ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability

2015-12-22 Thread Security Alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability EMC Identifier: ESA-2015-174 CVE Identifier: CVE-2015-6850 Severity Rating: CVSS Base Score 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) Affected Products EMC Software: EMC VPLEX GeoSynchrony

Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability

2015-12-22 Thread Vulnerability Lab
Document Title: === Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1657 Release Date: = 2015-12-14 Vulnerability Laboratory ID (VL-ID):

[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access.

2015-12-22 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04779492 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04779492 Version: 1 HPSBHF03419

Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution

2015-12-22 Thread Stefan Kanthak
Hi @ll, the executable installer [°]['] (rather: the 7-Zip based executable self-extractor [²]) of Rapid7's (better known for their flagship Metasploit) ScanNowUPnP.exe loads and executes several rogue/bogus DLLs eventually found in the directory it is started from (the "application directory"),

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

2015-12-22 Thread Vulnerability Lab
Document Title: === POP Peeper 4.0.1 - Persistent Code Execution Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1657 Release Date: = 2015-11-26 Vulnerability Laboratory ID (VL-ID):

Lithium Forum - (previewImages) Persistent Vulnerability

2015-12-22 Thread Vulnerability Lab
Document Title: === Lithium Forum - (previewImages) Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1520 Release Date: = 2015-12-18 Vulnerability Laboratory ID (VL-ID):

Switch v4.68 - Code Execution Vulnerability

2015-12-22 Thread Vulnerability Lab
Document Title: === Switch v4.68 - Code Execution Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1649 Release Date: = 2015-11-23 Vulnerability Laboratory ID (VL-ID): 1649

Aeris Calandar v2.1 - Buffer Overflow Vulnerability

2015-12-22 Thread Vulnerability Lab
Document Title: === Aeris Calandar v2.1 - Buffer Overflow Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1656 Release Date: = 2015-12-01 Vulnerability Laboratory ID (VL-ID):

[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality

2015-12-22 Thread RedTeam Pentesting GmbH
Advisory: Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality A session fixation vulnerability within the Symfony web application framework's "Remember Me" login functionality allows an attacker to impersonate the victim towards the web application if the