Feed aggregator

Bugtraq: CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Security Focus Latest Security Advisories - April 29, 2016 - 12:00am
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
Categories:

Bugtraq: Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON â?? DoS vulnerability

Security Focus Latest Security Advisories - April 29, 2016 - 12:00am
Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON â?? DoS vulnerability
Categories:

Bugtraq: CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Security Focus Latest Security Advisories - April 28, 2016 - 8:00am
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
Categories:

CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*

BugTraq Latest Security Advisories - April 28, 2016 - 7:35am

Posted by Hans Jerry Illikainen on Apr 28

Details
=======

An integer wrap may occur in PHP 7.x before version 7.0.6 when reading
zip files with the getFromIndex() and getFromName() methods of
ZipArchive, resulting in a heap overflow.

php-7.0.5/ext/zip/php_zip.c
,----
| 2679 static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
| 2680 {
| ....
| 2684 struct zip_stat sb;
| ....
| 2689 zend_long len = 0;
| ....
| 2692 zend_string *buffer;
| ....
| 2702...
Categories:

next-20160428: linux-next

Linux Kernel Updates - April 28, 2016 - 1:08am
Version:next-20160428 (linux-next) Released:2016-04-28

[SECURITY] [DSA 3560-1] php5 security update

BugTraq Latest Security Advisories - April 28, 2016 - 12:54am

Posted by Salvatore Bonaccorso on Apr 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3560-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php5
CVE ID : CVE-2015-8865 CVE-2016-4070...
Categories:

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:47am

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...
Categories:

Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

BugTraq Latest Security Advisories - April 28, 2016 - 12:40am

Posted by Mahmut Firuz Dumlupinar - Vendor on Apr 27


Categories:

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:31am

Posted by Tony Homer on Apr 27

CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
Apache Cordova iOS contains 2 methods to bypass the URL access
restrictions provided by the whitelist. An attacker can use any of the
2 methods to load malicious resources in an app that uses a whitelist
to only load trusted resources.

Upgrade path:
Developers...
Categories:

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

BugTraq Latest Security Advisories - April 28, 2016 - 12:23am

Posted by Tony Homer on Apr 27

CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS

Severity:
High

Vendor:
The Apache Software Foundation

Versions Affected:
cordova-ios 3.9.1 and below

Description:
An arbitrary plugin can be executed when a user clicks on a link.

Upgrade path:
Developers who are concerned about this issue should install version
4.0.0 or higher of the cordova-ios platform.

Credit:
This issue was discovered by Muneaki Nishimura...
Categories:

Bugtraq: [SECURITY] [DSA 3559-1] iceweasel security update

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
[SECURITY] [DSA 3559-1] iceweasel security update
Categories:

Bugtraq: EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
Categories:

Bugtraq: Oracle Discoverer Viewer BI - Open Redirect Vulnerability

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
Oracle Discoverer Viewer BI - Open Redirect Vulnerability
Categories:

Bugtraq: [slackware-security] mozilla-firefox (SSA:2016-117-01)

Security Focus Latest Security Advisories - April 28, 2016 - 12:00am
[slackware-security] mozilla-firefox (SSA:2016-117-01)
Categories:

Bugtraq: [SECURITY] [DSA 3558-1] openjdk-7 security update

Security Focus Latest Security Advisories - April 27, 2016 - 2:00pm
[SECURITY] [DSA 3558-1] openjdk-7 security update
Categories:

[SECURITY] [DSA 3559-1] iceweasel security update

BugTraq Latest Security Advisories - April 27, 2016 - 1:32pm

Posted by Moritz Muehlenhoff on Apr 27

-------------------------------------------------------------------------
Debian Security Advisory DSA-3559-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 27, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2016-2805 CVE-2016-2807...
Categories:

EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection

BugTraq Latest Security Advisories - April 27, 2016 - 10:30am

Posted by Securify B.V. on Apr 27

------------------------------------------------------------------------
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that EMC M&R (Watch4net) does not...
Categories:

Bugtraq: [SECURITY] [DSA 3557-1] mysql-5.5 security update

Security Focus Latest Security Advisories - April 27, 2016 - 9:00am
[SECURITY] [DSA 3557-1] mysql-5.5 security update
Categories:

Oracle Discoverer Viewer BI - Open Redirect Vulnerability

BugTraq Latest Security Advisories - April 27, 2016 - 7:55am

Posted by Vulnerability Lab on Apr 27

Document Title:
===============
Oracle Discoverer Viewer BI - Open Redirect Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1667

Oracle ID: S0666670

Release Date:
=============
2016-04-26

Vulnerability Laboratory ID (VL-ID):
====================================
1667

Common Vulnerability Scoring System:
====================================
2.8

Product & Service Introduction:...
Categories:

Bugtraq: Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

Security Focus Latest Security Advisories - April 27, 2016 - 7:00am
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability
Categories: