Feed aggregator

Bugtraq: VP2016-001: Remote Command Execution in File Replication Pro

Security Focus Latest Security Advisories - February 10, 2016 - 7:00am
VP2016-001: Remote Command Execution in File Replication Pro
Categories:

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

BugTraq Latest Security Advisories - February 10, 2016 - 6:57am

Posted by Vulnerability Lab on Feb 10

Document Title:
===============
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1706

Release Date:
=============
2016-02-10

Vulnerability Laboratory ID (VL-ID):
====================================
1706

Common Vulnerability Scoring System:
====================================
3.6

Product & Service Introduction:...
Categories:

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

BugTraq Latest Security Advisories - February 10, 2016 - 6:49am

Posted by Vulnerability Lab on Feb 10

Document Title:
===============
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1715

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
====================================
1715

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...
Categories:

Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability

BugTraq Latest Security Advisories - February 10, 2016 - 6:41am

Posted by Vulnerability Lab on Feb 10

Document Title:
===============
Getdpd Bug Bounty #6 - (Import) Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1718

Release Date:
=============
2016-02-09

Vulnerability Laboratory ID (VL-ID):
====================================
1718

Common Vulnerability Scoring System:
====================================
4.4

Product & Service Introduction:...
Categories:

VP2016-001: Remote Command Execution in File Replication Pro

BugTraq Latest Security Advisories - February 10, 2016 - 6:32am

Posted by Vantage Point Security on Feb 10

Vantage Point Security Advisory 2016-001
================================

Title: File Replication Pro Remote Command Execution
Vendor: File Replication Pro
Vendor URL: http://www.filereplicationpro.com/
Versions affected: =< 7.2.0
Severity: High
Vendor notified: Yes
Reported: 29 October 2015
Public release: 10 February 2016
Author: Jerold Hoong and the VP team <jerold[at]vantagepoint[dot]sg>
Permalink:

Summary:
--------
File...
Categories:

Bugtraq: ManageEngine Eventlog Analyzer Privilege Escalation v10.8

Security Focus Latest Security Advisories - February 10, 2016 - 5:00am
ManageEngine Eventlog Analyzer Privilege Escalation v10.8
Categories:

Bugtraq: dotDefender Firewall CSRF

Security Focus Latest Security Advisories - February 10, 2016 - 5:00am
dotDefender Firewall CSRF
Categories:

Bugtraq: Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)

Security Focus Latest Security Advisories - February 10, 2016 - 5:00am
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)
Categories:

Bugtraq: ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities

Security Focus Latest Security Advisories - February 10, 2016 - 5:00am
ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities
Categories:

SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities

BugTraq Latest Security Advisories - February 10, 2016 - 4:52am

Posted by SEC Consult Vulnerability Lab on Feb 10

SEC Consult Vulnerability Lab Security Advisory < 20160210-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Yeager CMS
vulnerable version: 1.2.1
fixed version: 1.3
CVE number: CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570
,
CVE-2015-7571, CVE-2015-7572
impact: Critical...
Categories:

ManageEngine Eventlog Analyzer Privilege Escalation v10.8

BugTraq Latest Security Advisories - February 10, 2016 - 2:17am

Posted by graphx on Feb 09

# ManageEngine EventLog Analyzer v10.8
# Date: 2/9/2016
# Exploit Author: @GraphX
# Vendor Homepage: http://www.manageengine.com
# Version: 10.8

1 Description:
It is possible for a remote authenticated attacker using an unprivileged
account to gain access to the admin account via parameter manipulation
using the account settings tab and the browser developers console. By
changing the userName field to be the name of the admin user, an attacker...
Categories:

dotDefender Firewall CSRF

BugTraq Latest Security Advisories - February 10, 2016 - 2:09am

Posted by hyp3rlinx on Feb 09

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:
http://hyp3rlinx.altervista.org/advisories/DOT-DEFENDER-CSRF.txt

Vendor:
==================
www.applicure.com

Product:
=====================
dotDefender Firewall
Versions: 5.00.12865 / 5.13-13282

dotDefender is a Web application firewall (WAF) for preventing hacking
attacks like XSS, SQL Injections, CSRF etc...
that provides Apache and IIS Server Security across...
Categories:

Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)

BugTraq Latest Security Advisories - February 10, 2016 - 2:02am

Posted by Amit Klein on Feb 09

Dear list

Safebreach just published an advisory on HTTP Response Splitting
vulnerability in Node.js:
http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf

The advisory is accompanied by a blog post:
http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis/

Node.js has fixed versions ready to download, see:
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/

Thanks,
-Amit
Categories:

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities

BugTraq Latest Security Advisories - February 10, 2016 - 1:53am

Posted by Security Alert on Feb 09

ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities

EMC Identifier: ESA-2016-010

CVE Identifier: CVE-2016-0881, CVE-2016-0882

Severity Rating: CVSS v3 Base Score: Please refer the Details section for individual scores

Affected products:
• EMC Documentum xCP 2.1
• EMC Documentum xCP 2.2

Summary:
EMC Documentum xCP contains fixes for multiple security vulnerabilities that could potentially be...
Categories:

next-20160210: linux-next

Linux Kernel Updates - February 10, 2016 - 1:04am
Version:next-20160210 (linux-next) Released:2016-02-10

Bugtraq: Privilege escalation Vulnerability in ManageEngine Network Configuration Management

Security Focus Latest Security Advisories - February 10, 2016 - 1:00am
Privilege escalation Vulnerability in ManageEngine Network Configuration Management
Categories:

Bugtraq: [slackware-security] libsndfile (SSA:2016-039-02)

Security Focus Latest Security Advisories - February 10, 2016 - 1:00am
[slackware-security] libsndfile (SSA:2016-039-02)
Categories:

Bugtraq: [slackware-security] curl (SSA:2016-039-01)

Security Focus Latest Security Advisories - February 10, 2016 - 1:00am
[slackware-security] curl (SSA:2016-039-01)
Categories:

Bugtraq: [SECURITY] [DSA 3472-1] wordpress security update

Security Focus Latest Security Advisories - February 10, 2016 - 1:00am
[SECURITY] [DSA 3472-1] wordpress security update
Categories:

Vuln: Linux Kernel CVE-2015-5157 Local Privilege Escalation Vulnerability

Security Focus Latest Security Advisories - February 10, 2016 - 12:00am
Linux Kernel CVE-2015-5157 Local Privilege Escalation Vulnerability
Categories: