BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 23 min 55 sec ago

Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege

February 1, 2016 - 2:23am

Posted by Stefan Kanthak on Jan 31

Hi @ll,

the executable installer winima90.exe and previous versions
available from <http://www.winimage.com> loads and executes
CRTdll.dll, UXTheme.dll, RichEd32.dll and WindowsCodecs.dll
from its "application directory".

Self-extracting executables created with WinImage load and
execute CRTdll.dll, UXTheme.dll and MPR.dll from their
"application directory".

For software downloaded with a web browser the application...
Categories:

WP-Comment-Rating XSS Vulnerability

February 1, 2016 - 2:07am

Posted by Rahul Pratap Singh on Jan 31

## FULL DISCLOSURE

#Product : wp-comment-rating
#Exploit Author : Rahul Pratap Singh
#Version : 1.5.0
#Home page Link :
http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 30/Jan/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"tab" parameter is not...
Categories:

OpenXchange | Information Disclosure

February 1, 2016 - 1:54am

Posted by t . schughart on Jan 31

Hi@all,

there is an information disclosure in OpenXchange (prior 7.8).
An authenticated user can enumerate all imap user folders. If you browse
the PoC you get an permission denied error, but the folder’s name is
reflected into the page in json format.

About Open Xchange:
Open-Xchange[2] develops, markets and sells web-based communication,
collaboration and office productivity software, which enables full
integration of email, documents,...
Categories:

VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability

February 1, 2016 - 1:44am

Posted by t . schughart on Jan 31

Hi@all,

VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.

If the expiration header is not set, the signature never expires. This
means, that the e-mail, perhaps catched while performing a man in the
middle attack, can be replayed years after catching it.

This can be combined with the spoofed reply-to header field, because the
header field is not...
Categories:

[SECURITY] [DSA 3460-1] privoxy security update

February 1, 2016 - 1:32am

Posted by Sebastien Delafond on Jan 31

-------------------------------------------------------------------------
Debian Security Advisory DSA-3460-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 30, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : privoxy
CVE ID : CVE-2016-1982 CVE-2016-1983

It...
Categories:

CVE-2015-5344 - Apache Camel medium disclosure vulnerability

February 1, 2016 - 1:19am

Posted by Claus Ibsen on Jan 31

Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks

Apache Camel's camel-xstream component is vulnerable to Java object
de-serialisation vulnerability.
Such as de-serializing untrusted data can lead to security flaws as
demonstrated in various similar reports about Java de-serialization
issues.

Please study this security vulnerability carefully!
CVE-2015-5344 - [1]

You can download the fixed Apache Camel...
Categories:

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl

January 30, 2016 - 3:40am

Posted by FreeBSD Security Advisories on Jan 30

=============================================================================
FreeBSD-SA-16:11.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL SSLv2 ciphersuite downgrade vulnerability

Category: contrib
Module: openssl
Announced: 2016-01-30
Affects: All supported versions of FreeBSD.
Corrected:...
Categories:

[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access

January 29, 2016 - 9:02pm

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 3

HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS),
Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network

January 29, 2016 - 2:02pm

Posted by kingkaustubh on Jan 29

Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

About the Product:
==================

Network Configuration Manager is a web–based, multi vendor network change, configuration and compliance management
(NCCCM)...
Categories:

[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification

January 29, 2016 - 1:38pm

Posted by security-alert on Jan 29

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953655
Version: 1

HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote
Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-29
Last Updated: 2016-01-29

Potential Security Impact: Remote Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response...
Categories:

ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation

January 29, 2016 - 12:09pm

Posted by graphx on Jan 29

# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10

1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagementForm.do. An
unprivileged user would be allowed to make changes to any account by
changing the USER_ID field to a number corresponding to another...
Categories:

[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)

January 29, 2016 - 12:00pm

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04952488

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952488
Version: 1

HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC
Services for OpenVMS, Remote Disclosure of Information, Execution of Code,
Denial of Service (DoS)

NOTICE: The information in this...
Categories:

[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)

January 29, 2016 - 11:49am

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04952480

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952480
Version: 1

HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-28
Last...
Categories:

[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification

January 29, 2016 - 11:40am

Posted by security-alert on Jan 29

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04949778
Version: 1

HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-27
Last Updated: 2016-01-27

Potential Security Impact: Remote Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY...
Categories:

[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution

January 29, 2016 - 10:52am

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04953244

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953244
Version: 1

HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java
Deserialization, Remote Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

January 29, 2016 - 9:41am

Posted by Vulnerability Lab on Jan 29

Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
====================================
1692

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

ProjectSend multiple vulnerabilities

January 29, 2016 - 7:55am

Posted by Filippo Cavallarin on Jan 29

Advisory ID: SGMA-16001
Title: ProjectSend multiple vulnerabilities
Product: ProjectSend (previously cFTP)
Version: r582 and probably prior
Vendor: www.projectsend.org
Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE: N/A
Vendor notification: 2015-11-05
Vendor fix: N/A
Public disclosure: 2016-01-29

ProjectSend...
Categories: