Security News

Huawei ISM Professional XSS Vulnerability

Bug Traq - 26 July, 2016 - 10:45

Posted by ak47464659484 on Jul 26

Title: Huawei ISM Professional XSS Vulnerability
Software : ISM Professional OceanStor

Software Version : Copyright©Huawei Technologies Co., Ltd. 2009-2010. All rights reserved.

Vendor: www.huawei.com

Vulnerability Published : 2016-07-25

Author:zhiwei_jiang
Email:ak47464659484 () gmail com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
The ISM consists of device management software, cloud...

Bugtraq: [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution

Security Focus Vulnerabilities - 26 July, 2016 - 07:15
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution

Crashing Browsers Remotely via Insecure Search Suggestions

Bug Traq - 26 July, 2016 - 07:14

Posted by research on Jul 26

[Original here:
https://wwws.nightwatchcybersecurity.com/2016/07/26/research-crashing-browsers-remotely-via-insecure-search-suggestions/]

Summary

Intercepting insecure search suggestion requests from browsers, and
returning very large responses leads to browser crashes (but not RCE).
Affected browsers areFireFox on the desktop and Android, and Chrome on
desktop and Android – other Chromium and FireFox derived browsers
maybe affected. Internet...

MySQL 0days followup (CVE-2016-3477) CVSS 8.1

Bug Traq - 26 July, 2016 - 00:17

Posted by lem . nikolas on Jul 25

Among other issues reported, the most critical flaw in the July CPU 2016, rated CVSS v3.0 base score 8.1, is the Server
Parser subcomponent issue(CVE-2016-3477) and one of our findings.

Versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier are affected. The zero-day permits
unauthenticated users with login access to the infrastructure where MySQL Server executes to successfully compromise
and take over the database server....

July 2016 - Bamboo Server - Critical Security Advisory

Bug Traq - 26 July, 2016 - 00:08

Posted by David Black on Jul 25

Note: the current version of this advisory can be found at
https://confluence.atlassian.com/x/rSGSMQ .

CVE ID:
* CVE-2016-5229 - Deserialisation in Bamboo.

Product: Bamboo

Affected Bamboo product versions:
2.3.1 <= version < 5.11.4.1
5.12.0 <= version < 5.12.3.1

Fixed Bamboo product versions:
* for 5.11.x, Bamboo 5.11.4.1 has been released with a fix for this issue.
* for 5.12.x, Bamboo 5.12.3.1 has been released with a fix for...

[SECURITY] [DSA 3629-1] ntp security update

Bug Traq - 25 July, 2016 - 23:59

Posted by Moritz Muehlenhoff on Jul 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3629-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
July 25, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ntp
CVE ID : CVE-2015-7974 CVE-2015-7977...

Bugtraq: Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:55
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability

Bugtraq: Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:55
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability

Bugtraq: FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch

Security Focus Vulnerabilities - 25 July, 2016 - 23:55
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch

Vuln: OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
OpenSSL SRP CVE-2014-3512 Remote Denial of Service Vulnerability

Vuln: OpenSSL CVE-2014-3509 Remote Denial of Service Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
OpenSSL CVE-2014-3509 Remote Denial of Service Vulnerability

Vuln: OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
OpenSSL NULL Pointer Dereference CVE-2014-5139 Local Denial of Service Vulnerability

Vuln: OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
OpenSSL CVE-2014-3511 Man in the Middle Security Bypass Vulnerability

Vuln: PCRE 'find_fixedlength()' Function Heap Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE 'find_fixedlength()' Function Heap Buffer Overflow Vulnerability

Vuln: PCRE 'match()' Function Stack Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE 'match()' Function Stack Buffer Overflow Vulnerability

Vuln: PCRE CVE-2016-3191 Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE CVE-2016-3191 Buffer Overflow Vulnerability

Vuln: PCRE Regular CVE-2015-8385 Pattern Handling Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE Regular CVE-2015-8385 Pattern Handling Buffer Overflow Vulnerability

Vuln: PCRE Multiple Security Vulnerabilities

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE Multiple Security Vulnerabilities

Vuln: PCRE CVE-2015-8388 Buffer Overflow Vulnerability

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
PCRE CVE-2015-8388 Buffer Overflow Vulnerability

Vuln: Juniper Junos CVE-2016-1276 Multiple Denial of Service Vulnerabilities

Security Focus Vulnerabilities - 25 July, 2016 - 23:00
Juniper Junos CVE-2016-1276 Multiple Denial of Service Vulnerabilities
Syndicate content