[SECURITY] [DSA 3501-1] perl security update

2016-03-01 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3501-1 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 01, 2016

[SECURITY] [DSA 3500-1] openssl security update

2016-03-01 Thread Alessandro Ghedini
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3500-1 secur...@debian.org https://www.debian.org/security/ Alessandro Ghedini March 01, 2016

Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege

2016-03-01 Thread Stefan Kanthak
Hi, putty-0.66-installer.exe loads and executes DWMAPI.dll or UXTheme.dll from its "application directory". For software downloaded with a web browser the application directory is typically the user's "Downloads" directory: see

[SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in

2016-03-01 Thread adrian . vollmer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Advisory ID: SYSS-2016-009 Product: Sophos UTM 525 Full Guard Vendor: Sophos Affected Version(s): 9.352-6, 94988 Tested Version(s): 9.352-6, 94988 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Fixed Vendor

WordPress plugin GravityForms Cross-site Scripting vulnerability

2016-03-01 Thread Henri Salo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Product: WordPress plugin GravityForms Product URL: http://www.gravityforms.com/ Vendor: Rocketgenius Vulnerability Type: Reflected Cross-site Scripting (CWE-79) Vulnerable Versions: 1.9.15.11 (other versions not tested) Fixed Version: 1.9.16