vendor: www.huge-it.com, fixed v1.1.0 Vendor Notified: 2016-09-17 Vendor Contact: i...@huge-it.com Descript

[security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access

2016-09-22 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05273584 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05273584 Version: 2 HPSBGN03645 rev.2 - HPE Hel

[slackware-security] pidgin (SSA:2016-265-01)

2016-09-22 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] pidgin (SSA:2016-265-01) New pidgin packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--

[SECURITY] [DSA 3672-1] irssi security update

2016-09-22 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3672-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2016