Security News

Multiple Vulnerabilities in CubeCart

Bug Traq - 30 March, 2016 - 07:40

Posted by High-Tech Bridge Security Research on Mar 30

Advisory ID: HTB23298
Product: CubeCart
Vendor: CubeCart Limited
Vulnerable Version(s): 6.0.10 and probably prior
Tested Version: 6.0.10
Advisory Publication: March 2, 2016 [without technical details]
Vendor Notification: March 2, 2016
Vendor Patch: March 16, 2016
Public Disclosure: March 30, 2016
Vulnerability Type: SQL Injection [CWE-89], Cross-Site Scripting [CWE-79], Cross-Site Request Forgery [CWE-352]
Risk Level: Medium
CVSSv3 Base...

Bugtraq: [security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information

Security Focus Vulnerabilities - 30 March, 2016 - 07:35
[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information

Bugtraq: [SECURITY] [DSA 3534-1] dhcpcd security update

Security Focus Vulnerabilities - 30 March, 2016 - 07:35
[SECURITY] [DSA 3534-1] dhcpcd security update

CVE-2016-2385 Kamailio SEAS module heap buffer overflow

Bug Traq - 30 March, 2016 - 07:24

Posted by Stelios Tsampas on Mar 30

Kamailio (successor of former OpenSER and SER) is an Open Source SIP
Server released under GPL. It can be used to build large platforms for
VoIP and realtime communications, presence, WebRTC, Instant messaging
and other applications.

A heap overflow was found in Kamailio version 4.3.4 (possibly affecting
earlier versions also). The heap overflow takes place in the encode_msg
function of the SEAS module and can be triggered remotely if the module...

PayPal Bug Bounty #121 - (Profile) Filter Bypass & Persistent Web Vulnerability

Full Disclosure - 30 March, 2016 - 05:19

Posted by Vulnerability Lab on Mar 30

Document Title:
===============
PayPal Bug Bounty #121 - (Profile) Filter Bypass & Persistent Web
Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1627

ID: EIBBP-32725

Video: http://www.vulnerability-lab.com/get_content.php?id=1697

Release Date:
=============
2016-03-30

Vulnerability Laboratory ID (VL-ID):
====================================
1627

Common Vulnerability Scoring...

Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities

Bug Traq - 30 March, 2016 - 03:21

Posted by kyle Lovett on Mar 30

EHCP Easy Hosting Control Panel
Multiple Vulnerabilities -
Clear Text MySQL Root Password
Insufficiently Protected Sensitive Data
Authentication Bypass
Unauthenticated Arbitrary File Upload

Software Links:
https://launchpad.net/ehcp
http://www.ehcp.net
https://sourceforge.net/p/ehcp/wiki/
--------------------------------------------------------------------------------------------
Description:
“ehcp is a hosting control panel, for multiple...

[SECURITY] [DSA 3535-1] kamailio security update

Bug Traq - 30 March, 2016 - 03:04

Posted by Moritz Muehlenhoff on Mar 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3535-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
March 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kamailio
CVE ID : CVE-2016-2385

Stelios Tsampas...

Bugtraq: Fireware XTM Web UI - Open Redirect

Security Focus Vulnerabilities - 30 March, 2016 - 02:20
Fireware XTM Web UI - Open Redirect

Bugtraq: [SECURITY] [DSA 3533-1] openvswitch security update

Security Focus Vulnerabilities - 30 March, 2016 - 02:20
[SECURITY] [DSA 3533-1] openvswitch security update

[security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information

Bug Traq - 29 March, 2016 - 14:35

Posted by security-alert on Mar 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05030906

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05030906
Version: 2

HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure
of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

Bugtraq: BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)

Security Focus Vulnerabilities - 29 March, 2016 - 14:30
BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)

Bugtraq: BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)

Security Focus Vulnerabilities - 29 March, 2016 - 14:30
BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)

[SECURITY] [DSA 3534-1] dhcpcd security update

Bug Traq - 29 March, 2016 - 14:23

Posted by Salvatore Bonaccorso on Mar 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3534-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
March 29, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : dhcpcd
CVE ID : CVE-2012-6698 CVE-2012-6699...

For those of you who don't have POLITICO PRO...

Daily Dave - 25 March, 2016 - 12:39

Posted by Dave Aitel on Mar 25

*Wassenaar critics settle in for a long slog*

By David Perera

03/25/2016 05:00 AM EDT

When the Obama administration promised in February to seek revisions to a
2013 agreement restricting international sales of cybersecurity products,
it handed an unlikely victory to the pact's opponents.

But now the sense of triumph among cybersecurity firms and security
researchers may yield to a compromise that leaves many of the Wassenaar...

OS X and patching being hard.

Daily Dave - 24 March, 2016 - 14:54

Posted by dave aitel on Mar 24

One thing I find quite interesting is that people who are not in our
community often think vulnerabilities are very simple to fix, if only
they get reported. For example, assuming the FDA gets its way and has
some level of regulatory-like effort that demands a response time for
fixing software security issues in medical equipment in lieu of offering
a recall.

But even the biggest software company on Earth, Apple, finds this hard
to do. For...
Syndicate content