Feed aggregator

4.1.17: longterm

Linux Kernel Updates - January 31, 2016 - 2:23pm
Version:4.1.17 (longterm) Released:2016-01-31 Source:linux-4.1.17.tar.xz PGP Signature:linux-4.1.17.tar.sign Patch:patch-4.1.17.xz (Incremental) ChangeLog:ChangeLog-4.1.17

FreeBSD Security Advisory FreeBSD-SA-16:11.openssl

BugTraq Latest Security Advisories - January 30, 2016 - 3:40am

Posted by FreeBSD Security Advisories on Jan 30

=============================================================================
FreeBSD-SA-16:11.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL SSLv2 ciphersuite downgrade vulnerability

Category: contrib
Module: openssl
Announced: 2016-01-30
Affects: All supported versions of FreeBSD.
Corrected:...
Categories:

[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access

BugTraq Latest Security Advisories - January 29, 2016 - 9:02pm

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04779492

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04779492
Version: 3

HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS),
Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...
Categories:

Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network

BugTraq Latest Security Advisories - January 29, 2016 - 2:02pm

Posted by kingkaustubh on Jan 29

Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration Management
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: ManageEngine Network Configuration Manager
Tested Version: : Network Configuration Manager Build 11000
Severity: HIGH

About the Product:
==================

Network Configuration Manager is a web–based, multi vendor network change, configuration and compliance management
(NCCCM)...
Categories:

[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification

BugTraq Latest Security Advisories - January 29, 2016 - 1:38pm

Posted by security-alert on Jan 29

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953655
Version: 1

HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote
Unauthorized Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-29
Last Updated: 2016-01-29

Potential Security Impact: Remote Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response...
Categories:

ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation

BugTraq Latest Security Advisories - January 29, 2016 - 12:09pm

Posted by graphx on Jan 29

# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10

1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagementForm.do. An
unprivileged user would be allowed to make changes to any account by
changing the USER_ID field to a number corresponding to another...
Categories:

[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)

BugTraq Latest Security Advisories - January 29, 2016 - 12:00pm

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04952488

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952488
Version: 1

HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC
Services for OpenVMS, Remote Disclosure of Information, Execution of Code,
Denial of Service (DoS)

NOTICE: The information in this...
Categories:

[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)

BugTraq Latest Security Advisories - January 29, 2016 - 11:49am

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04952480

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04952480
Version: 1

HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-28
Last...
Categories:

[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification

BugTraq Latest Security Advisories - January 29, 2016 - 11:40am

Posted by security-alert on Jan 29

UPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04949778
Version: 1

HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized
Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-01-27
Last Updated: 2016-01-27

Potential Security Impact: Remote Unauthorized Modification

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY...
Categories:

[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution

BugTraq Latest Security Advisories - January 29, 2016 - 10:52am

Posted by security-alert on Jan 29

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c04953244

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04953244
Version: 1

HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java
Deserialization, Remote Arbitrary Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....
Categories:

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

BugTraq Latest Security Advisories - January 29, 2016 - 9:41am

Posted by Vulnerability Lab on Jan 29

Document Title:
===============
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1692

Release Date:
=============
2016-01-29

Vulnerability Laboratory ID (VL-ID):
====================================
1692

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...
Categories:

ProjectSend multiple vulnerabilities

BugTraq Latest Security Advisories - January 29, 2016 - 7:55am

Posted by Filippo Cavallarin on Jan 29

Advisory ID: SGMA-16001
Title: ProjectSend multiple vulnerabilities
Product: ProjectSend (previously cFTP)
Version: r582 and probably prior
Vendor: www.projectsend.org
Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object Reference
Risk level: 4 / 5
Credit: filippo.cavallarin () wearesegment com
CVE: N/A
Vendor notification: 2015-11-05
Vendor fix: N/A
Public disclosure: 2016-01-29

ProjectSend...
Categories: