-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03727en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbgn03727en_us
Version: 1
DefenseCode ThunderScan SAST Advisory
Apache Tomcat Directory/Path Traversal
Advisory ID: DC-2017-03-001
Software: Apache Tomcat
Software Language:Java
Version:7.0.76 (probably 9, 8 and 6 branches also)
Vendor Status: Vendor contacted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3826-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 04, 2017
Asterisk Project Security Advisory - AST-2017-001
ProductAsterisk
SummaryBuffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2017-02
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider SoMachine Basic 1.4 SP1,
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2017-01
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider Modicon TM221CE16R, Firmware
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html
Date:
04-Apr-2017
Product:
iPlatinum iOneView
Versions affected:
Unknown.
Vulnerabilities:
1) Cross-site scripting:
http://[target]/ioneview/admin/main.pl?cmd=alert(document.cookie)
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html
Date:
04-Apr-2017
Product:
Kaseya VSA
Versions affected:
9.02.00.04
Vulnerability:
Installations of Kaseya contain the following installation page:
https://[target]/install/kaseya.html
When the product is
https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-scripting-vulnerabilities.html
Date:
04-Apr-2017
Product:
AcoraCMS
Versions affected:
7.0.0.6 (known bugs from 6.0.6 are still present
http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt).
Vulnerabilities:
1)
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html
Date:
04-Apr-2017
Product:
SmartJobBoard
Versions affected:
v5.0.9 and below.
Vulnerability:
1) Cross-site scripting vulnerabilities in the following locations and
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html
Date:
04-Apr-2017
Product:
SilverStripe CMS
Versions affected:
3.1.9 and below.
Vulnerability:
Path disclosure.
Example URL:
http://[target]/dev/build/
Path reported:
/home/[target]/public_html/framework/dev/DebugView.php
https://www.osisecurity.com.au/tweekdm-document-management-authentication-bypass-sql-injection-vulnerabilities.html
Date:
04-Apr-2017
Product:
Tweek!DM Document Management
Versions affected:
Unknown
Vulnerabilities:
1) Authentication bypass - the software sends a 301 Location redirect
back to
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html
Date:
04-Apr-2017
Product:
Computer Associates (Layer7) API Gateway
Versions affected:
v7, v8, v9
Vulnerabilities:
1) CRLF Response Splitting
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection-reflected-xss.html
Date:
04-Apr-2017
Product:
LanternCMS
Versions affected:
Unknown
Vulnerabilities:
1) Path disclosure
By requesting a site with an invalid intSiteI or numRedirectCount:
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html
Date:
04-Apr-2017
Product:
Trimble / Manhattan Software IWMS (integrated workplace management system)
Versions affected:
9.x
Vulnerability:
XML
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html
Date:
04-Apr-2017
Product:
AirWatch Self Service MDM
Versions affected:
v6.1.x
v6.4.x
Vulnerability:
LDAP injection
Example:
https://[target]/DeviceManagement/ URL accepts the following
POST
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlg_loginowneridjsp-ownerid-sql-injection.html
Date:
04-Apr-2017
Product:
Avaya Radvision SCOPIA Desktop
Versions affected:
v7.7.000.042 released in 2011 (confirmed)
v8.2.101.046 relased in 2013 (confirmed)
Vulnerability:
Blind SQL
https://www.osisecurity.com.au/lotus-protector-for-mail-security-remote-code-execution.html
Date:
09-Nov-2012
Product:
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail)
Vulnerability:
Local File Inclusion to Remote Code Execution
Details:
There is local file inclusion vulnerability in
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-and-bruteforce-weakness.html
Date:
04-Apr-2017
Software:
Kaseya
Affected version:
Kaseya VSA v6.5.0.0.
Vulnerability details:
1. The "forgot password" function at https://[target]/access/logon.asp
reveals whether a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03721en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbgn03721en_us
Version: 1
20 matches
Mail list logo