CVE-2015-7521: Apache Hive authorization bug disclosure (update)

2016-02-18 Thread Sushanth Sowmyan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2015-7521: Apache Hive authorization bug disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Hive 0.13.x Apache Hive 0.14.x Apache Hive 1.0.0 - 1.0.1 Apache Hive 1.1.0 - 1.1.1 Apache Hive 1.2.0 -

[security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS)

2016-02-18 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04974114 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04974114 Version: 1 HPSBUX03437

[SECURITY] [DSA 3482-1] libreoffice security update

2016-02-18 Thread Sebastien Delafond
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3482-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond February 17, 2016

RCE via CSRF in osCommerce

2016-02-18 Thread High-Tech Bridge Security Research
Advisory ID: HTB23284 Product: osCommerce Vendor: osCommerce Vulnerable Version(s): 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability Type:

SSO Authentication Bypass and Website Takeover in DOKEOS

2016-02-18 Thread High-Tech Bridge Security Research
Advisory ID: HTB23289 Product: DOKEOS Vendor: DOKEOS Vulnerable Version(s): ce30 and probably prior Tested Version: ce30 Advisory Publication: January 7, 2016 [without technical details] Vendor Notification: January 7, 2016 Public Disclosure: February 17, 2016 Vulnerability Type: Improper

SQL Injection in webSPELL

2016-02-18 Thread High-Tech Bridge Security Research
Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Version(s): 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 [without technical details] Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure:

SQL Injection in TestLink

2016-02-18 Thread High-Tech Bridge Security Research
Advisory ID: HTB23288 Product: TestLink Vendor: TestLink Development Team Vulnerable Version(s): 1.9.14 and probably prior Tested Version: 1.9.14 Advisory Publication: January 7, 2016 [without technical details] Vendor Notification: January 7, 2016 Vendor Patch: January 9, 2016 Public

RCE via CSRF in osCmax

2016-02-18 Thread High-Tech Bridge Security Research
Advisory ID: HTB23285 Product: osCmax Vendor: http://oscmax.com/ Vulnerable Version(s): 2.5.4 and probably prior Tested Version: 2.5.4 Advisory Publication: December 21, 2015 [without technical details] Vendor Notification: December 21, 2015 Public Disclosure: February 17, 2016 Vulnerability