BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 20 min 26 sec ago

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

February 3, 2016 - 8:52am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1704

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
====================================
1704

Common Vulnerability Scoring System:
====================================
7.3

Product & Service Introduction:...
Categories:

SimpleView CRM - Client Side Open Redirect Vulnerability

February 3, 2016 - 8:38am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
SimpleView CRM - Client Side Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1668

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
====================================
1668

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...
Categories:

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

February 3, 2016 - 8:20am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1464

ID: #14770

Release Date:
=============
2016-02-02

Vulnerability Laboratory ID (VL-ID):
====================================
1564

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...
Categories:

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

February 3, 2016 - 8:08am

Posted by Vulnerability Lab on Feb 03

Document Title:
===============
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1705

Release Date:
=============
2016-02-03

Vulnerability Laboratory ID (VL-ID):
====================================
1705

Common Vulnerability Scoring System:
====================================
5.8

Product & Service Introduction:...
Categories:

Mezzanine CMS 4.1.0 XSS

February 3, 2016 - 4:10am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
===================
XSS

CVE Reference:
==============
N/A

Vulnerability Details:
=====================

XSS entry...
Categories:

Mezzanine CMS 4.1.0 Arbitrary File Upload

February 3, 2016 - 3:54am

Posted by hyp3rlinx on Feb 03

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-UPLOAD.txt

Vendor:
===================
mezzanine.jupo.org

Product:
================
Mezzanine 4.1.0

Mezzanine is an open source CMS built using the python based Django framework.

Vulnerability Type:
=====================
Arbitrary File Upload

CVE Reference:
==============
N/A

Vulnerability...
Categories:

ASUS RT-N56U Persistent XSS

February 3, 2016 - 3:39am

Posted by graphx on Feb 03

# Exploit Title: ASUS RT-N56U Persistent XSS
# Date: 2/2/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://asus.com/
# Version: 3.0.0.4.374_239

1 Description:
It is possible for an authenticated attacker to bypass input sanitation in
the username input field of the Server Center page. An interception proxy
is not required with the use of the developer console and changing the
field value of the username after the third verification task...
Categories:

TimeClock - Multiple SQL Injections

February 3, 2016 - 3:24am

Posted by marcelabx on Feb 03

#############################
Exploit Title : Multiple SQL injections
Author:Marcela Benetrix
Date: 02/03/2016
version: 0.995 (older version may be vulnerable too)
software link:http://timeclock-software.net

#############################
Timeclock software

Timeclock-software.net's free software product will be a simple solution to allow your employees to record their time
in one central location for easy access....
Categories:

[SECURITY] [DSA 3465-1] openjdk-6 security update

February 3, 2016 - 3:14am

Posted by Moritz Muehlenhoff on Feb 03

-------------------------------------------------------------------------
Debian Security Advisory DSA-3465-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 02, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-6
CVE ID : CVE-2015-7575 CVE-2016-0402...
Categories:

MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS

February 2, 2016 - 1:43pm

Posted by Onur Yilmaz on Feb 02

Information
--------------------
Advisory by Netsparker
Name: XSS Vulnerability in MailPoet Newsletters
Affected Software : MailPoet Newsletters
Affected Versions: v2.6.19 and possibly below
Vendor Homepage : http://www.mailpoet.com/
Vulnerability Type : Cross-site Scripting
Severity : Important
CVE-ID : TBA
Status : Fixed
Netsparker Advisory Reference : NS-16-001

Description
--------------------
By exploiting a Cross-site scripting...
Categories:

Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

February 2, 2016 - 1:29pm

Posted by Phil Pearl on Feb 02

Following up inline...

Note: A quick search would show that Zimbra is, two parents, and more
than two years removed from VMware[1]. We're a part of Synacor[2] now.
[1] https://www.vmware.com/products/zimbra
[2] http://investor.synacor.com/releasedetail.cfm?ReleaseID=928079

It is also relevant to point out that Zimbra uses OpenDKIM with
Amavisd-new.

The issue(s) may be a bit more generic than this report seems to
indicate, or...
Categories:

A tale of openssl_seal(), PHP and Apache2handle

February 2, 2016 - 8:29am

Posted by s3810 on Feb 02

Hey folks,

The openssl_seal() [4] is prone to use uninitialized memory that can be
turned into a code execution. This document describes technical details of
our journey to hijack apache2 requests.

What the heck is openssl_seal()?

[...]
int openssl_seal ( string $data , string &$sealed_data , array &$env_keys , array $pub_key_ids [,
string $method = "RC4" ] )

openssl_seal() seals (encrypts) data by using the given...
Categories:

WebKitGTK+ Security Advisory WSA-2016-0001

February 2, 2016 - 12:33am

Posted by Carlos Alberto Lopez Perez on Feb 01

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2016-0001
------------------------------------------------------------------------

Date reported : February 01, 2016
Advisory ID : WSA-2016-0001
Advisory URL : http://webkitgtk.org/security/WSA-2016-0001.html
CVE identifiers : CVE-2015-7096, CVE-2015-7098.

Several vulnerabilities were...
Categories:

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

February 1, 2016 - 7:35am

Posted by Vulnerability Lab on Feb 01

Document Title:
===============
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1695

Release Date:
=============
2016-02-01

Vulnerability Laboratory ID (VL-ID):
====================================
1695

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...
Categories:

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

February 1, 2016 - 6:07am

Posted by Vulnerability Lab on Feb 01

Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
====================================
1692

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

[SECURITY] [DSA 3461-1] freetype security update

February 1, 2016 - 3:59am

Posted by Sebastien Delafond on Feb 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3461-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : freetype
CVE ID : CVE-2014-9674
Debian Bug :...
Categories:

[SECURITY] [DSA 3462-1] radicale security update

February 1, 2016 - 3:51am

Posted by Yves-Alexis Perez on Feb 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3462-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
January 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : radicale
CVE ID : CVE-2015-8747 CVE-2015-8748...
Categories:

[SECURITY] [DSA 3463-1] prosody security update

February 1, 2016 - 3:39am

Posted by Moritz Muehlenhoff on Feb 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3463-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : prosody
CVE ID : CVE-2016-0756

It was discovered...
Categories:

[SECURITY] [DSA 3464-1] rails security update

February 1, 2016 - 3:21am

Posted by Moritz Muehlenhoff on Feb 01

-------------------------------------------------------------------------
Debian Security Advisory DSA-3464-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 31, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rails
CVE ID : CVE-2015-3226 CVE-2015-3227...
Categories:

eClinicalWorks (CCMR) - Multiple Vulnerabilities

February 1, 2016 - 2:33am

Posted by jerold on Jan 31

# Title: eClinicalWorks (CCMR) - Multiple Vulnerabilities
# Vendor: https://www.eclinicalworks.com
# Product: eClinicalWorks Population Health (CCMR) Client Portal Software
# URL: https://www.eclinicalworks.com/products-services/population-health-ccmr/
# Credit: Jerold Hoong

-------------------------------------

# CVE-2015-4591 CROSS-SITE SCRIPTING
Cross-site scripting (XSS) vulnerability in login.jsp in eClinicalWorks Population
Health (CCMR)...
Categories: