BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 29 min ago

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token

May 26, 2017 - 3:55pm

Posted by kyle Lovett on May 26

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys
CWE-522 :Insufficiently Protected Credentials

Products:
Wordpress Social Stream
Versions 1.6.0 and lower
https://codecanyon.net/item/wordpress-social-stream/2201708

Social Network Tabs
Versions 1.7.4 and lower
https://codecanyon.net/item/social-network-tabs-for-wordpress/1982987

Fix:
Wordpress Social Stream, V 1.6.1
https://codecanyon.net/item/wordpress-social-stream/2201708...
Categories:

[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities

May 26, 2017 - 3:45pm

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03730en_us
Version: 1

HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last...
Categories:

[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass

May 26, 2017 - 3:34pm

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03754en_us
Version: 1

HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5
Processor, Remote Access Restriction Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)

May 26, 2017 - 1:46am

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03750en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03750en_us
Version: 1

HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and
VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification,
Local Denial of Service (DoS)

NOTICE: The information...
Categories:

[SECURITY] [DSA 3863-1] imagemagick security update

May 26, 2017 - 1:35am

Posted by Moritz Muehlenhoff on May 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3863-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-7606 CVE-2017-7619...
Categories:

[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

May 25, 2017 - 2:06pm

Posted by HPE Product Security Response Team on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03746en_us
Version: 1

HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-05-14...
Categories:

WebKitGTK+ Security Advisory WSA-2017-0004

May 25, 2017 - 8:46am

Posted by Carlos Alberto Lopez Perez on May 25

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0004
------------------------------------------------------------------------

Date reported : May 25, 2017
Advisory ID : WSA-2017-0004
Advisory URL : https://webkitgtk.org/security/WSA-2017-0004.html
CVE identifiers : CVE-2017-2496, CVE-2017-2504, CVE-2017-2505,...
Categories:

[slackware-security] samba (SSA:2017-144-01)

May 25, 2017 - 1:04am

Posted by Slackware Security Team on May 24

[slackware-security] samba (SSA:2017-144-01)

New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded.
This update fixes a remote code execution vulnerability, allowing a
malicious client to upload a shared library to a writable share,...
Categories:

[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

May 25, 2017 - 12:55am

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03751en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03751en_us
Version: 1

HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last Updated:...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability

May 24, 2017 - 11:38am

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress AffiliateWP Plugin
Security Vulnerability

Advisory ID: DC-2017-05-05
Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress AffiliateWP Plugin
Language: PHP
Version: 2.0.8 and below (taken from the official GitHub repo)
Vendor...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability

May 24, 2017 - 11:29am

Posted by DefenseCode on May 24

DefenseCode ThunderScan SAST Advisory
WordPress Huge-IT Video Gallery Plugin
Security Vulnerability

Advisory ID: DC-2017-01-009
Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection
vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Huge-IT Video Gallery plugin
Language: PHP
Version: 2.0.4 and below
Vendor Status:...
Categories:

DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability

May 24, 2017 - 11:18am

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability

Advisory ID: DC-2017-01-002
Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress All In One Schema.org Rich Snippets Plugin
Language: PHP...
Categories:

[SECURITY] [DSA 3861-1] libtasn1-6 security update

May 24, 2017 - 8:28am

Posted by Sebastien Delafond on May 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
May 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-6
CVE ID : CVE-2017-6891
Debian Bug :...
Categories:

Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

May 23, 2017 - 7:38am

Posted by Secunia Research on May 23

======================================================================

Secunia Research 2016/05/22

Microsoft Windows Heap-based Buffer Overflow Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...
Categories:

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

May 22, 2017 - 1:51pm

Posted by HPE Product Security Response Team on May 22

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03744en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03744en_us
Version: 1

HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible....
Categories:

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

May 22, 2017 - 4:56am

Posted by hyp3rlinx on May 22

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec

Vendor:
====================
www.secure-bytes.com

Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle
and SQL...
Categories:

CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution

May 22, 2017 - 4:48am

Posted by hyp3rlinx on May 22

[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt
[+] ISR: APPARITIONSEC

Vendor:
=============
www.pmail.com

Product:
===========================
Pegasus "winpm-32.exe"
v4.72 build 572

Pegasus Mail: Pegasus Mail is a free, standards-based electronic mail client suitable for use by single or...
Categories:

CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection

May 22, 2017 - 4:41am

Posted by hyp3rlinx on May 22

[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt
[+] ISR: ApparitionSec

Vendor:
================
www.mantisbt.org

Product:
=========
Mantis Bug Tracker
1.3.10 / v2.3.0

MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL
databases....
Categories:

May 2017 - SourceTree - Critical Security Advisory

May 22, 2017 - 4:33am

Posted by Atlassian on May 22

This email refers to the advisory found at
https://confluence.atlassian.com/x/jW2xNQ .

CVE ID:

* CVE-2017-8768.

Product: SourceTree.

Affected SourceTree product versions:

* SourceTree for Mac 1.4.0 <= version < 2.5.1
* SourceTree for Windows 0.8.4b <= version < 2.0.20.1

Fixed SourceTree product versions:

* Versions of SourceTree for Mac equal to and above 2.5.1 contain a
fix for this issue.
* Versions of SourceTree for Windows...
Categories:

CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal

May 22, 2017 - 4:26am

Posted by hyp3rlinx on May 22

[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt
[+] ISR: ApparitionSec

Vendor:
====================
www.secure-bytes.com

Product:
=====================
Secure Auditor - v3.0

Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle
and SQL...
Categories: