Title: Syslog Server "npriority" field remote Denial of Service vulnerability
Software : Syslog Server
Software Version : Syslog Server 1.2.3
Vendor: https://sourceforge.net/p/syslog-server/
Vulnerability Published : 2016-07-02
Vulnerability Update Time :
Status :
Impact : Medium(CVSS2 Base
I found this double-fetch vulnerability when I was doing my research on
double-fetch issue analysis, and Id like to make an announcement here.
This was found in Linux kernel file Linux-4.6/kernel/auditsc.c, and crafted
user space data change under race condition will make control strings
Document Title:
===
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1868
Release Date:
=
2016-07-04
Vulnerability Laboratory ID (VL-ID):
Document Title:
===
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability
References (Source):
http://www.vulnerability-lab.com/get_content.php?id=1867
Release Date:
=
2016-07-01
Vulnerability Laboratory ID (VL-ID):
I found this double-fetch vulnerability when I was doing my research on
double-fetch issue analysis, and Id like to make an announcement here.
This was found in Linux kernel file
Linux-4.6/drivers/platform/chrome/cros_ec_dev.c, and crafted user space data
change under race condition will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3616-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 04, 2016
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product:
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product:
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product:
Vendor: EMC
Product: Documentum WDK-based applications, all versions
Security impact: high
All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum
Administrator,
EPFM) contain extremely dangerous web component – API Tester. The “API Tester”
component
wan’t designed with
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-INJECTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product:
Software name: 24 online
Version: 8.3.6 build 9.0
Vendor website: http://24onlinebilling.com
Potentially others versions older than this are vulnerable too.
Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in
an SQL Command ('SQL Injection')
The invoiceid GET
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3614-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3615-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
July 02, 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3613-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 02, 2016
[CVE-2016-4974] Apache Qpid: deserialization of untrusted input while
using JMS ObjectMessage
Severity: Moderate
Vendor: The Apache Software Foundation
Versions Affected:
Qpid AMQP 0-x JMS client 6.0.3 and earlier
Qpid JMS (AMQP 1.0) client 0.9.0 and earlier
Description:
When applications call
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05193347
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05193347
Version: 1
HPSBGN03627
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3612-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 01, 2016
18 matches
Mail list logo