Security News

Bugtraq: [SECURITY] [DSA 3620-1] pidgin security update

Security Focus Vulnerabilities - 18 July, 2016 - 11:45
[SECURITY] [DSA 3620-1] pidgin security update

Bugtraq: [SECURITY] [DSA 3619-1] libgd2 security update

Security Focus Vulnerabilities - 18 July, 2016 - 11:45
[SECURITY] [DSA 3619-1] libgd2 security update

Bugtraq: [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution

Security Focus Vulnerabilities - 18 July, 2016 - 03:55
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution

[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon

Bug Traq - 18 July, 2016 - 03:30

Posted by bashis on Jul 18

#!/usr/bin/env python2.7
#
# [SOF]
#
# [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
# Research and development by bashis <mcw noemail eu> 2016
#
# This format string vulnerability has following characteristic:
# - Heap Based (Exploiting string located on the heap)
# - Blind Attack (No output the remote attacker)(*)
# - Remotly exploitable (As anonymous, no credentials needed)
#
# (*) Not so...

Multiple vulns in Vodafone EasyBox 804

Bug Traq - 18 July, 2016 - 00:25

Posted by Tim Schughart on Jul 17

Hi@all

#### General Information
## Report history:
Since 01.05. we have contacted the support of Vodafone 3 times. There has been no response until today.
Toady we release the vulnerabilities in hope that Vodafone will react.

## Vendor Information:
Vodafone is worldwide operating ISP.
Quotation of vodafone.com - about us:
"
Today, more than 400 million customers around the world choose us.

In 30 years, a small mobile operator in Newbury...

[SECURITY] [DSA 3620-1] pidgin security update

Bug Traq - 18 July, 2016 - 00:04

Posted by Salvatore Bonaccorso on Jul 17

-------------------------------------------------------------------------
Debian Security Advisory DSA-3620-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
July 15, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : pidgin
CVE ID : CVE-2016-2365 CVE-2016-2366...

Bugtraq: [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:40
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability

Bugtraq: [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:40
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability

Vuln: libarchive CVE-2016-4300 Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:00
libarchive CVE-2016-4300 Heap Buffer Overflow Vulnerability

Vuln: Libarchive CVE-2015-8933 Local Denial of Service Vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:00
Libarchive CVE-2015-8933 Local Denial of Service Vulnerability

Vuln: Libarchive CVE-2015-8934 Local Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:00
Libarchive CVE-2015-8934 Local Heap Buffer Overflow Vulnerability

Vuln: Libarchive CVE-2016-4302 Local Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 17 July, 2016 - 23:00
Libarchive CVE-2016-4302 Local Heap Buffer Overflow Vulnerability

Vuln: Oracle Java SE CVE-2016-3449 Remote Security Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
Oracle Java SE CVE-2016-3449 Remote Security Vulnerability

Vuln: IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
IBM Java SDK CVE-2016-0376 Incomplete Fix Arbitrary Code Execution Vulnerability

Vuln: IBM WebSphere Application Server CVE-2016-0306 Information Disclosure Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
IBM WebSphere Application Server CVE-2016-0306 Information Disclosure Vulnerability

Vuln: Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability

Vuln: IBM WebSphere Application Server CVE-2015-7417 Cross Site Scripting Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
IBM WebSphere Application Server CVE-2015-7417 Cross Site Scripting Vulnerability

Vuln: Intel HD Graphics Windows Kernel Driver CVE-2016-5647 Local Arbitrary Code Execution Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
Intel HD Graphics Windows Kernel Driver CVE-2016-5647 Local Arbitrary Code Execution Vulnerability

Vuln: Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
Flexera InstallAnywhere CVE-2016-4560 Local Code Execution Vulnerability

Vuln: libgd 'read_image_tga' Function Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 15 July, 2016 - 23:00
libgd 'read_image_tga' Function Heap Buffer Overflow Vulnerability
Syndicate content