Feed aggregator

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

BugTraq Latest Security Advisories - June 21, 2016 - 8:01am

Posted by ERPScan inc on Jun 21

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS Java WD_CHAT – Information disclosure vulnerability...
Categories:

Bugtraq: APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7
Categories:

Bugtraq: Symphony CMS v2.6.7 Session Fixation

Symphony CMS v2.6.7 Session Fixation
Categories:

[slackware-security] pcre (SSA:2016-172-02)

BugTraq Latest Security Advisories - June 21, 2016 - 1:21am

Posted by Slackware Security Team on Jun 20

[slackware-security] pcre (SSA:2016-172-02)

New pcre packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/pcre-8.39-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs (including a couple of DoS security issues), and
retrofits to PCRE1 some appropriate JIT improvements from PCRE2.
For more information, see:...
Categories:

[slackware-security] libarchive (SSA:2016-172-01)

BugTraq Latest Security Advisories - June 21, 2016 - 1:11am

Posted by Slackware Security Team on Jun 20

[slackware-security] libarchive (SSA:2016-172-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.2.1-i486-1_slack14.1.txz: Upgraded.
This release fixes several critical bugs, including some with security
implications.
(* Security fix *)
+--------------------------+

Where to...
Categories:

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7

BugTraq Latest Security Advisories - June 21, 2016 - 12:59am

Posted by Apple Product Security on Jun 20

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and
7.7.7

AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available
and addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme and AirPort
Time Capsule base stations with 802.11n; AirPort Extreme and
AirPort Time Capsule base stations with 802.11ac
Impact: A remote attacker may be able to cause arbitrary code
execution...
Categories:

next-20160621: linux-next

Linux Kernel Updates - June 21, 2016 - 12:36am
Version:next-20160621 (linux-next) Released:2016-06-21

Bugtraq: [SECURITY] [DSA 3605-1] libxslt security update

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
[SECURITY] [DSA 3605-1] libxslt security update
Categories:

Bugtraq: sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS
Categories:

Bugtraq: CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
Categories:

Symphony CMS v2.6.7 Session Fixation

BugTraq Latest Security Advisories - June 20, 2016 - 4:21am

Posted by hyp3rlinx on Jun 20

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt

[+] ISR: APPARITIONSEC

Vendor:
====================
www.getsymphony.com

Product:
==================
Symphony CMS v2.6.7

Download:
http://www.getsymphony.com/download/

Symphony is a XSLT-powered open source content management system.

Vulnerability Type:
===================...
Categories:

[SECURITY] [DSA 3605-1] libxslt security update

BugTraq Latest Security Advisories - June 20, 2016 - 4:11am

Posted by Salvatore Bonaccorso on Jun 20

-------------------------------------------------------------------------
Debian Security Advisory DSA-3605-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxslt
CVE ID : CVE-2015-7995 CVE-2016-1683...
Categories:

sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS

BugTraq Latest Security Advisories - June 20, 2016 - 3:57am

Posted by hyp3rlinx on Jun 20

[+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt

[+] ISR: APPARITIONSEC

Vendor:
============
snewscms.com

Product:
================
sNews CMS v1.7.1

Vulnerability Type:
===================================
Persistent Remote Command Execution
Cross Site Request Forgeries (CSRF)
Persistent XSS

CVE Reference:
==============
N/A

Vulnerability Details:...
Categories:

3.12.61: longterm

Linux Kernel Updates - June 20, 2016 - 2:50am
Version:3.12.61 (longterm) Released:2016-06-20 Source:linux-3.12.61.tar.xz PGP Signature:linux-3.12.61.tar.sign Patch:patch-3.12.61.xz (Incremental) ChangeLog:ChangeLog-3.12.61

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion

BugTraq Latest Security Advisories - June 17, 2016 - 2:45pm

Posted by Berend-Jan Wever on Jun 17

CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
============================================================================
This information is available in an easier to read format on my blog at
http://blog.skylined.nl/

With [MS16-063] Microsoft has patched [CVE-2016-0199]: a memory
corruption bug
in the garbage collector of the JavaScript engine used in Internet
Explorer 11.
By exploiting this vulnerability, a...
Categories:

[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

BugTraq Latest Security Advisories - June 17, 2016 - 11:57am

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability...
Categories:

[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability

BugTraq Latest Security Advisories - June 17, 2016 - 11:49am

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet –
XXE vulnerability

Advisory...
Categories:

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability

BugTraq Latest Security Advisories - June 17, 2016 - 11:41am

Posted by ERPScan inc on Jun 17

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester –
XSS vulnerability

Advisory...
Categories: