BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 2 min 29 sec ago

Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host

August 27, 2015 - 11:30am

Posted by Rich Pieri on Aug 27

UAC is not a security boundary. It's purpose is to annoy users in order
to force vendors to fix their bad code:

http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/
Categories:

[SECURITY] [DSA 3344-1] php5 security update

August 27, 2015 - 11:21am

Posted by Sebastien Delafond on Aug 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3344-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 27, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2015-4598 CVE-2015-4643...
Categories:

[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information

August 27, 2015 - 11:11am

Posted by security-alert on Aug 27

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04772190

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04772190
Version: 2

HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-26
Last Updated:...
Categories:

UAC Bypass Vulnerability on "Windows 7" in Windows Script Host

August 27, 2015 - 7:29am

Posted by vozzie on Aug 27

UAC Bypass Vulnerability in Windows Script Host.

The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another
exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a
manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC
settings are default.

Both ZDI...
Categories:

[security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code

August 27, 2015 - 7:22am

Posted by security-alert on Aug 27

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773272

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773272
Version: 1

HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote
Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information

August 26, 2015 - 1:57pm

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774058

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774058
Version: 1

HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote
Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins

August 26, 2015 - 12:32pm

Posted by grajalerts . noreply on Aug 26

Details
================
Software: YouTube Embed
Version: 3.3.2
Homepage: https://wordpress.org/plugins/youtube-embed/
CVE ID: CVE-2015-6535 (Pending)
CWE ID: CWE-79
CVSS: 5.5 (Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N)

Description
================
A stored XSS vulnerability in YouTube Embed 3.3.2 (and possibly earlier versions) allows admin users to compromise
other admins and super admins.

YouTube Embed is a WordPress plugin with over 30,000...
Categories:

[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information

August 26, 2015 - 11:23am

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04773004

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04773004
Version: 1

HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification,
Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information

August 26, 2015 - 11:16am

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04767175

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04767175
Version: 1

HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized
Modification, Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

[security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information

August 26, 2015 - 8:53am

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04777255

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04777255
Version: 1

HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-25...
Categories:

[security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information

August 26, 2015 - 8:43am

Posted by security-alert on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04777195

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04777195
Version: 1

HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-25
Last Updated:...
Categories:

[SECURITY] [DSA 3343-1] twig security update

August 26, 2015 - 6:46am

Posted by Sebastien Delafond on Aug 26

-------------------------------------------------------------------------
Debian Security Advisory DSA-3343-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 26, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : twig

James Kettle, Alain Tiemblo, Christophe Coevoet and...
Categories:

RE: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities

August 26, 2015 - 6:38am

Posted by M.H.P. van Diem on Aug 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04765169

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04765169
Version: 1

HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux,
Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:21.amd64

August 26, 2015 - 6:30am

Posted by FreeBSD Security Advisories on Aug 26

=============================================================================
FreeBSD-SA-15:21.amd64 Security Advisory
The FreeBSD Project

Topic: Local privilege escalation in IRET handler

Category: core
Module: sys_amd64
Announced: 2015-08-25
Credits: Konstantin Belousov, Andrew Lutomirski
Affects: FreeBSD...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:22.openssh

August 26, 2015 - 6:21am

Posted by FreeBSD Security Advisories on Aug 26

=============================================================================
FreeBSD-SA-15:22.openssh Security Advisory
The FreeBSD Project

Topic: OpenSSH multiple vulnerabilities

Category: contrib
Module: openssh
Announced: 2015-08-25
Affects: All supported versions of FreeBSD.
Corrected: 2015-08-25 20:48:44 UTC...
Categories:

[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities

August 25, 2015 - 6:45am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04765169

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04765169
Version: 1

HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux,
Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities

August 25, 2015 - 6:38am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774021

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774021
Version: 1

HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-24...
Categories:

[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities

August 25, 2015 - 6:31am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04765115

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04765115
Version: 1

HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows
and Linux, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

August 25, 2015 - 6:22am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774019

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04774019
Version: 1

HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-24
Last Updated:...
Categories:

[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification

August 25, 2015 - 6:14am

Posted by security-alert on Aug 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04772946

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04772946
Version: 1

HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-08-24
Last...
Categories: