[SYSS-2018-028] information leakage with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18566

2018-10-23 Thread Micha Borrmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-028 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type:

[SYSS-2018-027] missing X.509 validation with Polycom VVX Phones (Skype for Business, on-premise) - CVE-2018-18568

2018-10-23 Thread Micha Borrmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-027 Product: VVX 500 / VVX 601 Manufacturer: Polycom Affected Version(s): <= 5.8.0.12848 Tested Version(s): 5.4.0.10182, 5.8.0.12848 Vulnerability Type:X.509

[SYSS-2018-026] missing X.509 validation with AudioCodes IP Phones (Skype for Business, on-premise) - CVE-2018-18567

2018-10-23 Thread Micha Borrmann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2018-026 Product: 440HD / 450HD IP Phone Manufacturer: AudioCodes Affected Version(s): <= 3.1.2.89 Tested Version(s): VC_3.1.1.43.1, VC_3.1.2.89 Vulnerability Type:

[security bulletin] MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability

2018-10-23 Thread cyber-psrt
Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03272900 Version: 1 MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0

[slackware-security] mozilla-firefox (SSA:2018-296-01)

2018-10-23 Thread Slackware Security Team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2018-296-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+

CA20181017-01: Security Notice for CA Identity Governance

2018-10-23 Thread Kotas, Kevin J
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 CA20181017-01: Security Notice for CA Identity Governance Issued: October 17, 2018 Last Updated: October 17, 2018 CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an

Question Answer v1.2.30 (WordPress Plugin) - Multiple XSS Vulnerabilities

2018-10-23 Thread Socket_0x03
== Question Answer v1.2.30 (WordPress Plugin) - Multiple Cross-Site Scripting Vulnerabilities ==

SATE VI - Call for Participation

2018-10-23 Thread Delaitre, Aurelien (IntlAssoc)
Dear Software Assurance Community, NIST is pleased to announce the kick off of the "Classic Track" of the 6th Static Analysis Tool Exposition, SATE VI! SATE is a non-competitive study of static analysis tool effectiveness, aiming at improving tools and increasing public awareness and

Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload

2018-10-23 Thread Murat Aydemir
I. VULNERABILITY - Zoho ManageEngine OpManager 12.3 allows Unrestricted Arbitrary File Upload II. CVE REFERENCE - CVE-2018-18475 III. VENDOR - https://www.manageengine.com IV. TIMELINE - 19/09/18

Pie Register v3.0.17 (WordPress Plugin) - XSS Vulnerability in Forgot-Password

2018-10-23 Thread Socket_0x03
=== Pie Register v3.0.17 (WordPress Plugin) - Cross-Site Scripting Vulnerability in Forgot-Password