Bugtraq
[Prev Page][Next Page]
- Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities
- UBNT Bug Bounty #2 - XML External Entity Vulnerability
- Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability
- C & C++ for OS - Filter Bypass & Persistent Vulnerability
- Telisca IPS Lock 2 Vulnerability
- [SECURITY] [DSA 3556-1] libgd2 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3555-1] imlib2 security update
- Unlimited Pop-Ups WordPress Plugin XSS Vulnerability
- CM-AD-Changer XSS Vulnerability
- Easy Social Share Buttons for WordPress XSS Vulnerability
- Google SEO Pressor Snippet Plugin XSS Vulnerability
- Echosign Plugin for WordPress XSS Vulnerability
- Tweet-wheel XSS Vulnerability
- Persian-woocommerce-sms XSS Vulnerability
- Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)
- From: david . vieira-kurz
- [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information
- [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
- SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator
- From: SEC Consult Vulnerability Lab
- SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3553-1] varnish security update
- [SECURITY] [DSA 3554-1] xen security update
- From: Salvatore Bonaccorso
- CVE-2016-3074: libgd: signedness vulnerability
- From: Hans Jerry Illikainen
- exploit CVE-2016-2203
- OpenTSDB RCE
- Webutler CMS 3.2 - Cross-Site Request Forgery
- Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- RCE via CSRF in phpMyFAQ
- From: High-Tech Bridge Security Research
- shell.com vulnerable TLS
- *.Shell.com Port 443 DROWN decryption attack
- PHPBack v1.3.0 SQL Injection
- [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information
- ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities
- Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1
- From: research@xxxxxxxxxx
- [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability
- [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
- [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution
- [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges
- CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030)
- [SECURITY] [DSA 3552-1] tomcat7 security update
- [SECURITY] [DSA 3551-1] fuseiso security update
- Ahrare Andeysheh Cms Multiple Vulnerabilities
- [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android
- [slackware-security] samba (SSA:2016-106-02)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2016-106-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3550-1] openssh security update
- Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability
- [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues
- [ERPSCAN-16-002] SAP HANA - log injection and no size restriction
- [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability
- [SECURITY] [DSA 3549-1] chromium-browser security update
- AST-2016-005: TCP denial of service in PJProject
- From: Asterisk Security Team
- AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk
- From: Asterisk Security Team
- NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin
- From: VMware Security Response Center
- ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability
- Securing Android Applications from Screen Capture
- Mybb Cms (private.php Page) Denial Of Service Vulnerability
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability
- [SECURITY] [DSA 3548-2] samba regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3548-1] samba security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Mybb Cms (create forum and edit) Cross-Site Script Vulnerability
- Webline CMS (2016Q2) - SQL Injection Vulnerability
- Vbulletin Cms (Sendmessage.php Page) 0Day Exploit
- [SE-2012-01] Yet another broken security fix in IBM Java 7/8
- From: Security Explorations
- CAM UnZip v5.1 Archive Directory Traversal
- .NET Framework 4.6 allows side loading of Windows API Set DLL
- Open redirect on Google.com
- Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability
- [SECURITY] [DSA 3485-2] didiwiki security update
- [SECURITY] [DSA 3547-1] imagemagick security update
- ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability
- Blind SQL injections in CivicRM
- From: Simon Waters (Surevine)
- [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0
- Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
- OpenCart json_decode function Remote PHP Code Execution
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking
- CSRF - MySQL / PHP.INI Hijacking
- WPN-XM Serverstack v0.8.6 XSS
- CVE-2016-2170: Apache OFBiz information disclosure vulnerability
- CVE-2015-3268: Apache OFBiz information disclosure vulnerability
- JAWS Weak Service Permissions leads to Privilege Escalation
- AccelSite Content Manager v1.0 - SQL Injection Vulnerability
- [SECURITY] [DSA 3546-1] optipng security update
- [SECURITY] [DSA 3545-1] cgit security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3544-1] python-django security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection
- Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability
- Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability
- Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities
- Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability
- Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability
- [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF)
- [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
- From: Hector Marco-Gisbert
- SQL Injection in SocialEngine
- From: High-Tech Bridge Security Research
- RE: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability
- [slackware-security] subversion (SSA:2016-097-01)
- From: Slackware Security Team
- op5 v7.1.9 Remote Command Execution
- CA20160405-01: Security Notice for CA API Gateway
- Re: [SE-2012-01] Broken security fix in IBM Java 7/8
- From: Security Explorations
- [SECURITY] [DSA 3543-1] oar security update
- [SECURITY] [DSA 3542-1] mercurial security update
- From: Salvatore Bonaccorso
- Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability
- [SECURITY] [DSA 3541-1] roundcube security update
- [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
- [slackware-security] mozilla-thunderbird (SSA:2016-095-01)
- From: Slackware Security Team
- Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit
- From: lists@xxxxxxxxxxxxxxxxxx
- ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability
- [SE-2012-01] Broken security fix in IBM Java 7/8
- From: Security Explorations
- CVE-2016-2191: optipng: invalid write
- From: Hans Jerry Illikainen
- ManageEngine Password Manager Pro Multiple Vulnerabilities
- FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability
- Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability
- Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability
- Bugcrowd CSV injection vulnerability
- [SECURITY] [DSA 3540-1] lhasa security update
- [SECURITY] [DSA 3539-1] srtp security update
- From: Salvatore Bonaccorso
- Open-Xchange Security Advisory 2016-04-02
- [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS)
- [slackware-security] mercurial (SSA:2016-092-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-092-02)
- From: Slackware Security Team
- [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
- [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files
- [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution
- [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files
- APPLE-SA-2016-03-31-1 iBooks Author 2.4.1
- From: Apple Product Security
- WebKitGTK+ Security Advisory WSA-2016-0003
- From: Carlos Alberto Lopez Perez
- Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability
- Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability
- Docker UI v0.10.0 - Multiple Persistent Vulnerabilities
- Dorsa Web CMS - Multiple SQL Injection Vulnerabilities
- Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities
- Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities
- WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities
- Hi Technology & Services CMS - SQL Injection Vulnerabilities
- Patron Info System - SQL Injection Vulnerability
- [SECURITY] [DSA 3538-1] libebml security update
- [SECURITY] [DSA 3537-1] imlib2 security update
- [SECURITY] [DSA 3536-1] libstruts1.2-java security update
- RE: Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability
- Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal
- Multiple Vulnerabilities in CubeCart
- From: High-Tech Bridge Security Research
- CVE-2016-2385 Kamailio SEAS module heap buffer overflow
- Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities
- [SECURITY] [DSA 3535-1] kamailio security update
- [security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information
- [SECURITY] [DSA 3534-1] dhcpcd security update
- From: Salvatore Bonaccorso
- Fireware XTM Web UI - Open Redirect
- [SECURITY] [DSA 3533-1] openvswitch security update
- From: Salvatore Bonaccorso
- BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)
- BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)
- Validation Bypass in C2Box application : CVE - 2015-4626
- [SECURITY] [DSA 3532-1] quagga security update
- From: Salvatore Bonaccorso
- TrendMicro DDI Cross Site Request Forgerys
- [SECURITY] [DSA 3531-1] chromum-browser security update
- [slackware-security] mozilla-thunderbird (SSA:2016-085-02)
- From: Slackware Security Team
- [slackware-security] libevent (SSA:2016-085-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3530-1] tomcat6 security update
- [CVE-2016-2163] Stored Cross Site Scripting in Event description
- [CVE-2016-2164] Arbitrary file read via SOAP API
- [CVE-2016-0783] Predictable password reset token
- [security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information
- [security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
- [SYSS-2016-016] innovaphone IP222 - Improper Input Validation
- [SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts
- [SYSS-2016-017] innovaphone IP222 - Improper Input Validation
- [SECURITY] [DSA 3527-1] inspircd security update
- XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section
- [SECURITY] [DSA 3529-1] redmine security update
- [SECURITY] [DSA 3528-1] pidgin-otr security update
- Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Hardcoded root password in Zyxel MAX3XX series Wimax CPEs
- CA20160323-01: Security Notice for CA Single Sign-On Web Agents
- CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported
- [SECURITY] [DSA 3526-1] libmatroska security update
- Remote Code Execution in DVR affecting over 70 different vendors
- [SECURITY] [DSA 3525-1] pixman security update
- From: Salvatore Bonaccorso
- [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2
- From: RedTeam Pentesting GmbH
- APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
- From: Apple Product Security
- APPLE-SA-2016-03-21-6 Safari 9.1
- From: Apple Product Security
- APPLE-SA-2016-03-21-3 tvOS 9.2
- From: Apple Product Security
- APPLE-SA-2016-03-21-7 OS X Server 5.1
- From: Apple Product Security
- APPLE-SA-2016-03-21-4 Xcode 7.3
- From: Apple Product Security
- APPLE-SA-2016-03-21-2 watchOS 2.2
- From: Apple Product Security
- APPLE-SA-2016-03-21-1 iOS 9.3
- From: Apple Product Security
- [security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
- [security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution
- [security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- AbsoluteTelnet 10.14 DLL Hijack Code Exec
- [SECURITY] [DSA 3524-1] activemq security update
- [SECURITY] [DSA 3523-1] iceweasel security update
- [SECURITY] [DSA 3522-1] squid3 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3521-1] git security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass
- [SECURITY] [DSA 3520-1] icedove security update
- SQL Injection and RCE in WebsiteBaker
- From: High-Tech Bridge Security Research
- Admin Password Reset & RCE via CSRF in Dating Pro
- From: High-Tech Bridge Security Research
- Remote Code Execution via CSRF in iTop
- From: High-Tech Bridge Security Research
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
- Xoops 2.5.7.2 Directory Traversal Bypass
- Xoops 2.5.7.2 CSRF - Arbitrary User Deletions
- [slackware-security] mozilla-firefox (SSA:2016-077-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3519-1] xen security update
- [CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability
- Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
- CVE-2016-1520: GrandStream Android VoIP App Update Redirection
- CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability
- CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability
- Multiple (persistent) XSS in ProjectSend
- FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:14.openssh
- From: FreeBSD Security Advisories
- Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
- [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
- From: CORE Advisories Team
- [security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information
- [SECURITY] [DSA 3518-1] spip security update
- Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS
- [slackware-security] seamonkey (SSA:2016-075-02)
- From: Slackware Security Team
- [slackware-security] git (SSA:2016-075-01)
- From: Slackware Security Team
- [ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
- [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution
- Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
- Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
- Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
- Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
- Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences
- Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference
- Re: OS-S 2016-08 Linux mct_u232 Nullpointer Dereference
- Re: OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference
- Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
- [security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information
- [security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information
- Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability
- Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability
- ChitaSoft (Web-Application) - SQL Injection Vulnerability
- Reflected Cross-Site Scripiting in CuteEditor
- ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability
- Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
- Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
- Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
- Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
- [SECURITY] [DSA 3516-1] wireshark security update
- [SECURITY] [DSA 3515-1] graphite2 security update
- Soundy Background Music XSS Vulnerability
- [SECURITY] [DSA 3514-1] samba security update
- From: Salvatore Bonaccorso
- Microsoft Edge CDOMTextNode::get_data type confusion
- WebKitGTK+ Security Advisory WSA-2016-0002
- From: Carlos Alberto Lopez Perez
- DW Question Answer Stored XSS Vulnerability
- [slackware-security] openssh (SSA:2016-070-01)
- From: Slackware Security Team
- oss-2016-18: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
- oss-2016-17: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
- oss-2016-16: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)
- oss-2016-15: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
- oss-2016-14: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver)
- oss-2016-13: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
- [SECURITY] [DSA 3513-1] chromium-browser security update
- [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking
- From: Christopher Shannon
- [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
- From: Christopher Shannon
- FreeBSD Security Advisory FreeBSD-SA-16:12.openssl
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:13.bind
- From: FreeBSD Security Advisories
- [slackware-security] mozilla-nss (SSA:2016-069-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2016-069-01)
- From: Slackware Security Team
- [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9
- From: Security Explorations
- [SECURITY] [DSA 3512-1] libotr security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3511-1] bind9 security update
- [CORE-2016-0003] - Samsung SW Update Tool MiTM
- From: CORE Advisories Team
- [SECURITY] [DSA 3509-1] rails security update
- [SECURITY] [DSA 3510-1] iceweasel security update
- Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [CORE-2016-0004] - SAP Download Manager Password Weak Encryption
- From: CORE Advisories Team
- Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
- From: X41 D-Sec GmbH Advisories
- [SECURITY] [DSA 3509-1] rails security update
- [SECURITY] [DSA 3509-1] rails security update
- Re: Windows Mail Find People DLL side loading vulnerability
- Cisco Security Advisory: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Re: Windows Mail Find People DLL side loading vulnerability
- OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference
- OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences
- OS-S 2016-10 Linux visor (treo_attach) Nullpointer Dereference CVE-2016-2782
- OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566
- OS-S 2016-08 Linux mct_u232 Nullpointer Dereference
- Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
- OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference
- OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
- OS-S 2016-05 Linux aiptek Nullpointer Dereference CVE-2015-7515
- LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities
- Thomson TWG850 Wireless Router Multiple Vulnerabilities
- [slackware-security] mozilla-firefox (SSA:2016-068-01)
- From: Slackware Security Team
- [slackware-security] samba (SSA:2016-068-02)
- From: Slackware Security Team
- Windows Mail Find People DLL side loading vulnerability
- [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS)
- Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
- [slackware-security] php (SSA:2016-067-01)
- From: Slackware Security Team
- ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability
- Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
- Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
- Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
- [SECURITY] [DSA 3508-1] jasper security update
- From: Salvatore Bonaccorso
- Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager
- [SECURITY] [DSA 3507-1] chromium-browser security update
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
- McAfee VirusScan Enterprise security restrictions bypass
- [SECURITY] [DSA 3504-1] bsh security update
- [SECURITY] [DSA 3505-1] wireshark security update
- [SECURITY] [DSA 3506-1] libav security update
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
- From: erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
- From: erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED)
- From: erlijn . vangenuchten
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
- From: erlijn . vangenuchten
- [SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service
- [security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information
- [security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service
- [security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information
- [SECURITY] [DSA 3503-1] linux security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3426-2] ctdb regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3502-1] roundup security update
- [slackware-security] mailx (SSA:2016-062-01)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2016-062-02)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-062-03)
- From: Slackware Security Team
- WordPress Bulk Delete Plugin [Privilege Escalation]
- [security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges
- Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability
- Open-Xchange Security Advisory 2016-03-02
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities
- [security bulletin] HPSBHF03545 rev. 1 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities
- [security bulletin] HPSBGN03442 rev.1 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- Vivint Sky Control Panel Unauthenticated Access Vulnerability
- [SECURITY] [DSA 3501-1] perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3500-1] openssl security update
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege
- [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in
- WordPress plugin GravityForms Cross-site Scripting vulnerability
- Microsoft PowerPointViewer Code Execution
- [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS)
- [SYSS-2015-069] perfact::mpa - Insecure Direct Object References
- [SYSS-2015-067] perfact::mpa - Insecure Direct Object References
- [SYSS-2015-066] perfact::mpa - Cross-Site Scripting
- [SYSS-2015-070] perfact::mpa - Cross-Site Scripting
- [SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery
- [SYSS-2015-072] perfact::mpa - Insecure Direct Object References
- [SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site
- Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability
- WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability
- [SECURITY] [DSA 3495-1] xymon security update
- [SECURITY] [DSA 3498-1] drupal7 security advisory
- [SECURITY] [DSA 3499-1] pillow security update
- [SECURITY] [DSA 3496-1] php-horde-core security update
- From: Salvatore Bonaccorso
- Call For Papers - CISTI 2016 Workshops - Deadline March 15
- [SECURITY] [DSA 3497-1] php-horde security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3494-1] cacti security update
- From: Salvatore Bonaccorso
- Re: Symantec EP DOS
- [slackware-security] libssh (SSA:2016-057-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
- RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
- From: Shivaprasad Sadashivappa
- Zimbra Cross-Site Scripting vulnerabilities
- WordPress plugin wp-ultimate-exporter SQL injection vulnerability
- APPLE-SA-2016-02-25-1 Apple TV 7.2.1
- From: Apple Product Security
- [SECURITY] [DSA 3492-1] gajim security update
- [SECURITY] [DSA 3493-1] xerces-c security update
- From: Salvatore Bonaccorso
- CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
- [SECURITY] [DSA 3491-1] icedove security update
- JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities
- WordPress User Submitted Posts Plugin [Persistent XSS]
- [SECURITY] [DSA 3490-1] websvn security update
- Belkin N150 Router Multiple XSS Vulnerability
- Import Woocommerce XSS Vulnerability
- WP Ultimate Exporter XSS Vulnerability
- WP Advanced Importer XSS Vulnerability
- CSV Import XSS Vulnerability
- eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
- Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
- Extra User Details [Privilege Escalation]
- [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability
- [slackware-security] ntp (SSA:2016-054-04)
- From: Slackware Security Team
- [slackware-security] libgcrypt (SSA:2016-054-03)
- From: Slackware Security Team
- [slackware-security] glibc (SSA:2016-054-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2016-054-01)
- From: Slackware Security Team
- Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass
- [SECURITY] [DSA 3489-1] lighttpd security update
- [SECURITY] [DSA 3488-1] libssh security update
- From: Salvatore Bonaccorso
- CSNC-2016-001 - XSS in OpenAM
- CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM)
- CSNC-2016-002 - Open Redirect in OpenAM
- InstantCoder v1.0 iOS - Multiple Web Vulnerabilities
- Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability
- [SYSS-2015-063] OpenCms - Cross Site Scripting
- Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities
- InstantCoder v1.0 iOS - Multiple Web Vulnerabilities
- [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal
- [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak
- [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass
- [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure
- [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass
- [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass
- [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation
- [SECURITY] [DSA 3486-1] chromium-browser security update
- [security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access
- [SECURITY] [DSA 3485-1] didiwiki security update
- Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
- [SECURITY] [DSA 3483-1] cpio security update
- From: Salvatore Bonaccorso
- ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability
- Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability
- Investors Application - Client Side Cross Site Scripting Vulnerability
- Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability
- Chamilo LMS - Persistent Cross Site Scripting Vulnerability
- Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities
- ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability
- [SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection
- From: erlijn . vangenuchten
- [SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting
- From: erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358)
- From: erlijn . vangenuchten
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548)
- From: erlijn . vangenuchten
- [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79)
- From: erlijn . vangenuchten
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SECURITY] [DSA 3484-1] xdelta3 security update
- From: Salvatore Bonaccorso
- CVE-2015-7521: Apache Hive authorization bug disclosure (update)
- [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3482-1] libreoffice security update
- RCE via CSRF in osCommerce
- From: High-Tech Bridge Security Research
- SSO Authentication Bypass and Website Takeover in DOKEOS
- From: High-Tech Bridge Security Research
- SQL Injection in webSPELL
- From: High-Tech Bridge Security Research
- SQL Injection in TestLink
- From: High-Tech Bridge Security Research
- SQL Injection in WeBid
- From: High-Tech Bridge Security Research
- SQL Injection in Osclass
- From: High-Tech Bridge Security Research
- RCE via CSRF in osCmax
- From: High-Tech Bridge Security Research
- Redaxo CMS contains multiple vulnerabilities
- [SECURITY] [DSA 3481-1] glibc security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3480-1] eglibc security update
- From: Salvatore Bonaccorso
- CSRF and XsS In Manage Engine oputils
- Privilege escalation Vulnerability in ManageEngine oputils
- Missing Function Level Access control Vulnerability in OPutils
- [SECURITY] [DSA 3478-1] libgcrypt11 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3479-1] graphite2 security update
- CyberCop Scanner Smbgrind v5.5 Buffer Overflow
- phpMyBackupPro v.2.5 Remote Command Execution / CSRF
- phpMyBackupPro v.2.5 Arbitrary File Upload
- phpMyBackupPro v.2.5 XSS
- BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware
- From: Blue Frost Security Research Lab
- Xymon: Critical security issues in all versions prior to 4.3.25
- [SECURITY] [DSA 3477-1] iceweasel security update
- [SECURITY] [DSA 3476-1] postgresql-9.4 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3475-1] postgresql-9.1 security update
- From: Salvatore Bonaccorso
- KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution
- From: KoreLogic Disclosures
- [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability
- [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability
- [SECURITY] [DSA 3474-1] libgcrypt20 security update
- From: Salvatore Bonaccorso
- HD Video Player v2.5 iOS - Multiple Web Vulnerabilities
- CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)
- [slackware-security] mozilla-firefox (SSA:2016-042-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3473-1] nginx security update
- From: Salvatore Bonaccorso
- Re: [oss-security] HTTPS Only (Open Source, Python)
- Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
- Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability
- Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
- MapsUpdateTask Task DLL side loading vulnerability
- BDA MPEG2 Transport Information Filter DLL side loading vulnerability
- NPS Datastore server DLL side loading vulnerability
- Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Remote Code Execution in Exponent
- From: High-Tech Bridge Security Research
- Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability
- MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability
- File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities
- Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability
- VP2016-001: Remote Command Execution in File Replication Pro
- From: Vantage Point Security
- SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities
- From: SEC Consult Vulnerability Lab
- ManageEngine Eventlog Analyzer Privilege Escalation v10.8
- dotDefender Firewall CSRF
- Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)
- ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities
- Privilege escalation Vulnerability in ManageEngine Network Configuration Management
- [slackware-security] curl (SSA:2016-039-01)
- From: Slackware Security Team
- [slackware-security] libsndfile (SSA:2016-039-02)
- From: Slackware Security Team
- [SECURITY] [DSA 3472-1] wordpress security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3470-1] qemu-kvm security update
- [SECURITY] [DSA 3469-1] qemu security update
- [SECURITY] [DSA 3471-1] qemu security update
- WordPress WP User Frontend Plugin [Unrestricted File Upload]
- WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation]
- PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities
- Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities
- Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability
- Getdpd BB #4 - (name) Persistent Validation Vulnerability
- Getdpd BB #5 - Persistent Filename Vulnerability
- JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability
- Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys)
- Symphony CMS multiple vulnerabilities
- WordPress User Meta Manager Plugin [Information Disclosure]
- Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- CFP: SIN 2016 - 9th International Conference on Security of Information and Networks
- [SECURITY] [DSA 3468-1] polarssl security update
- [SECURITY] [DSA 3467-1] tiff security update
- From: Salvatore Bonaccorso
- Multiple vulnerabilities in Open Real Estate v 1.15.1
- From: Simon Waters (Surevine)
- [security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege
- [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution
- [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
- CVE-2015-3252: Apache CloudStack VNC authentication issue
- CVE-2015-3251: Apache CloudStack VM Credential Exposure
- [SECURITY] [DSA 3466-1] krb5 security update
- From: Salvatore Bonaccorso
- WordPress User Meta Manager Plugin [Blind SQLI]
- WordPress User Meta Manager Plugin [Privilege Escalation]
- Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass
- [slackware-security] mozilla-firefox (SSA:2016-034-01)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2016-034-03)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-034-04)
- From: Slackware Security Team
- [slackware-security] MPlayer (SSA:2016-034-02)
- From: Slackware Security Team
- AST-2016-002: File descriptor exhaustion in chan_sip
- From: Asterisk Security Team
- AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.
- From: Asterisk Security Team
- AST-2016-001: BEAST vulnerability in HTTP server
- From: Asterisk Security Team
- [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
- Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
- Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Security Advisories
- From: Portcullis Advisories
- Soso Transfer v1.1 iOS - Denial of Service Vulnerability
- File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
- SimpleView CRM - Client Side Open Redirect Vulnerability
- Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability
- Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability
- Mezzanine CMS 4.1.0 XSS
- Mezzanine CMS 4.1.0 Arbitrary File Upload
- ASUS RT-N56U Persistent XSS
- TimeClock - Multiple SQL Injections
- [SECURITY] [DSA 3465-1] openjdk-6 security update
- MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS
- Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
- A tale of openssl_seal(), PHP and Apache2handle
- WebKitGTK+ Security Advisory WSA-2016-0001
- From: Carlos Alberto Lopez Perez
- File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities
- Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
- [SECURITY] [DSA 3461-1] freetype security update
- [SECURITY] [DSA 3462-1] radicale security update
- [SECURITY] [DSA 3463-1] prosody security update
- [SECURITY] [DSA 3464-1] rails security update
- eClinicalWorks (CCMR) - Multiple Vulnerabilities
- Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- WP-Comment-Rating XSS Vulnerability
- OpenXchange | Information Disclosure
- VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
- [SECURITY] [DSA 3460-1] privoxy security update
- CVE-2015-5344 - Apache Camel medium disclosure vulnerability
- FreeBSD Security Advisory FreeBSD-SA-16:11.openssl
- From: FreeBSD Security Advisories
- [security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access
- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network
- [security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification
- ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation
- [security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
- [security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification
- [security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution
- Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
- ProjectSend multiple vulnerabilities
- [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)
- [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities
- CVE-2015-7521: Apache Hive authorization bug disclosure
- [SECURITY] [DSA 3459-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- New Era Company CMS - (id) SQL Injection Vulnerability
- Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability
- HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase
- From: Hacking Corporation Sàrl
- [SECURITY] [DSA 3458-1] openjdk-7 security update
- [SECURITY] [DSA 3457-1] iceweasel security update
- Log2Space Central v 6.2 Multiple XSS Vulnerability
- Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Netgear GS105Ev2 - Multiple Vulnerabilities
- From: benedikt . westermann
- los818 CMS 2016 Q1 - SQL Injection Web Vulnerability
- WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability
- Classic Infomedia (Login) - Auth Bypass Web Vulnerability
- Kleefa v1.7 (IR) - Multiple Web Vulnerabilities
- Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability
- Telegram (API) - Cross Site Request Forgery Vulnerabilities
- Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities
- Apple WatchOS v2.1 - Denial of Service Vulnerability
- Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities
- BK Mobile CMS SQLi and XSS Vulnerability
- [SECURITY] [DSA 3456-1] chromium-browser security update
- [SECURITY] [DSA 3455-1] curl security update
- [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
- FreeBSD Security Advisory FreeBSD-SA-16:10.linux
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:09.ntp
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:08.bind
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3454-1] virtualbox security update
- WP-Ultimate CSV Importer XSS Vulnerability
- [security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)
- [security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS)
- PHP LiteSpeed SAPI out of boundaries read due to missing input validation
- [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities
- From: CORE Advisories Team
- Authentication bypass in PHP File Manager 0.9.8
- APPLE-SA-2016-01-25-1 tvOS 9.1.1
- From: Apple Product Security
- Magento 1.9.x Multiple Man-In The Middle
- glibc catopen() Multiple unbounded stack allocations
- [SECURITY] [DSA 3453-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- WP Easy Gallery v4.1.4 Stored XSS Vulnerability
- PHP LiteSpeed SAPI secret key improper disposal
- PHP-FPM fpm_log.c memory leak and buffer overflow
- Remote shutdown vulnerability in Buffalo NAS (Linkstation 420)
- ZyXel WAP3205 v1 Multiple XSS
- HP ToComMsg DLL side loading vulnerability
- LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities
- HP LaserJet Fax Preview DLL side loading vulnerability
- XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
- imageone Cms Multiple vulnerabilities
- [SECURITY] [DSA 3452-1] claws-mail security update
- imageone Cms Multiple vulnerabilities
- January 2016 - Bamboo - Critical Security Advisory
- [SECURITY] [DSA 3451-1] fuse security update
- Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
- SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices
- From: SEC Consult Vulnerability Lab
- Oracle HtmlConverter.exe Buffer Overflow
- QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys
- Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
- Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3
- Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3450-1] ecryptfs-utils security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8
- LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability
- APPLE-SA-2016-01-19-3 Safari 9.0.3
- From: Apple Product Security
- APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
- From: Apple Product Security
- APPLE-SA-2016-01-19-1 iOS 9.2.1
- From: Apple Product Security
- [SECURITY] [DSA 3449-1] bind9 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS)
- Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
- [CORE-2016-0001] - Intel Driver Update Utility MiTM
- From: CORE Advisories Team
- Quick Cart v6.6 XSS Vulnerability
- [SECURITY] [DSA 3448-1] linux security update
- From: Salvatore Bonaccorso
- Quick CMS v 6.1 XSS Vulnerability
- Advanced Electron Forum v1.0.9 RFI / CSRF
- Advanced Electron Forum v1.0.9 Persistent XSS
- Advanced Electron Forum v1.0.9 CSRF
- [SECURITY] [DSA 3447-1] tomcat7 security update
- From: Salvatore Bonaccorso
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
