The following vulnerabilities have been reported to Siemens CERT and are now
covered by by Siemens Security Advisory SSA-603476, published today
(2016-11-21) and available at the following URL:
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf
-- CVE-016-8672 ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3719-1 secur...@debian.org
https://www.debian.org/security/ Sebastien Delafond
November 21, 2016
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: XXE
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2296909
Author: Vahagn Vardanyan (ERPScan)
Vulnerability: Nginx (Debian-based distros) - Root Privilege
Escalation (CVE-2016-1247)
Discovered by: Dawid Golunski (@dawid_golunski)
https://legalhackers.com
Nginx web server packaging on Debian-based distributions such as Debian or
Ubuntu was found to create log directories with insecure perm
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
===
Product:AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Cross-site Scripting [CWE-79]
Date found: 2016-06-29
Date published: -
CVSSv3 Score:
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
===
Product:AppFusions Doxygen for Atlassian Confluence
Vendor URL: www.appfusions.com
Type: Information Exposure Through an Error Message [CWE-209]
Date found: 2016-06-29
Date
Title: Multiple issues in OpManager
Author: Michael Heydon
Product: OpManager
Tested Versions: 12100 & 12200
Vendor: Zoho ManageEngine
Vendor Notified: 2016-08-14
Disclosure Date: 2016-11-20
Product Description:
OpManager is a web-based network monitoring system. It is used
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05337025
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05337025
Version: 1
HPSBHF03675 rev.1 - HPE I
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PUTTY.EXE-INSECURE-PASSWORD-STORAGE.txt
[+] ISR: ApparitionSec
Vendor:
==
www.chiark.greenend.org.uk
Product:
===
Putty.ex
Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
Yorick Koster, July 2016
---
Cross-Site Scripting in Check Email WordPress Plugin
Antonis Manaras, July 2016
---
Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
Antonis Manaras, July 2016
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] mozilla-firefox (SSA:2016-323-01)
New mozilla-firefox packages are available for Slackware 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
p
13 matches
Mail list logo
