Feed aggregator

Multiple vulnerabilities in Open Real Estate v 1.15.1

BugTraq Latest Security Advisories - February 8, 2016 - 1:34am

Posted by Simon Waters (Surevine) on Feb 07

Introduction: Open Real Estate is an open source CMS for managing estate agent websites.

It is written in PHP and uses the YII CMF. It supports multiple languages.

It is supported by MonoRay.net

The product has a number of commercial support offerings available and an internal market for extensions.

http://open-real-estate.info/

The core application was examined using Burp Suite Pro, SQLmap, and manual inspection (no extensions were...
Categories:

[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

BugTraq Latest Security Advisories - February 8, 2016 - 1:26am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04872416

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04872416
Version: 3

HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-11-03
Last Updated:...
Categories:

[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

BugTraq Latest Security Advisories - February 8, 2016 - 1:17am

Posted by Stefan Kanthak on Feb 07

Hi @ll,

the installers or Oracle's Java 6/7/8 for Windows and VirtualBox for
Windows load and execute several DLLs from their "application directory".

* The online installer jxpiinstall.exe:
UXTheme.dll and RASAdHlp.dll plus
(on Windows XP) SetupAPI.dll, HNetCfg.dll and XPSP2Res.dll
(on Windows Vista and above) ProfAPI.dll, Secur32.dll, NTMarta.dll
and Version.dll

* The offline installer jre-8u66-windows-i586.exe:...
Categories:

[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution

BugTraq Latest Security Advisories - February 8, 2016 - 1:08am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04958567

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04958567
Version: 1

HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java
Deserialization, Remote Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Bugtraq: [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
Categories:

Bugtraq: [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution
Categories:

Bugtraq: [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
Categories:

Bugtraq: CVE-2015-3252: Apache CloudStack VNC authentication issue

Security Focus Latest Security Advisories - February 8, 2016 - 1:00am
CVE-2015-3252: Apache CloudStack VNC authentication issue
Categories:

[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities

BugTraq Latest Security Advisories - February 8, 2016 - 12:59am

Posted by security-alert on Feb 07

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04920918

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04920918
Version: 2

HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security
Restrictions, Indirect Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories:

next-20160208: linux-next

Linux Kernel Updates - February 8, 2016 - 12:14am
Version:next-20160208 (linux-next) Released:2016-02-08

Bugtraq: CVE-2015-3251: Apache CloudStack VM Credential Exposure

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
CVE-2015-3251: Apache CloudStack VM Credential Exposure
Categories:

Bugtraq: [SECURITY] [DSA 3466-1] krb5 security update

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
[SECURITY] [DSA 3466-1] krb5 security update
Categories:

Bugtraq: WordPress User Meta Manager Plugin [Blind SQLI]

Security Focus Latest Security Advisories - February 7, 2016 - 11:00pm
WordPress User Meta Manager Plugin [Blind SQLI]
Categories:

4.5-rc3: mainline

Linux Kernel Updates - February 7, 2016 - 6:38pm
Version:4.5-rc3 (mainline) Released:2016-02-07 Source:linux-4.5-rc3.tar.xz PGP Signature:linux-4.5-rc3.tar.sign Patch:patch-4.5-rc3.xz