This bulletin summary lists one released Microsoft security bulletin for May, 2015.
f279f1bf5e619188ff7097c3321c23c74165e1c6950e7d2cd4e1d1dd445f5710
hardwear is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. It will take place October 1st through the 2nd, 2015 in The Hague, Netherlands.
fa2897a650cf3e3328a5b4c9dffd87b67dfc41153f9fb829c35d1371a19933f7
The Hacktivity 2015 Call For Papers has been announced. It will be held from October 9th through the 10th, 2015 in Budapest, Hungary.
93bba81cf278f9f3cdea8c22d88b46abf29db7ee63db5cf936f3104bf5bac1f2
KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.
23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fd
Ubuntu Security Notice 2617-1 - Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.
1ee6d90880ff6d88b3c4bf8024e12cd47acb4ecf6dcf294774b26dc242850139
Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities.
086ca064d94366ef1030633aba925f544189f005411834047fad3a4592126680
Newsletter version 4.3 suffers from a remote SQL injection vulnerability.
fad83bcfc46d547af5883c5d93dd0c2a3271b9adad34676ea3284ee87947badb
WordPress WP Photo Album Plus plugin version 6.1.2 suffers from a cross site scripting vulnerability.
dc87e9e9a57eaba329f327e233795a7d58028430aed823b369b88e95f8d7eada
Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.
7d524f41ded3fbca83cd0ed3b01c95d13cab774d7a2fa4d2956447e6c0c1eed9
SAP ERPScan has patched buffer overflow, XXE injection, and missing authorization vulnerabilities.
de0cd2f323a3c4f9aa15056db27e15071c37dd9bcf40321c654953ba86e94f21
Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.
d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68
Red Hat Security Advisory 2015-1020-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b7d2def09d6a78b4b5773552927e06c22239193f9ed1990fc14f946a4e0ffbeb
Red Hat Security Advisory 2015-1021-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
10ca220cdd88181ecb769acfd07f597ebc5e8fec1ad61aa1d821d8957b3807aa
HP Security Bulletin HPSBUX03333 SSRT102029 1 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
d5271c40b418bea801c994c27d89bc2fae9ac0aa743450c1e0ec36ed88a20b50
HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
eb46fc96819b54c25b2a92e13c8d15dbf525d9e7dd4c0a8ec10967d4cdf2a74a
Debian Linux Security Advisory 3265-1 - Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.
cbf8949170958062f759dd3c0cd87f491f53a82a613a92ce18da29ba930ac6fe
Debian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759
Debian Linux Security Advisory 3264-1 - Multiple security issues have been found in Icedove, Debian's version of buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
1a6f9841957ac17613535fd8516b7c9643eed0d4da7d865d3eadb70a9e675a3d
HP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5
HiDisk version 2.4 suffers from cross site scripting vulnerabilities.
64d72136f12d344f723dc4b373e08c6d1dbf2f416063afa99305e3907efcb50b
Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263
26 bytes small Linux/x86 execve "/bin/sh" shellcode.
55b3e8c490b7e00c5773c1954fca27eecc61f1db2813dc8878005631e4a57d53
Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9f9180461e9cd73423e245a053523757ad172b33d270f5c669f95253b81dd237
ZOC SSH Client version 7.03.0 suffers from a buffer overflow vulnerability.
e42dd15e4a510917e7e3c36fb2b609903cd637f9a9ab4132272feb7ccf07962a
Ubuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9