Security News

[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor

Full Disclosure - 31 May, 2016 - 06:46

Posted by RedTeam Pentesting GmbH on May 31

Advisory: XML External Entity Expansion in Paessler PRTG Network Monitor

Authenticated users who can create new HTTP XML/REST Value sensors in
PRTG Network Monitor can read local files on the PRTG host system via
XML external entity expansion.

Details
=======

Product: Paessler PRTG Network Monitor
Affected Versions: 14.4.12.3282
Fixed Versions: 16.2.23.3077/3078
Vulnerability Type: XML External Entity Expansion
Security Risk: medium
Vendor...

Bugtraq: [slackware-security] imagemagick (SSA:2016-152-01)

Security Focus Vulnerabilities - 31 May, 2016 - 06:40
[slackware-security] imagemagick (SSA:2016-152-01)

Bugtraq: [SECURITY] Lorex ECO DVR Hard coded password

Security Focus Vulnerabilities - 31 May, 2016 - 06:40
[SECURITY] Lorex ECO DVR Hard coded password

Bugtraq: [SECURITY] [DSA 3589-1] gdk-pixbuf security update

Security Focus Vulnerabilities - 31 May, 2016 - 06:40
[SECURITY] [DSA 3589-1] gdk-pixbuf security update

Bugtraq: WebKitGTK+ Security Advisory WSA-2016-0004

Security Focus Vulnerabilities - 31 May, 2016 - 04:40
WebKitGTK+ Security Advisory WSA-2016-0004

[slackware-security] mozilla-thunderbird (SSA:2016-152-02)

Bug Traq - 31 May, 2016 - 04:17

Posted by Slackware Security Team on May 31

[slackware-security] mozilla-thunderbird (SSA:2016-152-02)

New mozilla-thunderbird packages are available for Slackware 14.1 and -current
to fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-45.1.1-i486-1_slack14.1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] imagemagick (SSA:2016-152-01)

Bug Traq - 31 May, 2016 - 04:06

Posted by Slackware Security Team on May 31

[slackware-security] imagemagick (SSA:2016-152-01)

New imagemagick packages are available for Slackware 14.0, 14.1, and -current
to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/imagemagick-6.8.6_10-i486-3_slack14.1.txz: Rebuilt.
Removed popen() support to prevent another shell vulnerability. This
issue was discovered by Bob Friesenhahn, of the GraphicsMagick...

Bugtraq: [oCERT 2016-001] Jetty path sanitization issues

Security Focus Vulnerabilities - 31 May, 2016 - 03:40
[oCERT 2016-001] Jetty path sanitization issues

[SECURITY] Lorex ECO DVR Hard coded password

Bug Traq - 30 May, 2016 - 13:46

Posted by andrew . hofmans on May 30

1. ADVISORY INFORMATION
=======================
Product: Lorex ECO DVR
Vendor URL: https://www.lorextechnology.com/
Type: Hard coded password [CWE-259]
Date found: 2016-05-04
Date published: 2016-05-30
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Andrew Hofmans. https://www.andrewhofmans.com

3. VERSIONS AFFECTED
====================
Vulnerability successfully tested on Lorex LH162400 DVR firmware...

[SECURITY] [DSA 3589-1] gdk-pixbuf security update

Bug Traq - 30 May, 2016 - 13:37

Posted by Salvatore Bonaccorso on May 30

-------------------------------------------------------------------------
Debian Security Advisory DSA-3589-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : gdk-pixbuf
CVE ID : CVE-2015-7552 CVE-2015-8875...

Bugtraq: Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router

Security Focus Vulnerabilities - 30 May, 2016 - 13:20
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router

Bugtraq: [SECURITY] [DSA 3588-1] symfony security update

Security Focus Vulnerabilities - 30 May, 2016 - 13:20
[SECURITY] [DSA 3588-1] symfony security update

Bugtraq: [slackware-security] php (SSA:2016-148-03)

Security Focus Vulnerabilities - 30 May, 2016 - 11:00
[slackware-security] php (SSA:2016-148-03)

WebKitGTK+ Security Advisory WSA-2016-0004

Bug Traq - 30 May, 2016 - 10:22

Posted by Carlos Alberto Lopez Perez on May 30

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0004
------------------------------------------------------------------------

Date reported : May 30, 2016
Advisory ID : WSA-2016-0004
Advisory URL : http://webkitgtk.org/security/WSA-2016-0004.html
CVE identifiers : CVE-2016-1854, CVE-2016-1856, CVE-2016-1857,...

Re: Where the nuclear metaphors all breakdown.

Daily Dave - 25 May, 2016 - 19:14

Posted by Konrads Smelkovs on May 25

Big boys are used to think in campaigns and campaigns require
man-power who in turn need roof, electricity, pay, internet
connection, moral support and so on. Clamping down on this then
reduces the number of cyber-attacks.

It of course may be possible that military leaders think that nmap and
metasploit come with a five digit price tag, but that's unlikely -
enough people have read about hacktivists and enough people have in
turn provided...

Re: Where the nuclear metaphors all breakdown.

Daily Dave - 25 May, 2016 - 18:49

Posted by Adam Segal on May 25

I like the watermark idea, though I doubt I would have gotten Tang to
agree since she basically did not want to talk about specific types of
operations. It would have required acknowledging Chinese operators were
mapping the battlefield, something she is not in a place to do.

And yes, you're right to point out the differences of views of undesirable
behavior. We might agree on taking down (or replacing with cupcake recipe
) IED...
Syndicate content