Feed aggregator

[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

BugTraq Latest Security Advisories - May 25, 2016 - 12:56am

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05149290

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05149290
Version: 1

HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-05-24
Last Updated:...
Categories:

next-20160525: linux-next

Linux Kernel Updates - May 24, 2016 - 10:41pm
Version:next-20160525 (linux-next) Released:2016-05-25

MSA-2016-01: PowerFolder Remote Code Execution Vulnerability

BugTraq Latest Security Advisories - May 24, 2016 - 5:07am

Posted by Advisories Advisories on May 24

Mogwai Security Advisory MSA-2016-01
----------------------------------------------------------------------
Title: PowerFolder Remote Code Execution Vulnerability
Product: PowerFolder Server
Affected versions: 10.4.321 (Linux/Windows) (Other version might be also
affected)
Impact: high
Remote: yes
Product link: https://www.powerfolder.com
Reported: 02/03/2016
by:...
Categories:

Bugtraq: [SECURITY] [DSA 3585-1] wireshark security update

[SECURITY] [DSA 3585-1] wireshark security update
Categories:

AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection

BugTraq Latest Security Advisories - May 24, 2016 - 12:57am

Posted by mehmet . ince on May 23

1. ADVISORY INFORMATION
========================================
Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection
Application: AfterLogic WebMail Pro ASP.NET
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Versions Affected: AfterLogic WebMail Pro ASP.NET < 6.2.7
Vendor URL: http://www.afterlogic.com/webmail-client-asp-net
Bugs: XXE Injection
Date of found: 28.03.2016
Reported:...
Categories:

[SECURITY] [DSA 3586-1] atheme-services security update

BugTraq Latest Security Advisories - May 24, 2016 - 12:42am

Posted by Moritz Muehlenhoff on May 23

-------------------------------------------------------------------------
Debian Security Advisory DSA-3586-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : atheme-services
CVE ID : CVE-2016-4478

It was...
Categories:

Bugtraq: [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries

[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries
Categories:

Bugtraq: [slackware-security] curl (SSA:2016-141-01)

[slackware-security] curl (SSA:2016-141-01)
Categories:

next-20160524: linux-next

Linux Kernel Updates - May 23, 2016 - 9:41pm
Version:next-20160524 (linux-next) Released:2016-05-24

[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections

BugTraq Latest Security Advisories - May 23, 2016 - 2:32pm

Posted by Julien Ahrens on May 23

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: XenAPI for XenForo
Vendor URL: github.com/Contex/XenAPI
Type: SQL Injection [CWE-89]
Date found: 2016-05-20
Date published: 2016-05-23
CVSSv3 Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: -

2. CREDITS
==========
This vulnerability was discovered and researched by Julien Ahrens from
RCE...
Categories: