Bugtraq
[Prev Page][Next Page]
- [SECURITY] [DSA 3672-1] irssi security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Cloud Services Platform 2100 Command Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2016-09-20-6 tvOS 10
- From: Apple Product Security
- APPLE-SA-2016-09-20-5 watchOS 3
- From: Apple Product Security
- APPLE-SA-2016-09-20-4 macOS Server 5.2
- From: Apple Product Security
- APPLE-SA-2016-09-20-3 iOS 10
- From: Apple Product Security
- APPLE-SA-2016-09-20-2 Safari 10
- From: Apple Product Security
- ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities
- From: EMC Product Security Response Center
- Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer)
- [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell
- [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell
- [slackware-security] curl (SSA:2016-259-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3669-1] tomcat7 security update
- ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities
- From: EMC Product Security Response Center
- Cisco EPC 3925 Multiple Vulnerabilities
- Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936]
- APPLE-SA-2016-09-14-1 iOS 10.0.1
- From: Apple Product Security
- [SECURITY] [DSA 3666-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass
- [security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure
- ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability
- From: EMC Product Security Response Center
- ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities
- From: EMC Product Security Response Center
- [ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released
- Multiple DoS vulnerabilities in libosip2-4.1.0
- Open-Xchange Security Advisory 2016-09-13 (2)
- Open-Xchange Security Advisory 2016-09-13
- AST-2016-007: RTP Resource Exhaustion
- From: Asterisk Security Team
- [slackware-security] php (SSA:2016-252-01)
- From: Slackware Security Team
- PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability
- Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability
- CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability
- CVE-2016-6920 ffmpeg exr file Heap Overflow
- Infoblox Cross-site scripting vulnerabilities
- [CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting
- [SECURITY] [DSA 3661-1] charybdis security update
- Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation
- [SECURITY] [DSA 3659-1] linux security update
- From: Salvatore Bonaccorso
- Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB
- FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability
- Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS)
- [security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information
- [slackware-security] kernel (SSA:2016-242-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information
- Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
- [SECURITY] [DSA 3654-1] quagga security update
- Necroscan <= v0.9.1 Buffer Overflow
- [SECURITY] [DSA 3652-1] imagemagick security update
- APPLE-SA-2016-08-25-1 iOS 9.3.5
- From: Apple Product Security
- SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
- From: SEC Consult Vulnerability Lab
- WebKitGTK+ Security Advisory WSA-2016-0005
- From: Carlos Alberto Lopez Perez
- nullcon 8-bit Call for Papers is open
- [slackware-security] gnupg (SSA:2016-236-01)
- From: Slackware Security Team
- [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
- Path traversal vulnerability in WordPress Core Ajax handlers
- Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client
- [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-054] QNAP QTS - OS Command Injection
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-055] QNAP QTS - OS Command Injection
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting
- [SYSS-2016-054] QNAP QTS - OS Command Injection
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite
- [SYSS-2016-052] QNAP QTS - OS Command Injection
- Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access
- [SECURITY] [DSA 3650-1] libgcrypt20 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3649-1] gnupg security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79)
- [ERPSCAN-16-023] Potential backdoor via hardcoded system ID
- [ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials
- Lepton CMS PHP Code Injection
- Lepton CMS Archive Directory Traversal
- [security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities
- [security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution
- [security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information
- Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
- Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
- Cross-Site Scripting in Link Library WordPress Plugin
- Ajax Load More Local File Inclusion vulnerability
- Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin
- Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
- Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
- Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries
- Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass
- PayPal Inc BB #127 - 2FA Bypass Vulnerability
- Stash v1.0.3 CMS - SQL Injection Vulnerability
- Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70
- Linksys E2500 and E1200 (Unauth Command Injection)
- Linksys E1200 and E2500 (Missing authorization on parental control)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- WSO2-CARBON v4.4.5 CSRF / DOS
- WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT
- WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION
- WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity
- [SECURITY] [DSA 3648-1] wireshark security update
- [security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
- [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
- [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
- [SECURITY] [DSA 3647-1] icedove security update
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- [SECURITY] [DSA 3646-1] postgresql-9.4 security update
- From: Salvatore Bonaccorso
- Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)
- QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability
- Microsoft Education - Stored Cross Site Web Vulnerability
- [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities
- From: CORE Advisories Team
- Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Internet Explorer iframe sandbox local file name disclosure vulnerability
- Nagios NA v2.2.1 XSS
- Notepad++6.9.2 DLL Hijacking Vulnerability
- Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin
- Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities
- FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability
- Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability
- AirSnort v0.2.7 Stack Corruption DOS
- Any Video Converter DLL Hijack
- Nagios Network Analyzer v2.2.1 Multiple CSRF
- [SECURITY] [DSA 3645-1] chromium-browser security update
- [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
- ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability
- [SECURITY] [DSA 3644-1] fontconfig security update
- From: Salvatore Bonaccorso
- phpCollab v2.5 CMS - SQL Injection Vulnerability
- vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)
- [slackware-security] openssh (SSA:2016-219-03)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2016-219-01)
- From: Slackware Security Team
- [slackware-security] stunnel (SSA:2016-219-04)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2016-219-02)
- From: Slackware Security Team
- [SECURITY] [DSA 3643-1] kde4libs security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3642-1] lighttpd security update
- Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability
- DLL side loading vulnerability in VMware Host Guest Client Redirector
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)
- FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities
- Subrion v4.0.5 CMS - SQL Injection Vulnerability
- Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability
- [0day] net2ftp multiple XSS on unauthenticated users
- Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin
- Cross-Site Scripting in Count per Day WordPress Plugin
- Cross-Site Scripting in FormBuilder WordPress Plugin
- Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
- Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3641-1] openjdk-7 security update
- [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection
- FortiManager (Series) - (Bookmark) Persistent Vulnerability
- FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability
- Cross-Site Scripting in WordPress Landing Pages Plugin
- Cross-Site Scripting in Activity Log WordPress Plugin
- Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin
- [SECURITY] [DSA 3640-1] firefox-esr security update
- Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability
- [security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF)
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3639-1] wordpress security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3638-1] curl security update
- WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5
- Arbitrary File Content Disclosure in Atutor
- From: High-Tech Bridge Security Research
- Cross-Site Scripting in WangGuard WordPress Plugin
- Cross-Site Scripting in Uji Countdown WordPress Plugin
- WinSaber - Unquoted Service Path Privilege Escalation
- Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability
- Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability
- FortiManager (Series) - Multiple Web Vulnerabilities
- [security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution
- [security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information
- [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c
- Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
- Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
- Cross-Site Scripting in Contact Bank WordPress Plugin
- SQL injection vulnerability in Booking Calendar WordPress Plugin
- Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
- [SECURITY] [DSA 3637-1] chromium-browser security update
- Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA
- Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin
- Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP
- Huawei eSpace IAD Remote Information Disclosure Vulnerability
- [SECURITY] [DSA 3634-1] redis security update
- [SECURITY] [DSA 3636-1] collectd security update
- Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492)
- [SECURITY] [DSA 3635-1] libdbd-mysql-perl security update
- From: Salvatore Bonaccorso
- CVE-2016-5672: Intel Crosswalk SSL Prompt Issue
- [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability
- [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
- [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks
- [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability
- [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
- [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks
- [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345)
- [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks
- [SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
- [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability
- [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks
- [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks
- ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities
- [S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting
- From: S21sec Vulnerability Research
- Vicon Network Cameras - Authentication Bypass
- Saveya Bounty #1 - Bypass & Persistent Vulnerability
- Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities
- Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability
- Zortam Media Studio 20.60 - Buffer Overflow Vulnerability
- [SECURITY] [DSA 3633-1] xen security update
- CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal
- From: Grebovich, Dragan (Dragan)
- [SECURITY] [DSA 3632-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
- From: Wick, Ryan (US - Chicago)
- VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
- VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability
- DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability
- Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability
- [SECURITY] [DSA 3631-1] php5 security update
- [SECURITY] [DSA 3630-1] libgd2 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS)
- Silurus Classifieds XSS Vulnerability
- Cross-Site Scripting vulnerability in ColorWay WordPress Theme
- Dropbox 6.4.14 DLL Hijacking Vulnerability
- Huawei ISM Professional XSS Vulnerability
- Crashing Browsers Remotely via Insecure Search Suggestions
- MySQL 0days followup (CVE-2016-3477) CVSS 8.1
- July 2016 - Bamboo Server - Critical Security Advisory
- [SECURITY] [DSA 3629-1] ntp security update
- [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
- Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability
- Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3628-1] perl security update
- From: Salvatore Bonaccorso
- XSS and SQLi in huge IT gallery v1.1.5 for Joomla
- From: Larry W. Cashdollar
- SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3627-1] phpmyadmin security update
- Cross-Site Scripting in Code Snippets WordPress Plugin
- Cross-Site Scripting in Contact Form to Email WordPress Plugin
- Neoscreen v4.5 Cross-site scripting
- Neoscreen v4.5 Blind SQL injection
- Neoscreen v4.5 Authentication bypass
- [SECURITY] [DSA 3626-1] openssh security update
- From: Salvatore Bonaccorso
- Autobahn|Python Insecure allowedOrigins validation >= 0.14.1
- Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
- Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
- [slackware-security] bind (SSA:2016-204-01)
- From: Slackware Security Team
- CA20160721-01: Security Notice for CA eHealth
- [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example
- MySQL zero-day vulnerabilities (July 2016 CPU)
- [SECURITY] [DSA 3625-1] squid3 security update
- Dreammail 5 mail client XSS Vulnerability
- [slackware-security] gimp (SSA:2016-203-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-203-02)
- From: Slackware Security Team
- [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)
- MySQL zero-day vulnerabilities (July 2016 CPU)
- [SECURITY] [DSA 3624-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- CVE-2016-5399: php: out-of-bounds write in bzread()
- From: Hans Jerry Illikainen
- Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)
- Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin
- Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SEARCH-LAB advisory] UPC Hungary network problems
- [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities
- [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities
- [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities
- [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
- [SECURITY] [DSA 3623-1] apache2 security update
- From: Salvatore Bonaccorso
- CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
- Multiple SQL injection vulnerabilities in WordPress Video Player
- Cross-Site Request Forgery in Icegram WordPress Plugin
- Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin
- Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
- Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)
- APPLE-SA-2016-07-18-6 iTunes 12.4.2
- From: Apple Product Security
- APPLE-SA-2016-07-18-5 Safari 9.1.2
- From: Apple Product Security
- APPLE-SA-2016-07-18-4 tvOS 9.2.2
- From: Apple Product Security
- APPLE-SA-2016-07-18-3 watchOS 2.2.2
- From: Apple Product Security
- APPLE-SA-2016-07-18-2 iOS 9.3.3
- From: Apple Product Security
- APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
- From: Apple Product Security
- [SECURITY] [DSA 3622-1] python-django security update
- From: Salvatore Bonaccorso
- [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
- [SECURITY] [DSA 3621-1] mysql-connector-java security update
- From: Salvatore Bonaccorso
- [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
- Multiple vulns in Vodafone EasyBox 804
- [SECURITY] [DSA 3620-1] pidgin security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3619-1] libgd2 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
- [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability
- [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability
- [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability
- Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
- Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin
- Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress
- Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
- Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Open-Xchange Security Advisory 2016-07-13
- missing input validation in pmount: arbitrary mount as non-root
- [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
- Easy Forms for MailChimp Local File Inclusion vulnerability
- WP Fastest Cache Member Local File Inclusion vulnerability
- Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
- Cross-Site Scripting vulnerability in Email Users WordPress Plugin
- Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
- [security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code
- Persistent Cross-Site Scripting in WordPress Activity Log plugin
- [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting
- [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries
- Persistent Cross-Site Scripting in WP Live Chat Support plugin
- Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
- BMW - (Token) Client Side Cross Site Scripting Vulnerability
- BMW ConnectedDrive - (Update) VIN Session Vulnerability
- Microsoft Process Kill Utility "kill.exe" Buffer Overflow
- Microsoft WinDbg logviewer.exe Buffer Overflow DOS
- [slackware-security] samba (SSA:2016-189-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information
- [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs]
- From: Dirk-Willem van Gulik
- Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648)
- [SECURITY] [DSA 3617-1] horizon security update
- Re: Putty (beta 0.67) DLL Hijacking Vulnerability
- ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability
- Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability
- Teampass 2.1.26 - Authenticated File Upload Vulnerability
- IBM BlueMix Cloud - (API) Persistent Web Vulnerability
- [security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs]
- From: Dirk-Willem van Gulik
- [slackware-security] mozilla-thunderbird (SSA:2016-187-01)
- From: Slackware Security Team
- Putty (beta 0.67) DLL Hijacking Vulnerability
- Apple Safari for Mac OS X SVG local XXE
- Syslog Server "npriority" field remote Denial of Service vulnerability
- [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c
- OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability
- KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability
- [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c
- [SECURITY] [DSA 3616-1] linux security update
- From: Salvatore Bonaccorso
- WebCalendar v1.2.7 CSRF Protection Bypass
- WebCalendar v1.2.7 CSRF Protection Bypass
- WebCalendar v1.2.7 CSRF Protection Bypass
- HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation
- WebCalendar v1.2.7 PHP Code Injection
- [FD]CVE ID request : SQL injection in 24Online Client
- [SECURITY] [DSA 3614-1] tomcat7 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3615-1] wireshark security update
- [SECURITY] [DSA 3613-1] libvirt security update
- From: Salvatore Bonaccorso
- [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage
- [security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information
- [SECURITY] [DSA 3612-1] gimp security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam
- KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
- From: KoreLogic Disclosures
- Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
- Logic security flaw in TP-LINK - tplinklogin.net
- [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c
- [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c
- CA20160627-01: Security Notice for Release Automation
- [SECURITY] [DSA 3611-1] libcommons-fileupload-java security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3610-1] xerces-c security update
- From: Salvatore Bonaccorso
- BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs
- From: Blue Frost Security Research Lab
- [SECURITY] [DSA 3608-1] libreoffice security update
- [SECURITY] [DSA 3609-1] tomcat8 security update
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD
- Symantec SEPM v12.1 Multiple Vulnerabilities
- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution
- From: KoreLogic Disclosures
- [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
- [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
- [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
- Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities
- Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability
- Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability
- Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability
- [SECURITY] [DSA 3607-1] linux security update
- From: Salvatore Bonaccorso
- Craft CMS affected by server side template injection
- BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability
- [fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection
- MyLittleForum v2.3.5 PHP Command Injection
- [slackware-security] php (SSA:2016-176-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3606-1] libpdfbox security update
- #146416 Ruby:HTTP Header injection in 'net/http'
- SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure
- From: SEC Consult Vulnerability Lab
- [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
- [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
- [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
- [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
- ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability
- Open-Xchange Security Advisory 2016-06-22
- [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability
- Magic values in 32-bit processes on 64-bit OS-es and how to exploit them
- [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability
- [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities
- [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability
- [slackware-security] pcre (SSA:2016-172-02)
- From: Slackware Security Team
- [slackware-security] libarchive (SSA:2016-172-01)
- From: Slackware Security Team
- APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7
- From: Apple Product Security
- Symphony CMS v2.6.7 Session Fixation
- [SECURITY] [DSA 3605-1] libxslt security update
- From: Salvatore Bonaccorso
- sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS
- CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion
- [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability
- [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability
- [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability
- [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player
- [FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense
- User enumeration in Skype for Business 2013
- [SECURITY] [DSA 3604-1] drupal7 security update
- [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information
- [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties
- Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)
- [MWR-2016-0002] DDN Default SSH Keys
- [MWR-2016-0001] DDN Insecure Update Mechanism
- Microsoft Visio multiple DLL side loading vulnerabilities
- Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- BookingWizz < 5.5 Multiple Vulnerability
- FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
- Joomla com_enmasse - SQL Injection
- NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue
- From: VMware Security Response Center
- [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers
- [SECURITY] [DSA 3603-1] libav security update
- Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability
- [SECURITY] [DSA 3602-1] php5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3601-1] icedove security update
- Oracle Orakill.exe Buffer Overflow
- ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability
- CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability
- FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability
- OpenWRT: swconfig infrastructure fails to check permissions
- ESA-2016-062: EMC Data Domain Multiple Vulnerabilities
- [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update
- SimpleSAMLphp Link Injection
- [SECURITY] [DSA 3599-1] p7zip security update
- From: Salvatore Bonaccorso
- CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability
- ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability
- ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability
- [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities
- [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities
- [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery
- [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands
- Cisco EPC 3928 Multiple Vulnerabilities
- [SECURITY] [DSA 3598-1] vlc security update
- [security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information
- [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon
- [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information
- [CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection
- [SECURITY] [DSA 3597-1] expat security update
- Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability
- Microsoft Education - Code Execution Vulnerability
- Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability
- Mapbox (API) - Filter Bypass & Persistent Vulnerability
- [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access
- [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution
- [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion
- [SECURITY] [DSA 3596-1] spice security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3595-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3548-3] samba regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3594-1] chromium-browser security update
- FreeBSD Security Advisory FreeBSD-SA-16:24.ntp
- From: FreeBSD Security Advisories
- [slackware-security] ntp (SSA:2016-155-01)
- From: Slackware Security Team
- [security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER
- [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access
- [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability
- Notilus v2012 R3 - SQL injection
- [SECURITY] [DSA 3593-1] libxml2 security update
- From: Salvatore Bonaccorso
- ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability
- Zoho OpManager < v12
- [security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)
- SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway
- From: SEC Consult Vulnerability Lab
- XML External Entity XXE vulnerability in OpenID component of Liferay
- [security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
- [security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3592-1] nginx security update
- Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS)
- [SECURITY] [DSA 3591-1] imagemagick security update
- AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS
- [SECURITY] [DSA 3590-1] chromium-browser security update
- FreeBSD Security Advisory FreeBSD-SA-16:20.linux
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd
- From: FreeBSD Security Advisories
- [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution
- From: RedTeam Pentesting GmbH
- [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow
- From: RedTeam Pentesting GmbH
- [RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor
- From: RedTeam Pentesting GmbH
- [slackware-security] mozilla-thunderbird (SSA:2016-152-02)
- From: Slackware Security Team
- [slackware-security] imagemagick (SSA:2016-152-01)
- From: Slackware Security Team
- [SECURITY] Lorex ECO DVR Hard coded password
- [SECURITY] [DSA 3589-1] gdk-pixbuf security update
- From: Salvatore Bonaccorso
- WebKitGTK+ Security Advisory WSA-2016-0004
- From: Carlos Alberto Lopez Perez
- [oCERT 2016-001] Jetty path sanitization issues
- [SECURITY] [DSA 3588-1] symfony security update
- Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router
- [slackware-security] php (SSA:2016-148-03)
- From: Slackware Security Team
- [slackware-security] libxslt (SSA:2016-148-02)
- From: Slackware Security Team
- [slackware-security] libxml2 (SSA:2016-148-01)
- From: Slackware Security Team
- [CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway
- [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass
- [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability
- [SECURITY] [DSA 3587-1] libgd2 security update
- From: Salvatore Bonaccorso
- [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability
- From: Andreas Lehmkuehler
- [CVE-2016-4434] Apache Tika XML External Entity vulnerability
- ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability
- [security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution
- [security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities
- [security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS)
- [security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities
- [security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities
- VMWare vSphere Web Client Flash XSS
- Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Open-Xchange Security Advisory 2016-05-25
- [slackware-security] libarchive (SSA:2016-145-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information
- MSA-2016-01: PowerFolder Remote Code Execution Vulnerability
- From: Advisories Advisories
- AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection
- [SECURITY] [DSA 3586-1] atheme-services security update
- [RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections
- [SECURITY] [DSA 3585-1] wireshark security update
- [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries
- [slackware-security] curl (SSA:2016-141-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution
- [SECURITY] [DSA 3584-1] librsvg security update
- From: Salvatore Bonaccorso
- [SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast
- [ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability
- [ERPSCAN-16-010] SAP NetWeaver AS JAVA – information disclosure vulnerability
- TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4
- [SECURITY] [DSA 3583-1] swift-plugin-s3 security update
- [security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information
- Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities
- [security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3582-1] expat security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd
- From: FreeBSD Security Advisories
- [security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information
- WSO2 SOA Enablement Server - Reflected Cross-Site Scripting
- [security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3581-1] libndp security update
- From: Salvatore Bonaccorso
- APPLE-SA-2016-05-16-6 iTunes 12.4
- From: Apple Product Security
- APPLE-SA-2016-05-16-5 Safari 9.1.1
- From: Apple Product Security
- APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003
- From: Apple Product Security
- APPLE-SA-2016-05-16-3 watchOS 2.2.1
- From: Apple Product Security
- APPLE-SA-2016-05-16-2 iOS 9.3.2
- From: Apple Product Security
- APPLE-SA-2016-05-16-1 tvOS 9.2.1
- From: Apple Product Security
- Security advisory for Bugzilla 5.0.3 and 4.4.12
- [SECURITY] [DSA 3580-1] imagemagick security update
- [ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet
- [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability
- [SECURITY] [DSA 3579-1] xerces-c security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3578-1] libidn security update
- [SECURITY] [DSA 3577-1] jansson security update
- dns_dhcp Web Interface SQL Injection
- eXtplorer v2.1.9 Archive Path Traversal
- [SECURITY] [DSA 3576-1] icedove security update
- [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities
- May 2016 - HipChat Server - Critical Security Advisory
- [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS)
- [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3575-1] libxstream-java security update
- [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS)
- [slackware-security] mozilla-thunderbird (SSA:2016-132-01)
- From: Slackware Security Team
- [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass
- [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification
- Re: [slackware-security] imagemagick (SSA:2016-132-01)
- [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities
- [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update
- [slackware-security] imagemagick (SSA:2016-132-01)
- From: Slackware Security Team
- BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities
- [security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure
- [security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
- [SECURITY] [DSA 3574-1] libarchive security update
- From: Salvatore Bonaccorso
- Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution
- Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability
- Stanford University - Multiple SQL Injection Vulnerabilities
- Notes v4.5 iOS - Arbitrary File Upload Vulnerability
- Skype Manager - (Email Change) Filter Bypass Vulnerability
- Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability
- [security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files
- [SECURITY] [DSA 3573-1] qemu security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3572-1] websvn security update
- From: Salvatore Bonaccorso
- WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS
- [SECURITY] [DSA 3571-1] ikiwiki security update
- Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection.
- ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection.
- Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities
- [security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3570-1] mercurial security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3569-1] openafs security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3568-1] libtasn1-6 security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-16:17.openssl
- From: FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
- From: Cisco Systems Product Security Incident Response Team
- ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities
- [SECURITY] [DSA 3567-1] libpam-sshauth security update
- From: Salvatore Bonaccorso
- APPLE-SA-2016-05-03-1 Xcode 7.3.1
- From: Apple Product Security
- Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning
- [slackware-security] openssl (SSA:2016-124-01)
- From: Slackware Security Team
- Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting
- LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability
- [SECURITY] [DSA 3566-1] openssl security update
- NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities
- CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
- From: Timo Juhani Lindfors
- [slackware-security] mercurial (SSA:2016-123-01)
- From: Slackware Security Team
- ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities
- [SECURITY] [DSA 3565-1] botan1.10 security update
- [SECURITY] [DSA 3564-1] chromium-browser security update
- [SECURITY] [DSA 3563-1] poppler security update
- [SECURITY] [DSA 3562-1] tardiff security update
- From: Salvatore Bonaccorso
- Exploit-DB Captcha Bypass
- [slackware-security] subversion (SSA:2016-121-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-120-02)
- From: Slackware Security Team
- [slackware-security] ntp (SSA:2016-120-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
- [SECURITY] [DSA 3561-1] subversion security update
- From: Salvatore Bonaccorso
- SQL Injection in GLPI
- From: High-Tech Bridge Security Research
- Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
- [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS)
- CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*
- From: Hans Jerry Illikainen
- [SECURITY] [DSA 3560-1] php5 security update
- From: Salvatore Bonaccorso
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
- Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability
- From: Mahmut Firuz Dumlupinar - Vendor
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
- CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS
- [SECURITY] [DSA 3559-1] iceweasel security update
- EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
- Oracle Discoverer Viewer BI - Open Redirect Vulnerability
- [slackware-security] mozilla-firefox (SSA:2016-117-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3558-1] openjdk-7 security update
- [SECURITY] [DSA 3557-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- Sophos XG Firewall (SF01V) - Persistent Web Vulnerability
- VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability
- Trend Micro (Account) - Email Spoofing Web Vulnerability
- [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS)
- Negin Group CMS - (v) Multiple Web Vulnerabilities
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
