Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)

2016-06-15 Thread iancling
[+] Credits: Ian Ling [+] Website: iancaling.com Vendor: = www.ceragon.com Product: == -FibeAir IP-10 Vulnerability Type: === Default Root Account CVE Reference: == N/A Vulnerability Details: = Ceragon FibeAir

[MWR-2016-0002] DDN Default SSH Keys

2016-06-15 Thread john . fitzpatrick
###[DDN Default SSH Keys]### DDN SFA devices have default SSH keys in place * Product: DDN SFA storage devices, all versions, all models * Severity: High * CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002 * Type: Default Credentials * Author: John Fitzpatrick * Date: 2016-06-15 ##

[MWR-2016-0001] DDN Insecure Update Mechanism

2016-06-15 Thread john . fitzpatrick
###[DDN Insecure Update Process]### An insecure update mechanism on DDN SFA devices allows for privilege escalation * Product: DDN SFA storage devices, all versions, all models * Severity: High * CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0001) * Type: Insecure update mechanism * Author:

Microsoft Visio multiple DLL side loading vulnerabilities

2016-06-15 Thread Securify B.V.
Microsoft Visio multiple DLL side loading vulnerabilities Yorick Koster, August 2015

Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

2016-06-15 Thread Cisco Systems Product Security Incident Response Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability Advisory ID: cisco-sa-20160615-rv Revision 1.0 For Public Release 2016 June 15 16:00 UTC (GMT

BookingWizz < 5.5 Multiple Vulnerability

2016-06-15 Thread mehmet
1. ADVISORY INFORMATION Title: BookingWizz < 5.5 Multiple Vulnerability Application: BookingWizz Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: < 5.5 Vendor URL: http://codecanyon.net/item/booking-system/87919 Bugs:

FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

2016-06-15 Thread Vulnerability Lab
Document Title: === FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1687 Fortinet PSIRT ID: 1624561 Release Notes #1:

NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue

2016-06-15 Thread VMware Security Response Center
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2016-0009 Synopsis:VMware vCenter Server updates address an important reflective cross-site scripting issue Issue

[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers

2016-06-15 Thread Stefan Kanthak
Hi @ll, should have fixed CVE-2014-1520 in Mozilla's executable installers for Windows ... but does NOT! JFTR: this type of vulnerability (really: a bloody stupid trivial beginner's error!) is well-known and well-documented as

[SECURITY] [DSA 3603-1] libav security update

2016-06-15 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3603-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 14, 2016