Security News

Bugtraq: [SECURITY] [DSA 3559-1] iceweasel security update

Security Focus Vulnerabilities - 28 April, 2016 - 00:50
[SECURITY] [DSA 3559-1] iceweasel security update

Bugtraq: EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Security Focus Vulnerabilities - 28 April, 2016 - 00:50
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Bugtraq: Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Security Focus Vulnerabilities - 28 April, 2016 - 00:50
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Bugtraq: [slackware-security] mozilla-firefox (SSA:2016-117-01)

Security Focus Vulnerabilities - 28 April, 2016 - 00:50
[slackware-security] mozilla-firefox (SSA:2016-117-01)

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Bug Traq - 28 April, 2016 - 00:47

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...

Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

Bug Traq - 28 April, 2016 - 00:40

Posted by Mahmut Firuz Dumlupinar - Vendor on Apr 27


CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Bug Traq - 28 April, 2016 - 00:31

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Bug Traq - 28 April, 2016 - 00:23

Posted by Tony Homer on Apr 27

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
An arbitrary plugin can be executed when a user clicks on a link.

Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.

Credit:
This issue was discovered by Muneaki Nishimura...

Xerox Phaser 6700 - Remote Root-Exploits utilizing Clone Files

Full Disclosure - 27 April, 2016 - 21:17

Posted by Raphael Ernst on Apr 27

Document Title:
===============
Xerox Phaser 6700 - Remote Root-Exploits utilizing Clone Files

References (Source):
====================
-
http://www.fkie.fraunhofer.de/de/forschungsbereiche/cyber-analysis-and-defense/vulnerability-disclosure.html
- https://www.rapid7.com/db/modules/exploit/unix/misc/xerox_mfp
- http://h.foofus.net/~percX/Xerox_hack.pdf

Release Date:
=============
2016-04-27

Product & Service Introduction:...

Bug bounty submission

Full Disclosure - 27 April, 2016 - 21:17

Posted by test111 tesla on Apr 27

Hi. My name is Takashi Suzuki. I found reflected xss on mozilla's services(wiki.mozilla.org). I want to list my bug on
your list. What should I do?

Full detail is found on bugzilla.

Source: https://bugzilla.mozilla.org/show_bug.cgi?id=1267464

Thank you.

Bugtraq: [SECURITY] [DSA 3558-1] openjdk-7 security update

Security Focus Vulnerabilities - 27 April, 2016 - 13:35
[SECURITY] [DSA 3558-1] openjdk-7 security update

[SECURITY] [DSA 3559-1] iceweasel security update

Bug Traq - 27 April, 2016 - 13:32

Posted by Moritz Muehlenhoff on Apr 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3559-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2016-2805 CVE-2016-2807...

Bugtraq: [SECURITY] [DSA 3557-1] mysql-5.5 security update

Security Focus Vulnerabilities - 27 April, 2016 - 11:35
[SECURITY] [DSA 3557-1] mysql-5.5 security update

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Bug Traq - 27 April, 2016 - 10:30

Posted by Securify B.V. on Apr 27

------------------------------------------------------------------------
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that EMC M&R (Watch4net) does not...

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Full Disclosure - 27 April, 2016 - 10:12

Posted by Securify B.V. on Apr 27

------------------------------------------------------------------------
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that EMC M&R (Watch4net) does not...

Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Bug Traq - 27 April, 2016 - 07:55

Posted by Vulnerability Lab on Apr 27

Document Title:
===============
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667

Oracle ID: S0666670

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
====================================
1667

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...

Bugtraq: Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

Security Focus Vulnerabilities - 27 April, 2016 - 07:30
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Full Disclosure - 27 April, 2016 - 07:15

Posted by Vulnerability Lab on Apr 27

Document Title:
===============
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667

Oracle ID: S0666670

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
====================================
1667

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...

[slackware-security] mozilla-firefox (SSA:2016-117-01)

Bug Traq - 27 April, 2016 - 03:31

Posted by Slackware Security Team on Apr 27

[slackware-security] mozilla-firefox (SSA:2016-117-01)

New mozilla-firefox packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-38.8.0esr-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

Bugtraq: Trend Micro (Account) - Email Spoofing Web Vulnerability

Security Focus Vulnerabilities - 27 April, 2016 - 03:30
Trend Micro (Account) - Email Spoofing Web Vulnerability
Syndicate content