Feed aggregator

SQL Injection in Count Per Day WordPress Plugin

BugTraq Latest Security Advisories - July 22, 2015 - 8:44am

Posted by High-Tech Bridge Security Research on Jul 22

Advisory ID: HTB23267
Product: Count Per Day WordPress plugin
Vendor: Tom Braider
Vulnerable Version(s): 3.4 and probably prior
Tested Version: 3.4
Advisory Publication: July 1, 2015 [without technical details]
Vendor Notification: July 1, 2015
Vendor Patch: July 1, 2015
Public Disclosure: July 22, 2015
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2015-5533
Risk Level: Medium
CVSSv2 Base Score: 6...
Categories:

Bugtraq: NetCracker Resource Management 8.0 - XSS Vulnerability

NetCracker Resource Management 8.0 - XSS Vulnerability
Categories:

Bugtraq: Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities

Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities
Categories:

[SECURITY] [DSA 3312-1] cacti security update

BugTraq Latest Security Advisories - July 22, 2015 - 7:00am

Posted by Alessandro Ghedini on Jul 22

-------------------------------------------------------------------------
Debian Security Advisory DSA-3312-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
July 22, 2015 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cacti
CVE ID : CVE-2015-4634

Multiple SQL...
Categories:

Bugtraq: WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals

WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals
Categories:

Bugtraq: CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVE-2015-5379: Axigen XSS vulnerability for html attachments
Categories:

Bugtraq: [security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities

[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
Categories:

Bugtraq: [security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information

[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information
Categories:

NetCracker Resource Management 8.0 - SQL Injection Vulnerability

BugTraq Latest Security Advisories - July 22, 2015 - 6:51am

Posted by jychia . sec on Jul 22

# Vulnerability type: SQL Injection
# Vendor: http://www.netcracker.com/
# Product: NetCracker Resource Management System
# Affected version: =< 8.0
# Patched version: 8.2
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-3423

# PROOF OF CONCEPT (SQLi)

SQL Injection (SQLi) vulnerability in multiple pages in NetCracker
Resource Management System and earlier allows authenticated users to
inject SQL statements via multiple...
Categories:

NetCracker Resource Management 8.0 - XSS Vulnerability

BugTraq Latest Security Advisories - July 22, 2015 - 6:43am

Posted by jychia . sec on Jul 22

# Vulnerability type: Cross-site Scripting
# Vendor: http://www.netcracker.com/
# Product: NetCracker Resource Management System
# Affected version: =< 8.0
# Patched version: 8.2
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-2207

# PROOF OF CONCEPT (XSS)

Cross-site scripting (XSS) vulnerability in multiple pages in NetCracker
Resource Management System and earlier allows authenticated users to
inject arbitrary...
Categories:

Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities

BugTraq Latest Security Advisories - July 22, 2015 - 6:36am

Posted by apparitionsec on Jul 22

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt

Vendor:
================================
www.openwebanalytics.com

Product:
================================
Open-Web-Analytics-1.5.7

Advisory Information:
=======================================================
Cryptographic, Password Disclosure & XSS Vulnerabilities

Vulnerability...
Categories:

FreeBSD Security Advisory FreeBSD-SA-15:13.tcp

BugTraq Latest Security Advisories - July 22, 2015 - 6:28am

Posted by FreeBSD Security Advisories on Jul 22

=============================================================================
FreeBSD-SA-15:13.tcp Security Advisory
The FreeBSD Project

Topic: Resource exhaustion due to sessions stuck in LAST_ACK state

Category: core
Module: inet
Announced: 2015-07-21
Credits: Lawrence Stewart (Netflix, Inc.),...
Categories:

Logstash vulnerability CVE-2015-5378

BugTraq Latest Security Advisories - July 22, 2015 - 6:20am

Posted by Kevin Kluge on Jul 22

Summary:

Logstash 1.5.2 and prior versions are vulnerable to a SSL/TLS security issue called the FREAK attack. If you are using
the Lumberjack input, FREAK allows an attacker to successfully implement a man in the middle attack, intercepting
communication between the Logstash Forwarder agent and Logstash server.

Note: Only deployments using the Logstash Forwarder or the Lumberjack input are affected by this vulnerability.

Fixed versions:...
Categories:

next-20150722: linux-next

Linux Kernel Updates - July 22, 2015 - 12:22am
Version:next-20150722 (linux-next) Released:2015-07-22

Vuln: OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
OpenSSL 'pk7_doit.c' NULL Pointer Dereference Denial of Service Vulnerability
Categories:

Vuln: OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability
Categories:

Vuln: X.Org libXfont 'bitmap/bdfread.c' Local Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
X.Org libXfont 'bitmap/bdfread.c' Local Denial of Service Vulnerability
Categories:

Vuln: nbd CVE-2013-7441 Denial of Service Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
nbd CVE-2013-7441 Denial of Service Vulnerability
Categories:

Vuln: cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
cURL/libcURL NTLM connection CVE-2015-3143 Remote Security Bypass Vulnerability
Categories:

Vuln: cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability

Security Focus Latest Security Advisories - July 21, 2015 - 11:00pm
cURL/libcURL 'curl_easy_duphandle()' Function Heap Memory Corruption Vulnerability
Categories: