Security News

Vuln: JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Security Focus Vulnerabilities - 24 December, 2016 - 00:00
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability

Vuln: Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 8 December, 2016 - 00:00
Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability

Vuln: mod_nss Module CVE-2015-5244 Security Bypass Vulnerability

Security Focus Vulnerabilities - 14 September, 2016 - 23:00
mod_nss Module CVE-2015-5244 Security Bypass Vulnerability

Bugtraq: nullcon 8-bit Call for Papers is open

Security Focus Vulnerabilities - 20 min 9 sec ago
nullcon 8-bit Call for Papers is open

Bugtraq: [slackware-security] gnupg (SSA:2016-236-01)

Security Focus Vulnerabilities - 20 min 9 sec ago
[slackware-security] gnupg (SSA:2016-236-01)

Bugtraq: [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

Security Focus Vulnerabilities - 20 min 9 sec ago
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities

Bugtraq: Path traversal vulnerability in WordPress Core Ajax handlers

Security Focus Vulnerabilities - 20 min 9 sec ago
Path traversal vulnerability in WordPress Core Ajax handlers

More rss feeds from SecurityFocus

Security Focus Vulnerabilities - 20 min 9 sec ago
News, Infocus, Columns, Vulnerabilities, Bugtraq ...

Bugtraq: Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client

Security Focus Vulnerabilities - 1 hour 15 min ago
Horizontal Privilege Escalation/Code Injection in ownCloudâ??s Windows Client

nullcon 8-bit Call for Papers is open

Bug Traq - 1 hour 57 min ago

Posted by nullcon on Aug 24

Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of...

Bugtraq: [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

Security Focus Vulnerabilities - 4 hours 30 min ago
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method

[slackware-security] gnupg (SSA:2016-236-01)

Bug Traq - 4 hours 50 min ago

Posted by Slackware Security Team on Aug 23

[slackware-security] gnupg (SSA:2016-236-01)

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.21-i586-1_slack14.2.txz: Upgraded.
Fix critical security bug in the RNG [CVE-2016-6313]. An attacker who
obtains 580 bytes from the standard RNG can trivially...

Vuln: OpenSSL CVE-2016-2176 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 6 hours 10 min ago
OpenSSL CVE-2016-2176 Information Disclosure Vulnerability

NEW VMSA-2016-0013 - VMware Identity Manager and vRealize Automation updates address multiple security issues

Full Disclosure - 23 August, 2016 - 20:06

Posted by VMware Security Response Center on Aug 23

---------------------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2016-0013
Severity: Important
Synopsis: VMware Identity Manager and vRealize Automation updates address multiple
security issues
Issue date: 2016-08-23
Updated on: 2016-08-23 (Initial Advisory)
CVE number: CVE-2016-5335, CVE-2016-5336

1. Summary

VMware Identity...

SAINTCON 2016 Details

Daily Dave - 23 August, 2016 - 10:59

Posted by Troy Jessup on Aug 23

SAINTCON 2016 DETAILS

SAINT CON (SAINT is an Acronym for "Security Advisory and Incident Network Team") is a moderate sized hacking
conference based in Utah. SAINTCON is a non-profit event where we provide a security conference focused on training,
discussion, and information sharing.

When you attend SAINTCON, you will experience one of the best information security conferences that combines
professional, casual, and social...

Re: Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read

Full Disclosure - 23 August, 2016 - 10:23

Posted by Onapsis Research on Aug 23

Correcting timeline:

7. Report Timeline
==================
- 03/21/2015: Onapsis provides vulnerability information to SAP AG.
- 04/14/2015: SAP reports fix is In Process.
- 10/13/2015: SAP releases SAP Security Note 2203591 fixing the
vulnerability.
- 07/20/2016: Onapsis Releases Security Advisory.

El 19/08/2016 a las 11:49 a.m., Onapsis Research escribió:

Re: Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal

Full Disclosure - 23 August, 2016 - 10:19

Posted by Onapsis Research on Aug 23

Correcting timeline:

7. Report Timeline
==================
- 03/21/2015: Onapsis provides vulnerability information to SAP AG.
- 04/14/2015: SAP reports fix is In Process.
- 10/13/2015: SAP releases SAP Security Note 2203591 fixing the
vulnerability.
- 07/20/2016: Onapsis Releases Security Advisory.

El 19/08/2016 a las 11:47 a.m., Onapsis Research escribió:

Re: Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution

Full Disclosure - 23 August, 2016 - 08:10

Posted by Onapsis Research on Aug 23

Correcting timeline:

7. Report Timeline
==================
- 03/21/2015: Onapsis provides vulnerability information to SAP AG.
- 04/14/2015: SAP reports fix is In Process.
- 10/13/2015: SAP releases SAP Security Note 2203591 fixing the
vulnerability.
- 07/20/2016: Onapsis Releases Security Advisory.

El 19/08/2016 a las 11:36 a.m., Onapsis Research escribió:

Vuln: MatrixSSL Bignum Denial of Service Vulnerability

Security Focus Vulnerabilities - 22 August, 2016 - 23:00
MatrixSSL Bignum Denial of Service Vulnerability

Vuln: Foxit Reader and Foxit PhantomPDF Out of Bounds Read and Write Remote Code Execution Vulnerability

Security Focus Vulnerabilities - 22 August, 2016 - 23:00
Foxit Reader and Foxit PhantomPDF Out of Bounds Read and Write Remote Code Execution Vulnerability
Syndicate content