Bugtraq
[Prev Page][Next Page]
- May 2017 - SourceTree - Critical Security Advisory
- CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
- [SECURITY] [DSA 3858-1] openjdk-7 security update
- [SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints
- [security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information
- [SECURITY] [DSA 3856-1] deluge security update
- PingID (MFA) - Reflected Cross-Site Scripting
- [slackware-security] kdelibs (SSA:2017-136-02)
- From: Slackware Security Team
- [SYSS-2017-010] HP Wireless Mouse: Spoofing Attack (CWE-345)
- Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages
- APPLE-SA-2017-05-15-6 iTunes 12.6.1
- From: Apple Product Security
- APPLE-SA-2017-05-15-4 watchOS 3.2.1
- From: Apple Product Security
- [SECURITY] [DSA 3853-1] bitlbee security update
- Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability
- Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability
- [security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
- DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities
- SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager
- From: SEC Consult Vulnerability Lab
- DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability
- DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities
- ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center
- ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability
- From: EMC Product Security Response Center
- [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability
- From: Core Security Advisories Team
- SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3848-1] git security update
- From: Salvatore Bonaccorso
- Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892]
- From: Nightwatch Cybersecurity Research
- [SECURITY] [DSA 3847-1] xen security update
- [security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege
- CVE-2016-6799: Internal system information leak
- SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3846-1] libytnef security update
- [SECURITY] [DSA 3845-1] libtirpc security update
- ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability
- From: EMC Product Security Response Center
- CA20170504-01: Security Notice for CA Client Automation OS Installation Management
- [security bulletin] HPESBHF03736 rev.1 - HPE Aruba and HPE ProVision network switches using Diffie Hellman Group1 Sha1 Exchange Algorithm, Remote Disclosure of Information
- [security bulletin] HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities
- WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295]
- ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability
- From: EMC Product Security Response Center
- Zenario CMS v7.6 - (Delete) Persistent Cross Site Vulnerability
- Zenario v7.6 - Persistent Cross Site Scripting Vulnerability
- Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability
- Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability
- Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability
- Hola VPN v1.34 - Privilege Escalation Vulnerability
- Mura CMS Cross-Site Scripting (XSS) Vulnerability
- [SECURITY] [DSA 3843-1] tomcat8 security update
- [SECURITY] [DSA 3842-1] tomcat7 security update
- MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi
- [security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information
- IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom
- From: IML 2017 Conference
- SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options
- Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X
- [security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
- [SECURITY] [DSA 3838-1] ghostscript security update
- From: Salvatore Bonaccorso
- Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
- Live Helper Chat - Cross-Site Scripting
- [SECURITY] [DSA 3836-1] weechat security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter
- From: FreeBSD Security Advisories
- CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
- April 2017 - Confluence - Security Advisory
- [SECURITY] [DSA 3834-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-firefox (SSA:2017-114-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3833-1] libav security update
- KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials
- From: KoreLogic Disclosures
- KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read
- From: KoreLogic Disclosures
- KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection
- From: KoreLogic Disclosures
- KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse
- From: KoreLogic Disclosures
- KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path
- From: KoreLogic Disclosures
- CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
- [slackware-security] ntp (SSA:2017-112-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2017-112-01)
- From: Slackware Security Team
- [slackware-security] proftpd (SSA:2017-112-03)
- From: Slackware Security Team
- Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
- CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake
- From: Security Advisories
- CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass
- From: Security Advisories
- [SECURITY] [DSA 3831-1] firefox-esr security update
- [HITB-Announce] HITB GSEC 2017 CFP Closes April 30th
- October CMS v1.0.412 several vulnerabilities
- DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
- CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.
- CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
- [slackware-security] minicom (SSA:2017-108-01)
- From: Slackware Security Team
- CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
- [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability
- [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
- Watchguard Fireware XXE DoS & User Enumeration
- concrete5 v8.1.0 Host Header Injection
- [slackware-security] bind (SSA:2017-103-01)
- From: Slackware Security Team
- [security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data
- [SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE')
- From: erlijn . vangenuchten
- [SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery
- From: erlijn . vangenuchten
- [SYSS-2017-007] agorum core Pro - Cross-Site Scripting
- From: erlijn . vangenuchten
- [SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference
- From: erlijn . vangenuchten
- [SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting
- From: erlijn . vangenuchten
- April 2017 - HipChat Server Advisory
- DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)
- CVE-2017-7456 Moxa MXview v2.8 Denial Of Service
- CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure
- CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection
- FreeBSD Security Advisory FreeBSD-SA-17:03.ntp
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3829-1] bouncycastle security update
- Microsoft Office OneNote 2007 DLL side loading vulnerability
- Multiple local privilege escalation vulnerabilities in Proxifier for Mac
- [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
- [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure
- DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities
- ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode
- From: Nightwatch Cybersecurity Research
- Foscam All networked devices, multiple Design Errors. SSL bypass.
- [slackware-security] libtiff (SSA:2017-098-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3827-1] jasper security update
- [security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution
- [CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite
- D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download
- SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum
- From: SEC Consult Vulnerability Lab
- Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)
- Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)
- Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload
- [security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data
- DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal
- [SECURITY] [DSA 3826-1] tryton-server security update
- From: Salvatore Bonaccorso
- AST-2017-001: Buffer overflow in CDR's set user
- From: Asterisk Security Team
- The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.
- OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10.
- Moodle URL Manipulation Remote Account Information Disclosure
- iPlatinum iOneView Multiple Parameter Reflected XSS
- Kaseya information disclosure vulnerability
- AcoraCMS browser redirect and Cross-site scripting vulnerabilities
- SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package
- SilverStripe CMS - Path Disclosure
- Tweek!DM Document Management Authentication bypass, SQL injection
- Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
- CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service
- Lantern CMS Path Disclosure, SQL Injection, Reflected XSS
- Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure
- AirWatch Self Service Portal Username Parameter LDAP Injection
- Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
- Lotus Protector for Mail Security remote code execution
- Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
- [security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS)
- SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function
- From: SEC Consult Vulnerability Lab
- Splunk Enterprise Information Theft CVE-2017-5607
- [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
- [security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution
- [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability
- From: EMC Product Security Response Center
- ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability
- From: EMC Product Security Response Center
- [SECURITY] [DSA 3824-1] firebird2.5 security update
- [SECURITY] [DSA 3798-2] tnef regression update
- [slackware-security] mariadb (SSA:2017-087-01)
- From: Slackware Security Team
- APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
- From: Apple Product Security
- [SECURITY] [DSA 3823-1] eject security update
- From: Salvatore Bonaccorso
- APPLE-SA-2017-03-27-7 macOS Server 5.3
- From: Apple Product Security
- [SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
- APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
- From: Apple Product Security
- [SECURITY] [DSA 3817-1] jbig2dec security update
- [SECURITY] [DSA 3816-1] samba security update
- From: Salvatore Bonaccorso
- APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
- From: Apple Product Security
- Cisco Security Advisory: Cisco IOx Data in Motion Stack Overflow Vulnerability
- Cisco Security Advisory: Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability
- Cisco Security Advisory: Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
- Cisco Security Advisory: Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
- SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
- From: SEC Consult Vulnerability Lab
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
- [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
- ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability
- From: EMC Product Security Response Center
- [SECURITY] [DSA 3796-2] sitesummary regression update
- [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
- CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
- [SECURITY] [DSA 3813-1] r-base security update
- [SECURITY] [DSA 3812-1] ioquake3 security update
- [SECURITY] [DSA 3811-1] wireshark security update
- Cisco Security Advisory: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
- MS Internet Information Services XSS / HTML Injection vulnerability
- CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure
- SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
- From: SEC Consult Vulnerability Lab
- CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
- [slackware-security] pidgin (SSA:2017-074-01)
- From: Slackware Security Team
- Path Traversal Remote File Disclosure
- CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure
- Cisco Security Advisory: Cisco Workload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability
- Cisco Security Advisory: Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
- Cisco Security Advisory: Cisco StarOS SSH Privilege Escalation Vulnerability
- Microsoft Edge Fetch API allows setting of arbitrary request headers
- Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability
- Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability
- Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability
- Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory
- [SECURITY] [DSA 3808-1] imagemagick security update
- Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability
- Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability
- Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability
- [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities
- [security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF)
- [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass
- CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"
- [SECURITY] [DSA 3805-1] firefox-esr security update
- [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download
- [SECURITY] [DSA 3804-1] linux security update
- From: Salvatore Bonaccorso
- [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution
- [security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution
- SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint
- From: SEC Consult Vulnerability Lab
- [slackware-security] mozilla-firefox (SSA:2017-066-01)
- From: Slackware Security Team
- Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead
- [security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities
- Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution
- SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud
- From: SEC Consult Vulnerability Lab
- WordPress audio playlist functionality is affected by Cross-Site Scripting
- EasyCom PHP API Stack Buffer Overflow
- Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass
- CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass
- CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility
- OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)
- CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility
- EasyCom SQL iPlug Denial Of Service
- [SECURITY] [DSA 3801-1] ruby-zip security update
- From: Salvatore Bonaccorso
- Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0
- From: Larry W. Cashdollar
- [SECURITY] [DSA 3794-2] munin regression update
- From: Salvatore Bonaccorso
- Joomla com_publication Component - 'sid' Parameter Sql Injection Vulnerability
- Joomla com_news Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_filecabinet Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_frontpage Component - 'Itemid' Parameter Sql Injection Vulnerability
- Joomla com_phocadownload Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_jdownloads Component - 'cid' Parameter Sql Injection Vulnerability
- Joomla com_webgrouper Component - 'Itemid' Parameter Sql Injection Vulnerability
- [SECURITY] [DSA 3798-1] tnef security update
- Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin
- Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
- Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
- Cross-Site Scripting in Magic Fields 1 WordPress Plugin
- Cross-Site Request Forgery in Atahualpa WordPress Theme
- Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery
- Cross-Site Request Forgery in WordPress Download Manager Plugin
- Persistent Cross-Site Scripting in the WordPress NewStatPress plugin
- Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin
- Cross-Site Request Forgery in Global Content Blocks WordPress Plugin
- Cross-Site Request Forgery in File Manager WordPress plugin
- Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting
- Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field
- Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability
- Multiple persistent Cross-Site Scripting vulnerabilities in osTicket
- Advisory X41-2017-001: Multiple Vulnerabilities in X.org
- From: X41 D-Sec GmbH Advisories
- [SECURITY] [DSA 3795-1] bind9 security update
- [SECURITY] [DSA 3792-1] libreoffice security update
- Advisory X41-2017-004: Multiple Vulnerabilities in tnef
- From: X41 D-Sec GmbH Advisories
- Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-17:02.openssl
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3791-1] linux security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3788-2] tomcat8 regression update
- From: Salvatore Bonaccorso
- [security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information
- APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1
- From: Apple Product Security
- PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability
- [SECURITY] [DSA 3790-1] spice security update
- From: Salvatore Bonaccorso
- [SYSS-2017-004] Simplessus Files: Path Traversal
- [SYSS-2017-001] Simplessus Files: SQL Injection
- KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability
- From: KoreLogic Disclosures
- KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write
- From: KoreLogic Disclosures
- Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
- Advisory X41-2017-002: Multiple Vulnerabilities in ytnef
- From: X41 D-Sec GmbH Advisories
- CVE-2017-5586: Remote code execution in OpenText Documentum D2
- [security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information
- Cisco Security Response: Cisco Smart Install Protocol Misuse
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information
- [security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3788-1] tomcat8 security update
- [SECURITY] [DSA 3787-1] tomcat7 security update
- [SECURITY] [DSA 3786-1] vim security update
- [security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)
- [security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
- [slackware-security] tcpdump (SSA:2017-041-04)
- From: Slackware Security Team
- [slackware-security] php (SSA:2017-041-03)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2017-041-02)
- From: Slackware Security Team
- [security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification
- WebKitGTK+ Security Advisory WSA-2017-0002
- From: Carlos Alberto Lopez Perez
- [security bulletin] HPESBNS03702 rev.1 - HPE NonStop OSS Core Utilities with Bash Shell, Local Arbitrary Command Execution, Elevation of Privilege
- [SECURITY] [DSA 3784-1] viewvc security update
- [SECURITY] [DSA 3783-1] php5 security update
- TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules
- [SECURITY] [DSA 3782-1] openjdk-7 security update
- Authentication bypass vulnerability in Western Digital My Cloud
- Cisco Security Advisory: Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2017-001: EMC Isilon InsightIQ Authentication Bypass Vulnerability
- From: EMC Product Security Response Center
- SEC Consult SA-20170207 :: Path Traversal, Backdoor accounts & KNX group address password bypass in JUNG Smart Visu server
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPESBUX03699 SSRT110304 rev.1 - HP-UX BIND, Multiple Remote Denial of Service (DoS)
- From: HPE Product Security Response Team
- Teleopti WFM <= 7.1.0 Multiple Vulnerabilities
- [SECURITY] [DSA 3781-1] svgsalamander security update
- ZoneMinder - multiple vulnerabilities
- [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues
- Ghostscript 9.20 Filename Command Execution
- [security bulletin] HPSBST03588 rev 1. - HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS, Remote Arbitrary Command Execution
- Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2017-003: EMC Network Configuration Manager (NCM) Multiple Vulnerabilities
- From: EMC Product Security Response Center
- [SECURITY] [DSA 3779-1] wordpress security update
- [security bulletin] HPESBHF03700 rev.1 - HPE iMC PLAT, Remote Disclosure of Information, Denial of Service (DoS)
- [SECURITY] [DSA 3778-1] ruby-archive-tar-minitar security update
- From: Salvatore Bonaccorso
- [security bulletin] HPESBGN03696 rev.1 - HPE Helion Eucalyptus, Remote Escalation of Privilege
- [security bulletin] HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL Server, Remote Elevation of Privilege
- ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities
- From: EMC Product Security Response Center
- [REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities
- [security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution
- Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability
- secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines")
- Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin
- Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin
- CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default
- [SECURITY] [DSA 3773-1] openssl security update
- ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities
- From: EMC Product Security Response Center
- ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability
- From: EMC Product Security Response Center
- Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability
- [slackware-security] mozilla-thunderbird (SSA:2017-026-01)
- From: Slackware Security Team
- CA20170126-01: Security Notice for CA Common Services casrvc
- [SECURITY] [DSA 3772-1] libxpm security update
- From: Salvatore Bonaccorso
- ESA-2016-167: EMC Documentum D2 Multiple Vulnerabilities
- From: EMC Product Security Response Center
- ESA-2016-160: EMC Data Domain DD OS Command Injection Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-132: EMC RecoverPoint Multiple Vulnerabilities
- From: EMC Product Security Response Center
- ESA-2016-092: RSA® Web Threat Detection Cross Site Scripting Vulnerability
- From: EMC Product Security Response Center
- PEAR HTTP_Upload v1.0.0b3 Arbitrary File Upload
- [SECURITY] [DSA 3771-1] firefox-esr security update
- Google Forms WordPress Plugin unauthenticated PHP Object injection vulnerability
- Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2016-166: EMC Isilon OneFS Privilege Escalation Vulnerability
- From: EMC Product Security Response Center
- OpenCart 2.3.0.2 CSRF - User Account Takeover
- [security bulletin] HPSBST03642 rev.3 - HPE StoreVirtual Products running LeftHand OS using OpenSSL and OpenSSH, Remote Arbitrary Code Execution, Denial of Service (DoS), Disclosure of Sensitive Information, Unauthorized Access
- [security bulletin] HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS)
- [security bulletin] HPSBHF03441 rev.2 - HPE iLO 3, iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities
- Cisco Security Advisory: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03690 rev.1 - HPE Real User Monitor (RUM), Remote Disclosure of Information
- CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS
- [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300
- [slackware-security] mozilla-firefox (SSA:2017-023-01)
- From: Slackware Security Team
- APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5
- From: Apple Product Security
- APPLE-SA-2017-01-23-6 iCloud for Windows 6.1.1
- From: Apple Product Security
- APPLE-SA-2017-01-23-2 macOS 10.12.3
- From: Apple Product Security
- APPLE-SA-2017-01-23-5 Safari 10.0.3
- From: Apple Product Security
- APPLE-SA-2017-01-23-4 tvOS 10.1.1
- From: Apple Product Security
- APPLE-SA-2017-01-23-3 watchOS 3.1.3
- From: Apple Product Security
- APPLE-SA-2017-01-23-1 iOS 10.2.1
- From: Apple Product Security
- ESA-2016-150: RSA® Security Analytics Reflected Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-146: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
- From: EMC Product Security Response Center
- Microsoft Remote Desktop Client for Mac Remote Code Execution - Update
- [SECURITY] [DSA 3770-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3769-1] libphp-swiftmailer security update
- Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
- NTOPNG Web Interface v2.4 CSRF Token Bypass
- [SECURITY] [DSA 3767-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- Novel Contributions to the field - How I broke MySQL's code-base (Part 2) [CVE-2016-5541] MySQL cluster remote 0day
- Novel Contributions to the Field - How I broke MySQL's codebase (Part 2) [CVE-2016-5541] MySQL Cluster 0day
- [RCESEC-2016-012] Mattermost <= 3.5.1 "/error" Unauthenticated Reflected Cross-Site Scripting / Content Injection
- [security bulletin] HPSBMU03685 rev.1 - HPE Insight Control server provisioning (ICsp), Multiple Remote Vulnerabilities
- ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center
- [SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
- [SECURITY] [DSA 3743-2] python-bottle regression update
- [SECURITY] [DSA 3765-1] icoutils security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03689 rev.1 - HPE Diagnostics, Remote Cross-Site Scripting and Click Jacking
- [security bulletin] HPSBST03671 rev.2 - HPE StoreEver MSL6480 Tape Library Management Interface, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3764-1] pdns security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03694 rev.1 - HPE SiteScope, Remote Disclosure of Information
- ICMPv6 PTBs and IPv6 frag filtering (particularly at BGP peers)
- [SECURITY] [DSA 3760-1] ikiwiki security update
- CVE-2017-5350: Unexpected SystemUI FC driven by arbitrary application
- [slackware-security] bind (SSA:2017-011-01)
- From: Slackware Security Team
- [slackware-security] gnutls (SSA:2017-011-02)
- From: Slackware Security Team
- CA20170109-01: Security Notice for CA Service Desk Manager
- [SECURITY] [DSA 3758-1] bind9 security update
- Multiple Vulnerabilities in cPanel
- IKEv1 cipher suite configuration mismatch in Siemens SIMATIC CP 343-1 Advanced
- [SECURITY] [DSA 3757-1] icedove security update
- Re: [oss-security] Docker 1.12.6 - Security Advisory
- Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability
- Bit Defender #39 - Auth Token Bypass Vulnerability
- BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability
- Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-17:01.openssh
- From: FreeBSD Security Advisories
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
- From: EMC Product Security Response Center
- Directadmin ControlPanel 1.50.1 denial of service Vulnerability
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
- From: EMC Product Security Response Center
- Directadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability
- QuickBooks 2017 Admin Credentials Disclosure
- [SECURITY] [DSA 3753-1] libvncserver security update
- [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure
- ESA-2016-157: EMC ScaleIO Multiple Vulnerabilities
- From: EMC Product Security Response Center
- [security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution
- [SECURITY] [DSA 3750-2] libphp-phpmailer regression update
- 0-day: QNAP NAS Devices suffer of heap overflow
- [SECURITY] [DSA 3750-1] libphp-phpmailer security update
- Fwd: [ANNOUNCE] CVE-2016-6793 Apache Wicket deserialization vulnerability
- [slackware-security] seamonkey (SSA:2016-365-03)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2016-365-02)
- From: Slackware Security Team
- [slackware-security] libpng (SSA:2016-365-01)
- From: Slackware Security Team
- [CVE-2016-8741] Apache Qpid Broker for Java - Information Leakage
- PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch)
- PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]
- [SECURITY] [DSA 3746-1] graphicsmagick security update
- [slackware-security] expat (SSA:2016-359-01)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2016-358-02)
- From: Slackware Security Team
- [slackware-security] httpd (SSA:2016-358-01)
- From: Slackware Security Team
- XAMPP Control Panel Memory Corruption Denial Of Service
- [SECURITY] [DSA 3744-1] libxml2 security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-16:39.ntp
- From: FreeBSD Security Advisories
- CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow
- [SECURITY] [DSA 3732-2] php-ssh2 regression update
- ASP.NET Core 5-RC1 HTTP Header Injection
- [SECURITY] [DSA 3743-1] python-bottle security update
- CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
- [SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)
- [SECURITY] [DSA 3738-1] tomcat7 security update
- Samsung DVR credentials encoded in base64 in cookie header
- [security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3736-1] libupnp security update
- CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom
- CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
- MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free
- Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565]
- Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability
- Secunia Research: Microsoft Windows Type 1 Font Processing Vulnerability
- CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free
- [slackware-security] mozilla-firefox (SSA:2016-348-01)
- From: Slackware Security Team
- MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free
- APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1
- From: Apple Product Security
- APPLE-SA-2016-12-13-8 Transporter 1.9.2
- From: Apple Product Security
- APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2
- From: Apple Product Security
- APPLE-SA-2016-12-13-2 Safari 10.0.2
- From: Apple Product Security
- APPLE-SA-2016-12-13-3 iTunes 12.5.4
- From: Apple Product Security
- [slackware-security] kernel (SSA:2016-347-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-347-03)
- From: Slackware Security Team
- Apple iOS/tvOS/watchOS Remote memory corruption through certificate
- APPLE-SA-2016-12-12-2 watchOS 3.1.1
- From: Apple Product Security
- APPLE-SA-2016-12-12-3 tvOS 10.1
- From: Apple Product Security
- APPLE-SA-2016-12-12-1 iOS 10.2
- From: Apple Product Security
- [SECURITY] CVE-2016-8745 Apache Tomcat Information Disclosure
- [SECURITY] [DSA 3730-1] icedove security update
- From: Salvatore Bonaccorso
- MSIE 9 MSHTML CElement::HasFlag memory corruption
- Symantec VIP Access Desktop Arbitrary DLL Execution
- AST-2016-009: <br>
- From: Asterisk Security Team
- AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
- From: Asterisk Security Team
- CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details
- [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information
- Microsoft Remote Desktop Client for Mac Remote Code Execution
- [ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security
- CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC
- Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption
- CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
- Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
- Microsoft Windows Media Center "ehshell.exe" XML External Entity
- [slackware-security] mozilla-firefox (SSA:2016-336-01)
- From: Slackware Security Team
- [security bulletin] HPSBUX03665 rev.3 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS), URL Redirection
- [security bulletin] HPSBGN03680 rev.1 - HPE Propel, Local Denial of Service (DoS), Escalation of Privilege
- [security bulletin] HPSBGN03677 rev.1 - HPE Network Automation using RPCServlet and Java Deserialization, Remote Code Execution
- [FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues
- [security bulletin] HPSBHF03682 rev.1 - HPE Comware 7 Network Products using SSL/TLS, Local Gain Privileged Access
- [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler
- From: RedTeam Pentesting GmbH
- XSS in tooltip plugin of Zurb Foundation 5
- Google Chrome Accessibility blink::Node corruption details
- SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3725-1] icu security update
- Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
- WorldCIST'2017 - Submission deadline: November 30
- CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability
- From: Apache OpenOffice Security
- Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic
- Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic
- [SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update
- From: Salvatore Bonaccorso
- WorldCIST'17 - Submission deadline: November 27
- [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
- From: gerhard . klostermeier
- [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
- [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
- From: gerhard . klostermeier
- [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
- From: gerhard . klostermeier
- [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
- [security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
- CVE-2015-1251: Chrome blink SpeechRecognitionController use-after-free details
- [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
- [SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
- [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities
- From: CORE Advisories Team
- CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details
- Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1
- [SECURITY] [DSA 3719-1] wireshark security update
- [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component
- Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)
- [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
- [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
- [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
- [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
- Multiple issues in OpManager 12100 & 12200
- [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS)
- Putty Cleartext Password Storage
- Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
- Cross-Site Scripting in Check Email WordPress Plugin
- Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
- [slackware-security] mozilla-firefox (SSA:2016-323-01)
- From: Slackware Security Team
- CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details
- Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability
- [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET
- [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability
- Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
- [SECURITY] [DSA 3716-1] firefox-esr security update
- [security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS)
- CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details
- [security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information
- Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
- Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset
- CVE-2016-4484: - Cryptsetup Initrd root Shell
- [security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
- [security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
- Multiple vulnerabilities in Barco Clickshare
- SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2
- From: SEC Consult Vulnerability Lab
- CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details
- WHM Panel Mail Delivery Reports crash database Vulnerability
- [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE
- WHM Panel Mail Delivery Reports crash database Vulnerability
- CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart
- [SECURITY] [DSA 3711-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability
- CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser
- Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability
- Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability
- WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
- Blind SQL Injection Vulnerability in Exponent CMS 2.4.0
- MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details
- [SECURITY] [DSA 3709-1] libxslt security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution
- URL Redirection Vulnerability In Verint Impact 360
- Cross-Site Scripting in Calendar WordPress Plugin
- Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
- Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
- Cross Site Scripting Vulnerability In Verint Impact 360
- [SECURITY] [DSA 3707-1] openjdk-7 security update
- [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
- [security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution
- Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability
- Faraznet Cms Cross-Site Scripting Vulnerability
- Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability
- Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability
- Faraznet Cms Cross-Site Scripting Vulnerability
- WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
- Axessh 4.2.2 Denial Of Service
- Rapid PHP Editor CSRF Remote Command Execution
- [security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting
- [security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution
- KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
- From: KoreLogic Disclosures
- KL-001-2016-008 : Sophos Web Appliance Privilege Escalation
- From: KoreLogic Disclosures
- MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
- [security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
- Axessh 4.2.2 Denial Of Service
- [security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS)
- Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
- [slackware-security] php (SSA:2016-305-04)
- From: Slackware Security Team
- [slackware-security] mariadb (SSA:2016-305-03)
- From: Slackware Security Team
- [slackware-security] x11 (SSA:2016-305-02)
- From: Slackware Security Team
- CfP and Special Session :: CyberSec2017
- OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())
- [HITB-Announce] HITB2017AMS CFP
- October 2016 - Crowd - Critical Security Advisory
- [SECURITY] [DSA 3691-2] ghostscript regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3701-2] nginx regression update
- From: Salvatore Bonaccorso
- APPLE-SA-2016-10-27-3 iTunes 12.5.2 for Windows
- From: Apple Product Security
- [security bulletin] HPSBMU03653 rev.1 - HPE System Management Homepage (SMH), Remote Arbitrary Code Execution, Cross-Site Scripting (XSS), Denial of Service (DoS), Unauthorized Disclosure of Information
- [security bulletin] HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
- [SECURITY] [DSA 3700-1] asterisk security update
- [SECURITY] [DSA 3701-1] nginx security update
- FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
- From: FreeBSD Security Advisories
- CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path
- wincvs-2.0.2.4 Privilege Escalation
- APPLE-SA-2016-10-24-3 Safari 10.0.1
- From: Apple Product Security
- [SECURITY] [DSA 3698-1] php5 security update
- From: Salvatore Bonaccorso
- Puppet Enterprise Web Interface Authentication Redirect
- Puppet Enterprise Web Interface User Enumeration
- Puppet Enterprise Web Interface Authentication Redirect
- Oracle Netbeans IDE v8.1 Import Directory Traversal
- ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
- From: EMC Product Security Response Center
- Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update
- [CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability
- Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
- [security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution
- Cisco Security Advisory: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3695-1] quagga security update
- [SECURITY] [DSA 3694-1] tor security update
- [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability
- [SECURITY] [DSA 3693-1] libgd2 security update
- Evernote for Windows DLL Loading Remote Code Execution Vulnerability
- [security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information
- Snort v2.9.7.0-WIN32 DLL Hijack
- ZendStudio IDE v13.5.1 Privilege Escalation
- Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Multiple Vulnerabilities in Plone CMS
- [security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities
- Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
- Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities
- From: admin@xxxxxxxxxxxxxxxxx
- [SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities
- SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT)
- From: SEC Consult Vulnerability Lab
- [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
- [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
- Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348]
- From: Nightwatch Cybersecurity Research
- [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
- [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
- September 2016 - HipChat Plugin for various products - Critical Security Advisory
- KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
- From: KoreLogic Disclosures
- KL-001-2016-004 : Cisco Firepower Threat Management Console Authenticated Denial of Service
- From: KoreLogic Disclosures
- [SECURITY] [DSA 3688-1] nss security update
- [SECURITY] [DSA 3687-1] nspr security update
- [security bulletin] HPSBGN03639 rev.1 - HPE KeyView, Remote Code Execution
- Cisco Security Advisory: Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability
- Clean Master v1.0 - Unquoted Path Privilege Escalation
- ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities
- From: EMC Product Security Response Center
- ESA-2016-063: EMC Replication Manager and Network Module for Microsoft Remote Code Execution Vulnerability
- From: EMC Product Security Response Center
- Serimux SSH Console Switch v2.4 - Multiple Cross Site Vulnerabilities
- AuraDVD Ripper Professional v1.6.3 - DLL Hijacking Exploit
- TeempIp XSS Cookie Theft
- [SECURITY] [DSA 3684-1] libdbd-mysql-perl security update
- [SECURITY] [DSA 3681-2] wordpress regression update
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
- Multiple exposures in Sophos UTM
- [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)
- Re: CVE-2016-5019: MyFaces Trinidad view state deserialization security vulnerability
- Persistent XSS in Abus Security Center - CVSS 8.0
- [security bulletin] HPSBGN03650 rev.1 - HPE Network Automation Software, Local Arbitrary File Modification
- Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Memory Leak Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Multicast Routing Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS XE Software NAT Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software AAA Login Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [REVIVE-SA-2016-002] Revive Adserver - Multiple vulnerabilities
- Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE ...)
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
- From: Cisco Systems Product Security Incident Response Team
- [slackware-security] bind (SSA:2016-271-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3680-1] bind9 security update
- ESA-2016-127: EMC ViPR SRM Stored Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center
- [SECURITY] [DSA 3679-1] jackrabbit security update
- [security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)
- [security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities
- [security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3678-1] python-django security update
- [slackware-security] openssl (SSA:2016-270-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)
- OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)
- [slackware-security] php (SSA:2016-267-01)
- From: Slackware Security Team
- ESA-2016-097: RSA Identity Governance and Lifecycle Information Disclosure Vulnerability
- From: EMC Product Security Response Center
- Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium
- [SECURITY] [DSA 3674-1] firefox-esr security update
- [SECURITY] [DSA 3673-1] openssl security update
- Fwd: BT Wifi Extenders - Cross Site Scripting leading to disclosure of PSK
- IE11 is not following CORS specification for local files
- From: Ricardo Iramar dos Santos
- [slackware-security] irssi (SSA:2016-265-03)
- From: Slackware Security Team
- [security bulletin] HPSBHF03646 rev.1 - HPE Comware 7 (CW7) Network Products running NTP, Multiple Remote Vulnerabilities
- Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
- From: Larry W. Cashdollar
- [security bulletin] HPSBGN03645 rev.2 - HPE Helion OpenStack Glance, Remote Access Restriction Bypass, Unauthorized Access
- [slackware-security] pidgin (SSA:2016-265-01)
- From: Slackware Security Team
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
