BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 48 min ago

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

14 hours 23 min ago

Posted by Vulnerability Lab on Feb 20

Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================================
2029

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3790-1] spice security update

February 17, 2017 - 12:25am

Posted by Salvatore Bonaccorso on Feb 16

-------------------------------------------------------------------------
Debian Security Advisory DSA-3790-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spice
CVE ID : CVE-2016-9577 CVE-2016-9578
Debian...
Categories:

[SYSS-2017-004] Simplessus Files: Path Traversal

February 16, 2017 - 4:21am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

[SYSS-2017-001] Simplessus Files: SQL Injection

February 16, 2017 - 4:12am

Posted by adrian . vollmer on Feb 16

Advisory ID: SYSS-2017-001
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...
Categories:

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

February 16, 2017 - 12:57am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

Title: Trendmicro InterScan Remote Root Access Vulnerability
Advisory ID: KL-001-2017-003
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version...
Categories:

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

February 16, 2017 - 12:47am

Posted by KoreLogic Disclosures on Feb 15

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

Title: Trendmicro InterScan Arbitrary File Write
Advisory ID: KL-001-2017-001
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version 3.5.1321.el6.x86_64; Application...
Categories:

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

February 15, 2017 - 12:34pm

Posted by Cisco Systems Product Security Incident Response Team on Feb 15

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170215-ucs

Revision 1.0

For Public Release 2017 February 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute
arbitrary workflow items with just an end-user profile.

The...
Categories:

CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)

February 15, 2017 - 12:27pm

Posted by Andrey B. Panfilov on Feb 15

CVE Identifier: CVE-2017-5585
Vendor: OpenText
Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available

Description:

Previously announced fix for CVE-2014-2520 seems to be incomplete: when PostgreSQL Database is used and
return_top_results_row_based config option is set to false, Content...
Categories:

CVE-2017-5586: Remote code execution in OpenText Documentum D2

February 15, 2017 - 5:08am

Posted by Andrey B. Panfilov on Feb 15

CVE Identifier: CVE-2017-5586
Vendor: OpenText
Affected products: Documentum D2 version 4.x
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialised data
from untrusted sources, which leads to remote code execution

Proof of concept:...
Categories:

[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information

February 15, 2017 - 2:31am

Posted by security-alert on Feb 14

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893
Version: 1

HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using
OpenSSL, Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Cisco Security Response: Cisco Smart Install Protocol Misuse

February 15, 2017 - 2:21am

Posted by Cisco Systems Product Security Incident Response Team on Feb 14

Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Several researchers have reported on the use of Smart Install (SMI) protocol messages
toward Smart Install clients, also known as integrated branch clients (IBC), allowing an
unauthenticated,...
Categories:

[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information

February 15, 2017 - 2:12am

Posted by security-alert on Feb 14

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390849

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390849
Version: 1

HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-14
Last Updated:...
Categories:

[security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

February 14, 2017 - 2:02pm

Posted by security-alert on Feb 14

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390722

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390722
Version: 1

HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-14
Last Updated: 2017-02-14...
Categories:

[SECURITY] [DSA 3788-1] tomcat8 security update

February 14, 2017 - 6:40am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3788-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat8
CVE ID : not yet available
Debian Bug :...
Categories:

[SECURITY] [DSA 3787-1] tomcat7 security update

February 14, 2017 - 6:31am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3787-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tomcat7
CVE ID : not yet available
Debian Bug :...
Categories:

[SECURITY] [DSA 3786-1] vim security update

February 14, 2017 - 6:22am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-3786-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 13, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : vim
CVE ID : CVE-2017-5953
Debian Bug : 854969...
Categories: