Hack Talk
Stealth mode activated Home | Gitweb | Status | IRC

Tue, 30 May 2017 13:01:35 +0200

[SECURITY] [DSA 3865-1] mosquitto security update
    30 May 2017 | 07:59 from Bugtraq

Posted by Moritz Muehlenhoff on May 29

-------------------------------------------------------------------------
Debian Security Advisory DSA-3865-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 29, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mosquitto
CVE ID : CVE-2017-7650

It was discovered...

Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform
    29 May 2017 | 17:09 from Penetration Testing

Posted by Francisco Amato on May 29

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11
    29 May 2017 | 10:06 from Bugtraq

Posted by Florian Bogner on May 29

Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11

Metadata
===============================================================================
Release Date: 28-May-2017
Author: Florian Bogner @ https://bogner.sh
Affected product: Acunetix Web Vulnerability Scanner 11 (https://www.acunetix.com/)
Issue verified on: Windows 7
Vulnerability Status: Fixed
Fixed Version: Acunetix WVS 11.0.170941159 released on...

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token
    26 May 2017 | 22:55 from Bugtraq

Posted by kyle Lovett on May 26

Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Keys
CWE-522 :Insufficiently Protected Credentials

Products:
Wordpress Social Stream
Versions 1.6.0 and lower
https://codecanyon.net/item/wordpress-social-stream/2201708

Social Network Tabs
Versions 1.7.4 and lower
https://codecanyon.net/item/social-network-tabs-for-wordpress/1982987

Fix:
Wordpress Social Stream, V 1.6.1
https://codecanyon.net/item/wordpress-social-stream/2201708...

[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities
    26 May 2017 | 22:45 from Bugtraq

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03730en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03730en_us
Version: 1

HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple
Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last...

[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass
    26 May 2017 | 22:34 from Bugtraq

Posted by security-alert on May 26

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03754en_us
Version: 1

HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5
Processor, Remote Access Restriction Bypass

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)
    26 May 2017 | 08:46 from Bugtraq

Posted by security-alert on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03750en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03750en_us
Version: 1

HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and
VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification,
Local Denial of Service (DoS)

NOTICE: The information...

[SECURITY] [DSA 3863-1] imagemagick security update
    26 May 2017 | 08:35 from Bugtraq

Posted by Moritz Muehlenhoff on May 25

-------------------------------------------------------------------------
Debian Security Advisory DSA-3863-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
May 25, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : imagemagick
CVE ID : CVE-2017-7606 CVE-2017-7619...

Sixteen new GNU releases in the month of May
    25 May 2017 | 22:55 from FSF's blog


[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
    25 May 2017 | 21:06 from Bugtraq

Posted by HPE Product Security Response Team on May 25

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03746en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03746en_us
Version: 1

HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-05-14...

WebKitGTK+ Security Advisory WSA-2017-0004
    25 May 2017 | 15:46 from Bugtraq

Posted by Carlos Alberto Lopez Perez on May 25

------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0004
------------------------------------------------------------------------

Date reported : May 25, 2017
Advisory ID : WSA-2017-0004
Advisory URL : https://webkitgtk.org/security/WSA-2017-0004.html
CVE identifiers : CVE-2017-2496, CVE-2017-2504, CVE-2017-2505,...

[slackware-security] samba (SSA:2017-144-01)
    25 May 2017 | 08:04 from Bugtraq

Posted by Slackware Security Team on May 24

[slackware-security] samba (SSA:2017-144-01)

New samba packages are available for Slackware 13.1, 13.37, 14.0, 14.1, 14.2,
and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/samba-4.4.14-i586-1_slack14.2.txz: Upgraded.
This update fixes a remote code execution vulnerability, allowing a
malicious client to upload a shared library to a writable share,...

[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution
    25 May 2017 | 07:55 from Bugtraq

Posted by security-alert on May 24

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03751en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03751en_us
Version: 1

HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-05-24
Last Updated:...

DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability
    24 May 2017 | 18:38 from Bugtraq

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress AffiliateWP Plugin
Security Vulnerability

Advisory ID: DC-2017-05-05
Advisory Title: WordPress AffiliateWP Plugin Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress AffiliateWP Plugin
Language: PHP
Version: 2.0.8 and below (taken from the official GitHub repo)
Vendor...

DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability
    24 May 2017 | 18:29 from Bugtraq

Posted by DefenseCode on May 24

DefenseCode ThunderScan SAST Advisory
WordPress Huge-IT Video Gallery Plugin
Security Vulnerability

Advisory ID: DC-2017-01-009
Advisory Title: WordPress Huge-IT Video Gallery plugin SQL injection
vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Huge-IT Video Gallery plugin
Language: PHP
Version: 2.0.4 and below
Vendor Status:...

DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability
    24 May 2017 | 18:18 from Bugtraq

Posted by DefenseCode on May 24


DefenseCode ThunderScan SAST Advisory
WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability

Advisory ID: DC-2017-01-002
Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin
Security Vulnerability
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress All In One Schema.org Rich Snippets Plugin
Language: PHP...

The Licensing and Compliance Lab interviews AJ Jordon of gplenforced.org
    24 May 2017 | 17:55 from FSF's blog

Tagline: This is the latest installment of our Licensing and Compliance Lab's series on free software developers who choose GNU licenses for their works.


[SECURITY] [DSA 3861-1] libtasn1-6 security update
    24 May 2017 | 15:28 from Bugtraq

Posted by Sebastien Delafond on May 24

-------------------------------------------------------------------------
Debian Security Advisory DSA-3861-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
May 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libtasn1-6
CVE ID : CVE-2017-6891
Debian Bug :...

Micropub is a W3C Recommendation
    23 May 2017 | 23:34 from W3C News

The Social Web Working Group has published a W3C Recommendation of Micropub. Micropub is a client-to-server protocol used to create, update and delete social networking content. Web and native apps can use Micropub to post notes, photos, events, and many others to servers that support the protocol. Users can choose to create content in a […]


Friday Free Software Directory IRC meetup: May 26th starting at 12:00 p.m. EDT/16:00 UTC
    23 May 2017 | 21:03 from FSF's blog

Join the FSF and friends Friday, May 26th, from 12:00 p.m. to 3 p.m. EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory, with this week's theme of adding new entries.