Feed aggregator

Open-Xchange Security Advisory 2016-06-22

BugTraq Latest Security Advisories - June 22, 2016 - 6:19am

Posted by Martin Heiland on Jun 22

Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 45328 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.8.1 and earlier
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.2-rev43, 7.6.3-rev11, 7.8.0-rev23, 7.8.1-rev10
Vendor notification: 2016-04-14
Solution date: 2016-05-10
Public disclosure: 2016-06-22
CVE reference: CVE-2016-4027...
Categories:

Bugtraq: [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities

[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities
Categories:

[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability

BugTraq Latest Security Advisories - June 22, 2016 - 4:26am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP Application server for Java 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2259547

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP Application server for Java – DoS vulnerability

Advisory...
Categories:

Magic values in 32-bit processes on 64-bit OS-es and how to exploit them

BugTraq Latest Security Advisories - June 22, 2016 - 4:16am

Posted by Berend-Jan Wever on Jun 22

(You can read all this information in more detail on
http://blog.skylined.nl)

Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not always) been chosen to coincide with addresses that fall
outside of the user-land address space on 32-bit versions of the
Operating System. This can...
Categories:

[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability

BugTraq Latest Security Advisories - June 22, 2016 - 4:05am

Posted by ERPScan inc on Jun 22

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.2 - 7.4

Vendor URL: http://SAP.com

Bugs: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 14.03.2016

Reference: SAP Security Note 2256185

Author: Dmitry Yudin (ERPScan) @ret5et

Description

1. ADVISORY INFORMATION

Title: SAP JAVA AS icman – DoS vulnerability

Advisory ID:...
Categories:

Bugtraq: [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
Categories:

Bugtraq: [slackware-security] pcre (SSA:2016-172-02)

[slackware-security] pcre (SSA:2016-172-02)
Categories:

Bugtraq: [slackware-security] libarchive (SSA:2016-172-01)

[slackware-security] libarchive (SSA:2016-172-01)
Categories:

next-20160622: linux-next

Linux Kernel Updates - June 22, 2016 - 12:38am
Version:next-20160622 (linux-next) Released:2016-06-22

[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities

BugTraq Latest Security Advisories - June 21, 2016 - 8:13am

Posted by ERPScan inc on Jun 21

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 29.09.2015

Reported: 30.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238765

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-015] SAP NetWeaver Java AS – multiple XSS vulnerabilities

Advisory ID:...
Categories:

[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

BugTraq Latest Security Advisories - June 21, 2016 - 8:01am

Posted by ERPScan inc on Jun 21

Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: information disclosure

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2255990

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS Java WD_CHAT – Information disclosure vulnerability...
Categories:

Bugtraq: APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7
Categories:

Bugtraq: Symphony CMS v2.6.7 Session Fixation

Symphony CMS v2.6.7 Session Fixation
Categories:

[slackware-security] pcre (SSA:2016-172-02)

BugTraq Latest Security Advisories - June 21, 2016 - 1:21am

Posted by Slackware Security Team on Jun 20

[slackware-security] pcre (SSA:2016-172-02)

New pcre packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/pcre-8.39-i486-1_slack14.1.txz: Upgraded.
This release fixes bugs (including a couple of DoS security issues), and
retrofits to PCRE1 some appropriate JIT improvements from PCRE2.
For more information, see:...
Categories:

[slackware-security] libarchive (SSA:2016-172-01)

BugTraq Latest Security Advisories - June 21, 2016 - 1:11am

Posted by Slackware Security Team on Jun 20

[slackware-security] libarchive (SSA:2016-172-01)

New libarchive packages are available for Slackware 14.1 and -current to
fix security issues.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/libarchive-3.2.1-i486-1_slack14.1.txz: Upgraded.
This release fixes several critical bugs, including some with security
implications.
(* Security fix *)
+--------------------------+

Where to...
Categories:

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7

BugTraq Latest Security Advisories - June 21, 2016 - 12:59am

Posted by Apple Product Security on Jun 20

APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and
7.7.7

AirPort Base Station Firmware Update 7.6.7 and 7.7.7 is now available
and addresses the following:

AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme and AirPort
Time Capsule base stations with 802.11n; AirPort Extreme and
AirPort Time Capsule base stations with 802.11ac
Impact: A remote attacker may be able to cause arbitrary code
execution...
Categories:

next-20160621: linux-next

Linux Kernel Updates - June 21, 2016 - 12:36am
Version:next-20160621 (linux-next) Released:2016-06-21

Bugtraq: [SECURITY] [DSA 3605-1] libxslt security update

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
[SECURITY] [DSA 3605-1] libxslt security update
Categories:

Bugtraq: sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS
Categories:

Bugtraq: CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion

Security Focus Latest Security Advisories - June 21, 2016 - 12:00am
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
Categories: