Bugtraq

• Thread Index

• [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
  • From: urikanonov
• [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3
  • From: urikanonov
• [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability
  • From: Egidio Romano
• Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
  • From: Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
  • From: Stefan Kanthak
• [slackware-security] openssh (SSA:2016-014-01)
  • From: Slackware Security Team
• FreeBSD Security Advisory FreeBSD-SA-16:07.openssh
  • From: FreeBSD Security Advisories
• FreeBSD bsnmpd information disclosure
  • From: Pierre Kim
• [SECURITY] [DSA 3431-2] ganeti regression update
  • From: Salvatore Bonaccorso
• Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
  • From: Qualys Security Advisory
• [SECURITY] [DSA 3446-1] openssh security update
  • From: Yves-Alexis Perez
• FreeBSD Security Advisory FreeBSD-SA-16:04.linux
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:01.sctp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:02.ntp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:05.tcp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:03.linux
  • From: FreeBSD Security Advisories
• [security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege
  • From: security-alert
• [SECURITY] [DSA 3443-1] libpng security update
  • From: Salvatore Bonaccorso
• [slackware-security] dhcp (SSA:2016-012-01)
  • From: Slackware Security Team
• Remote Code Execution in Roundcube
  • From: High-Tech Bridge Security Research
• [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
  • From: Stefan Kanthak
• [security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities
  • From: security-alert
• Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities
  • From: security-alert
• Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3444-1] wordpress security update
  • From: Salvatore Bonaccorso
• Commentator Wordpress Plugin 2.5.2 XSS Vulnerability
  • From: Rahul Pratap Singh
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3445-1] pygments security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3442-1] isc-dhcp security update
  • From: Michael Gilbert
• WP Symposium Pro Social Network Plugin XSS Vulnerability
  • From: Rahul Pratap Singh
• SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems
  • From: SEC Consult Vulnerability Lab
• [SECURITY] [DSA 3441-1] perl security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3440-1] sudo security update
  • From: Ben Hutchings
• Exploiting XXE vulnerabilities in AMF libraries
  • From: Nicolas Grégoire
• Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: Reed Loden
• Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)
  • From: fgghy
• Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Sarah Allen
• Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: iedb . team
• Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: iedb . team
• OpenBravo Hibernate HQL Injection
  • From: Ng, Sam (Fortify)
• [SECURITY] [DSA 3439-1] prosody security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3437-1] gnutls26 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3438-1] xscreensaver security update
  • From: Michael Gilbert
• CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer
  • From: Stelios Tsampas
• CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent
  • From: Stelios Tsampas
• [SECURITY] [DSA 3436-1] openssl security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
  • From: security-alert
• Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• MobaXTerm before version 8.5 vulnerability in "jump host" functionality
  • From: Thomas Bleier
• [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
  • From: RedTeam Pentesting GmbH
• WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability
  • From: Rahul Pratap Singh
• Symantec EP DOS
  • From: hyp3rphp
• [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
  • From: security-alert
• APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • From: Apple Product Security
• APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • From: Apple Product Security
• Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through
  • From: Eitan Caspi
• [CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability
  • From: Daniel Schliebner
• Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603
  • From: Onur Yilmaz
• [RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
  • From: RedTeam Pentesting GmbH
• [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images
  • From: RedTeam Pentesting GmbH
• Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)
  • From: erlijn . vangenuchten
• Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access
  • From: security-alert
• [SECURITY] [DSA 3434-1] linux security update
  • From: Ben Hutchings
• [SECURITY] [DSA 3435-1] git security update
  • From: Laszlo Boszormenyi (GCS)
• CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
  • From: Pierre Kim
• Confluence Vulnerabilities
  • From: Sebastian Perez
• Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
  • From: Stefan Kanthak
• [SECURITY] [DSA 3433-1] samba security update
  • From: Salvatore Bonaccorso
• Open Audit SQL Injection Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
  • From: Stefan Seelmann
• OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag
  • From: Ralf Spenneberg
• OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S
  • From: Ralf Spenneberg
• [SECURITY] [DSA 3431-1] ganeti security update
  • From: Moritz Muehlenhoff
• OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders
  • From: Ralf Spenneberg
• [SECURITY] [DSA 3432-1] icedove security update
  • From: Moritz Muehlenhoff
• Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang)
  • From: irancrash
• Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
  • From: Stefan Kanthak
• FTPShell Client v5.24 Buffer Overflow
  • From: apparitionsec
• [oCERT 2015-012] Ganeti multiple issues
  • From: Daniele Bianco
• WebKitGTK+ Security Advisory WSA-2015-0002
  • From: Carlos Alberto Lopez Perez
• libtiff bmp file Heap Overflow (CVE-2015-8668)
  • From: riusksk
• libtiff: invalid write (CVE-2015-7554)
  • From: Hans Jerry Illikainen
• AccessDiver V4.301 Buffer Overflow
  • From: apparitionsec
• [slackware-security] mozilla-thunderbird (SSA:2015-357-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3430-1] libxml2 security update
  • From: Salvatore Bonaccorso
• Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [slackware-security] blueman (SSA:2015-356-01)
  • From: Slackware Security Team
• Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16
  • From: LpSolit
• ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability
  • From: Security Alert
• ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability
  • From: Security Alert
• Aeris Calandar v2.1 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• POP Peeper 4.0.1 - Persistent Code Execution Vulnerability
  • From: Vulnerability Lab
• Switch v4.68 - Code Execution Vulnerability
  • From: Vulnerability Lab
• Lithium Forum - (previewImages) Persistent Vulnerability
  • From: Vulnerability Lab
• Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability
  • From: Vulnerability Lab
• Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability
  • From: Vulnerability Lab
• [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality
  • From: RedTeam Pentesting GmbH
• Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
  • From: Stefan Kanthak
• [security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access.
  • From: security-alert
• [security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification
  • From: security-alert
• [security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass
  • From: security-alert
• [SECURITY] [DSA 3429-1] foomatic-filters security update
  • From: Salvatore Bonaccorso
• ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability
  • From: Security Alert
• giflib: heap overflow in giffix (CVE-2015-7555)
  • From: Hans Jerry Illikainen
• Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
  • From: Stefan Kanthak
• Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
  • From: Stefan Kanthak
• KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 3427-1] blueman security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3428-1] tomcat8 security update
  • From: Moritz Muehlenhoff
• KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
  • From: KoreLogic Disclosures
• [slackware-security] grub (SSA:2015-351-01)
  • From: Slackware Security Team
• [slackware-security] libpng (SSA:2015-351-02)
  • From: Slackware Security Team
• Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
  • From: Stefan Kanthak
• [SECURITY] [DSA 3426-1] linux security update
  • From: Salvatore Bonaccorso
• ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability
  • From: Security Alert
• [oCERT 2015-011] PyAMF input sanitization errors (XXE)
  • From: Daniele Bianco
• [SECURITY] [DSA 3425-1] tryton-server security update
  • From: Luciano Bello
• [SECURITY] [DSA 3425-1] tryton-server security update
  • From: Luciano Bello
• CVE-2015-5348 - Apache Camel medium disclosure vulnerability
  • From: Claus Ibsen
• [SECURITY] [DSA 3337-2] gdk-pixbuf security update
  • From: Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2015-349-03)
  • From: Slackware Security Team
• [SECURITY] [DSA 3424-1] subversion security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification
  • From: security-alert
• [SECURITY] [DSA 3423-1] cacti security update
  • From: Luciano Bello
• [SECURITY] [DSA 3421-1] grub2 security update
  • From: Luciano Bello
• [SECURITY] [DSA 3422-1] iceweasel security update
  • From: Moritz Muehlenhoff
• Shockwave Flash Object DLL side loading vulnerability
  • From: Securify B.V.
• Shutdown UX DLL side loading vulnerability
  • From: Securify B.V.
• [security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
  • From: security-alert
• Event Viewer Snapin multiple DLL side loading vulnerabilities
  • From: Securify B.V.
• libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507)
  • From: Hans Jerry Illikainen
• FreeBSD Security Advisory FreeBSD-SA-15:27.bind
  • From: FreeBSD Security Advisories
• SQL Injection in orion.extfeedbackform Bitrix Module
  • From: High-Tech Bridge Security Research
• RCE in Zen Cart via Arbitrary File Inclusion
  • From: High-Tech Bridge Security Research
• libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506)
  • From: Hans Jerry Illikainen
• [slackware-security] openssl (SSA:2015-349-04)
  • From: Slackware Security Team
• [slackware-security] bind (SSA:2015-349-01)
  • From: Slackware Security Team
• [slackware-security] libpng (SSA:2015-349-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 3420-1] bind9 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3419-1] cups-filters security update
  • From: Salvatore Bonaccorso
• Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
  • From: Stefan Kanthak
• [SECURITY] [DSA 3418-1] chromium-browser security update
  • From: Michael Gilbert
• [security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
  • From: security-alert
• Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
  • From: Hector Marco-Gisbert
• phpback v1.1 XSS vulnerability
  • From: apparitionsec
• ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS
  • From: ERPScan inc
• [SECURITY] [DSA 3417-1] bouncycastle security update
  • From: Luciano Bello
• [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability
  • From: ERPScan inc
• ECommerceMajor SQL Injection Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3416-1] libphp-phpmailer security update
  • From: Luciano Bello
• COM+ Services DLL side loading vulnerability
  • From: Securify B.V.
• Windows Authentication UI DLL side loading vulnerability
  • From: Securify B.V.
• XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247
  • From: Aravind
• [security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
  • From: security-alert
• APPLE-SA-2015-12-11-1 iTunes 12.3.2
  • From: Apple Product Security
• ORGIN STUDIOS Cms Multiple Vulnerability
  • From: iedb . team
• Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
  • From: Stefan Kanthak
• WordPress <=v4.4 Username Exists Information Disclosure
  • From: John SECURELI.com
• BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability
  • From: Blue Frost Security Research Lab
• SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities
  • From: SEC Consult Vulnerability Lab
• Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• APPLE-SA-2015-12-08-6 Xcode 7.2
  • From: Apple Product Security
• Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability
  • From: Secunia Research
• APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
  • From: Apple Product Security
• [SECURITY] [DSA 3414-1] xen security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution
  • From: security-alert
• APPLE-SA-2015-12-08-2 tvOS 9.1
  • From: Apple Product Security
• Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference
  • From: CORE Advisories Team
• [security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information
  • From: security-alert
• APPLE-SA-2015-12-08-5 Safari 9.0.2
  • From: Apple Product Security
• APPLE-SA-2015-12-08-4 watchOS 2.1
  • From: Apple Product Security
• APPLE-SA-2015-12-08-1 iOS 9.2
  • From: Apple Product Security
• Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge)
  • From: securityresearch
• Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
  • From: Stefan Kanthak
• [security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information
  • From: security-alert
• Path Traversal via CSRF in bitrix.xscan Bitrix Module
  • From: High-Tech Bridge Security Research
• APPLE-SA-2015-12-08-4 watchOS 2.1
  • From: Apple Product Security
• [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
  • From: Vogt, Thomas
• XSS vulnerability in Intellect Core banking software - Polaris
  • From: msahu
• PHP File Inclusion in bitrix.mpbuilder Bitrix Module
  • From: High-Tech Bridge Security Research
• WordPress Users Ultra Plugin [Blind SQL injection] - Update
  • From: Panagiotis Vagenas
• MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow
  • From: submit
• [SECURITY] [DSA 3415-1] chromium-browser security update
  • From: Michael Gilbert
• Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
  • From: Stefan Kanthak
• iScripts Multicart Cms Multiple Vulnerability
  • From: iedb . team
• WebBoutiques Cms Cross-Site Scripting Vulnerability
  • From: iedb . team
• Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
  • From: Stefan Kanthak
• Command Injection in cool-video-gallery v1.9 Wordpress plugin
  • From: Larry Cashdollar
• [SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79)
  • From: disclosure
• [SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932)
  • From: disclosure
• Edimax BR-6478AC & Others Multiple Vulnerabilites
  • From: mwinstead3790
• FreeBSD Security Advisory FreeBSD-SA-15:26.openssl
  • From: FreeBSD Security Advisories
• KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 3413-1] openssl security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3412-1] redis security update
  • From: Salvatore Bonaccorso
• ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability
  • From: Security Alert
• [slackware-security] mozilla-thunderbird (SSA:2015-337-02)
  • From: Slackware Security Team
• [slackware-security] libpng (SSA:2015-337-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3411-1] cups-filters security update
  • From: Moritz Muehlenhoff
• Ellucian Banner Student Vulnerability Disclosure
  • From: sean . dillon
• WordPress Users Ultra Plugin [Persistence XSS]
  • From: pan . vagenas
• WordPress Users Ultra Plugin [Blind SQL injection]
  • From: pan . vagenas
• Gnome Nautilus [Denial of Service]
  • From: pan . vagenas
• SQLi Vulnerability in ATuter management system
  • From: sirus . shahini
• Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin
  • From: High-Tech Bridge Security Research
• Remote File Inclusion in Gwolle Guestbook WordPress Plugin
  • From: High-Tech Bridge Security Research
• Reflected XSS in Ultimate Member WordPress Plugin
  • From: High-Tech Bridge Security Research
• Reflected XSS in Role Scoper WordPress Plugin
  • From: High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in SourceBans
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 3409-1] putty security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3410-1] icedove security update
  • From: Moritz Muehlenhoff
• Zenphoto 1.4.10 Local File Inclusion
  • From: apparitionsec
• Zenphoto 1.4.10 XSS Vulnerability
  • From: apparitionsec
• [SECURITY] [DSA 3408-1] gnutls26 security update
  • From: Salvatore Bonaccorso
• Huawei Wimax routers vulnerable to multiple threats
  • From: Pierre Kim
• [SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7)
  • From: Security Explorations
• LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection
  • From: advisories
• Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Belkin N150 Wireless Home Router Multiple Vulnerabilities
  • From: Rahul Pratap Singh
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report.
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: lem . nikolas
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: aiscorp
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• [FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)
  • From: Manuel Mancera
• [SECURITY] [DSA 3407-1] dpkg security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3405-1] smokeping security update
  • From: Florian Weimer
• [SECURITY] [DSA 3406-1] nspr security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3404-1] python-django security update
  • From: Salvatore Bonaccorso
• CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
  • From: security-alert
• [slackware-security] pcre (SSA:2015-328-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3403-1] libcommons-collections3-java security update
  • From: Moritz Muehlenhoff
• ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability
  • From: Security Alert
• [SECURITY] [DSA 3402-1] symfony security update
  • From: Salvatore Bonaccorso
• Steam Weak File Permissions Privilege Escalation
  • From: ajs
• CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1
  • From: Christofer Dutz
• [ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE
  • From: ERPScan inc
• [ERPSCAN-15-019] SAP Afaria - Stored XSS
  • From: ERPScan inc
• [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS)
  • From: Manuel Mancera
• [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import
  • From: ERPScan inc
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
  • From: Nicholas Lemonias.
• Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android
  • From: Shazron
• Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions
  • From: Shazron
• [SECURITY] [DSA 3400-1] lxc security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS)
  • From: security-alert
• NEW VMSA-2015-0008 - VMware product updates address information disclosure issue
  • From: VMware Security Response Center
• CVE-2015-8131: Kibana CSRF vulnerability
  • From: Kevin Kluge
• IBM i Access Buffer Overflow Code DOS CVE-2015-7422
  • From: apparitionsec
• IBM i Access Buffer Overflow Code Exec CVE-2015-2023
  • From: apparitionsec
• [security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF)
  • From: security-alert
• [SECURITY] [DSA 3399-1] libpng security update
  • From: Salvatore Bonaccorso
• RCE and SQL injection via CSRF in Horde Groupware
  • From: High-Tech Bridge Security Research
• Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF)
  • From: security-alert
• WordPress Users Ultra Plugin [Unrestricted File Upload]
  • From: pan . vagenas
• ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability
  • From: Security Alert
• Open-Xchange Security Advisory 2015-11-17
  • From: Martin Heiland
• Free WMA MP3 Converter - Buffer Overflow Exploit (SEH)
  • From: Vulnerability Lab
• Murgent CMS - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Magento Bug Bounty #22 - (Profile) Persistent Vulnerability
  • From: Vulnerability Lab
• Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities
  • From: Vulnerability Lab
• Port Scan v2.0 iOS - Command Inject Vulnerability
  • From: Vulnerability Lab
• LAN Scan HD v1.20 iOS - Command Inject Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3398-1] strongswan security update
  • From: Yves-Alexis Perez
• CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability
  • From: Matthew Flanagan
• [security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information
  • From: security-alert
• Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality
  • From: samhuntley84
• Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities.
  • From: samhuntley84
• Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities.
  • From: samhuntley84
• Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities.
  • From: samhuntley84
• Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists
  • From: samhuntley84
• Dlink DIR-601 Command injection in ping functionality
  • From: samhuntley84
• Dlink DIR-645 UPNP Buffer Overflow
  • From: samhuntley84
• Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities
  • From: samhuntley84
• Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities
  • From: samhuntley84
• Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities
  • From: samhuntley84
• Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality
  • From: samhuntley84
• SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value
  • From: martin . sturm
• Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L
  • From: samhuntley84
• Dlink DIR-866L Buffer overflows in HNAP and send email functionalities
  • From: samhuntley84
• CF Image Host XSS
  • From: apparitionsec
• CF Image Host CSRF
  • From: apparitionsec
• CF Image Host PHP Command Injection
  • From: apparitionsec
• PHP Address Book SQL Injection Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3208-2] freexl regression update
  • From: Salvatore Bonaccorso
• /tmp race condition in IBM Installation Manager V1.8.1 install script
  • From: larry0
• D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability
  • From: bhadresh . patel
• [slackware-security] seamonkey (SSA:2015-318-01)
  • From: Slackware Security Team
• OpenBSD package 'net-snmp' information disclosure
  • From: Pierre Kim
• [SECURITY] [DSA 3395-2] krb5 security update
  • From: Salvatore Bonaccorso
• Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability
  • From: Secunia Research
• [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS)
  • From: security-alert
• [SECURITY] [DSA 3397-1] wpa security update
  • From: Salvatore Bonaccorso
• Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099
  • From: apparitionsec
• [SECURITY] [DSA 3396-1] linux security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3386-2] unzip regression update
  • From: Salvatore Bonaccorso
• TestLink 1.9.14 CSRF Vulnerability
  • From: Aravind
• TestLink 1.9.14 Persistent XSS
  • From: Aravind
• [SECURITY] [DSA 3395-1] krb5 security update
  • From: Salvatore Bonaccorso
• [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities
  • From: Timothy Bish
• [slackware-security] mozilla-firefox (SSA:2015-310-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-nss (SSA:2015-310-02)
  • From: Slackware Security Team
• CVE-2015-5378
  • From: Suyog Rao
• CVE-2015-5619
  • From: Suyog Rao
• NXFilter v3.0.3 Persistent / Reflected XSS
  • From: apparitionsec
• NXFilter v3.0.3 CSRF
  • From: apparitionsec
• Elasticsearch vulnerability CVE-2015-4165
  • From: Kevin Kluge
• [SECURITY] [DSA 3394-1] libreoffice security update
  • From: Moritz Muehlenhoff
• Elasticsearch vulnerability CVE-2015-5377
  • From: Kevin Kluge
• SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 3393-1] iceweasel security update
  • From: Moritz Muehlenhoff
• Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability
  • From: Egidio Romano
• [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
  • From: Egidio Romano
• [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability
  • From: Egidio Romano
• [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability
  • From: Egidio Romano
• [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability
  • From: Egidio Romano
• [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability
  • From: Egidio Romano
• FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3392-1] freeimage security update
  • From: Sebastien Delafond
• [security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege
  • From: security-alert
• [security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege
  • From: security-alert
• [SECURITY] [DSA 3391-1] php-horde security update
  • From: Florian Weimer
• [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code
  • From: security-alert
• [SECURITY] [DSA 3355-2] libvdpau regression update
  • From: Alessandro Ghedini
• [security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3390-1] xen security update
  • From: Salvatore Bonaccorso
• CVE-2015-7326 (XXE vulnerability in Milton Webdav)
  • From: 0ang3el
• Accentis Content Resource Management System - XSS
  • From: GalaxyCVEcollector
• Accentis Content Resource Management System - SQL
  • From: GalaxyCVEcollector
• Cross-Site Scripting | Zeuscart V4
  • From: ITAS Team
• [SECURITY] [DSA 3389-1] elasticsearch end-of-life
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3381-2] openjdk-7 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3388-1] ntp security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3387-1] openafs security update
  • From: Florian Weimer
• TCPing 2.1.0 Buffer Overflow
  • From: apparitionsec
• [SECURITY] [DSA 3386-1] unzip security update
  • From: Laszlo Boszormenyi (GCS)
• [SECURITY] [DSA 3385-1] mariadb-10.0 security update
  • From: Salvatore Bonaccorso
• [slackware-security] jasper (SSA:2015-302-02)
  • From: Slackware Security Team
• PHP Server Monitor 3.1.1 Privilege Escalation
  • From: apparitionsec
• PHP Server Monitor 3.1.1 CSRF
  • From: apparitionsec
• [slackware-security] curl (SSA:2015-302-01)
  • From: Slackware Security Team
• [slackware-security] ntp (SSA:2015-302-03)
  • From: Slackware Security Team
• [SECURITY] [DSA 3384-1] virtualbox security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3383-1] wordpress security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3332-2] wordpress regression update
  • From: Salvatore Bonaccorso
• [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
  • From: ERPScan inc
• Cross-Site Request Forgery on Oxwall
  • From: High-Tech Bridge Security Research
• CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
  • From: Portcullis Advisories
• CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
  • From: Portcullis Advisories
• [SECURITY] [DSA 3382-1] phpmyadmin security update
  • From: Thijs Kinkhorst
• Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
  • From: Stefan Kanthak
• [SECURITY] [DSA 3381-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3380-1] php5 security update
  • From: Florian Weimer
• [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
  • From: ERPScan inc
• [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
  • From: ERPScan inc
• [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
  • From: ERPScan inc
• MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC)
  • From: submit
• MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow
  • From: submit
• Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability
  • From: Secunia Research
• Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities
  • From: Secunia Research
• FreeBSD Security Advisory FreeBSD-SA-15:25.ntp
  • From: FreeBSD Security Advisories
• AlienVault OSSIM 4.3 CSRF
  • From: mohammadreza . mohajerani
• AlienVault OSSIM 4.3 CSRF vulnerability report
  • From: mohammadreza . mohajerani
• [SECURITY] [DSA 3379-1] miniupnpc security update
  • From: Salvatore Bonaccorso
• Fwd: Timing attack vulnerability in most Zeus server-sides
  • From: rotem kerner
• [SECURITY] [DSA 3377-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information
  • From: security-alert
• CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution
  • From: David Black
• Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
  • From: scurippio
• SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities
  • From: SEC Consult Vulnerability Lab
• Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
  • From: scurippio
• TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
  • From: scurippio
• Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
  • From: Cisco Systems Product Security Incident Response Team
• APPLE-SA-2015-10-21-8 OS X Server 5.0.15
  • From: Apple Product Security
• APPLE-SA-2015-10-21-7 Xcode 7.1
  • From: Apple Product Security
• APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002
  • From: Apple Product Security
• APPLE-SA-2015-10-21-5 iTunes 12.3.1
  • From: Apple Product Security
• APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
  • From: Apple Product Security
• APPLE-SA-2015-10-21-3 Safari 9.0.1
  • From: Apple Product Security
• APPLE-SA-2015-10-21-2 watchOS 2.0.1
  • From: Apple Product Security
• APPLE-SA-2015-10-21-1 iOS 9.1
  • From: Apple Product Security
• Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• SiteWIX - (edit_photo2.php id) SQL Injection Exploit
  • From: ZoRLu Bugrahan
• [SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42)
  • From: Security Explorations
• [SECURITY] [DSA 3376-1] chromium-browser security update
  • From: Michael Gilbert
• [SECURITY] [DSA 3375-1] wordpress security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3374-1] postgresql-9.4 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3373-1] owncloud security update
  • From: Salvatore Bonaccorso
• ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access
  • From: ERPScan inc
• Events Made Easy WordPress plugin CSRF + Persistent XSS
  • From: David Sopas
• Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
  • From: Qualys Security Advisory
• [ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD
  • From: ISecAuditors Security Advisories
• APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
  • From: Apple Product Security
• [security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities
  • From: security-alert
• Freemake Video Downloader 3.7.1 - Code Execution Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability
  • From: Vulnerability Lab
• Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow
  • From: apparitionsec
• US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research
  • From: Nicholas Lemonias.
• [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability
  • From: Myria
• [security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information
  • From: security-alert
• Boolean-based SQL injection Vulnerability in K2 Platforms
  • From: wissam . bashour
• [SECURITY] [DSA 3372-1] linux security update
  • From: Ben Hutchings
• AdobeWorkgroupHelper Stack Based Buffer Overflow
  • From: apparitionsec
• CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
  • From: grajalerts
• CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
  • From: grajalerts
• CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
  • From: grajalerts
• Multiple Remote Code Execution found in ZHONE
  • From: lyon . yang . s
• [SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection
  • From: matthias . deeg
• [SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials
  • From: matthias . deeg
• Multiple Vulnerabilities found in ZHONE
  • From: lyon . yang . s
• ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities
  • From: Security Alert
• [SECURITY] [DSA 3371-1] spice security update
  • From: Salvatore Bonaccorso
• Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
  • From: Nicholas Lemonias.
• FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability
  • From: Vulnerability Lab
• PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability
  • From: Vulnerability Lab
• WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
  • From: Vulnerability Lab
• Veeam Backup & Replication Local Privilege Escalation Vulnerability
  • From: ascii
• [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass
  • From: RedTeam Pentesting GmbH
• Potential vulnerabilites in PayPal Beacons
  • From: securityresearch
• Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost
  • From: Nicholas Lemonias.
• [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
  • From: Matteo Beccati
• A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE
  • From: Pierre Kim
• RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
  • From: Alexandre Herzog
• Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
  • From: lem . nikolas
• Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
  • From: Ralf Spenneberg
• [SECURITY] [DSA 3369-1] zendframework security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3370-1] freetype security update
  • From: Alessandro Ghedini
• [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin
  • From: ibeptaz
• Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
  • From: Nicholas Lemonias.
• Zope Management Interface CSRF vulnerabilities
  • From: apparitionsec
• TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
  • From: Onur Yilmaz
• TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
  • From: Onur Yilmaz
• Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver)
  • From: Ralf Spenneberg
• Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
  • From: Alexandre Herzog
• Advisory: web-based VM detection and coarse-grained fingerprinting
  • From: Amit Klein
• LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow
  • From: apparitionsec
• [security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege
  • From: security-alert
• [slackware-security] seamonkey (SSA:2015-274-03)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2015-274-01)
  • From: Slackware Security Team
• [slackware-security] php (SSA:2015-274-02)
  • From: Slackware Security Team
• [security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information
  • From: security-alert
• FTGate 2009 Build 6.4.00 CSRF Vulnerabilities
  • From: apparitionsec
• CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
  • From: Specto
• [SYSS-2015-039] CSRF in OpenText Secure MFT
  • From: adrian . vollmer
• [ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution
  • From: Pedro Ribeiro
• Qualys Security Advisory - OpenSMTPD Audit Report
  • From: Qualys Security Advisory
• FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED]
  • From: FreeBSD Security Advisories
• ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage
  • From: jerzy . patraszewski
• Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
  • From: appsec
• Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
  • From: appsec
• Reflected Cross-Site Scripting (XSS) in SourceBans
  • From: High-Tech Bridge Security Research
• Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin
  • From: ibemed
• Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
  • From: ibemed
• A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin
  • From: ibemed
• Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
  • From: ibemed
• LanSpy 2.0.0.155 Buffer Overflow
  • From: apparitionsec
• [security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass
  • From: security-alert
• [SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass
  • From: matthias . deeg
• [SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass
  • From: matthias . deeg
• [SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt
  • From: matthias . deeg
• [SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt
  • From: matthias . deeg
• [SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt
  • From: matthias . deeg
• [SYSS-2015-005] Kaspersky Total Security - Authentication Bypass
  • From: matthias . deeg
• [SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt
  • From: matthias . deeg
• [SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass
  • From: matthias . deeg
• [SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass
  • From: matthias . deeg
• [SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt
  • From: matthias . deeg
• APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
  • From: Apple Product Security
• APPLE-SA-2015-09-30-2 Safari 9
  • From: Apple Product Security
• [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information
  • From: security-alert
• APPLE-SA-2015-09-30-01 iOS 9.0.2
  • From: Apple Product Security
• Re: Cisco AnyConnect elevation of privileges via DMG install script
  • From: Securify B.V.
• Apache James Server 2.3.2 security vulnerability fixed
  • From: Eric Charles
• Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Eugene Roshal
• RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Popovici, Alejo (LATCO - Buenos Aires)
• Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: dev
• FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
  • From: FreeBSD Security Advisories
• CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23
  • From: Marcello Duarte
• Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC
  • From: Ralf Spenneberg
• ESA-2015-151: RSA® OneStep Path Traversal Vulnerability
  • From: Security Alert
• ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities
  • From: Security Alert
• CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC
  • From: Ralf Spenneberg (OpenSource Security)
• Remote privesc and RCE in Kaseya Virtual System Administrator
  • From: Pedro Ribeiro
• Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
  • From: Benjamin Daniel Mussler
• IconLover v5.4.5 - Stack Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
  • From: Vulnerability Lab
• WinRAR SFX v5.21 - Remote Code Execution Vulnerability
  • From: Vulnerability Lab
• Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability
  • From: Vulnerability Lab
• My.WiFi USB Drive v1.0 iOS - File Include Vulnerability
  • From: Vulnerability Lab
• Git-1.9.5 ssh-agent.exe Buffer Overflow
  • From: apparitionsec
• Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
  • From: ibemed
• CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
  • From: ibemed
• CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin
  • From: ibemed
• Git-1.9.5 ssh-agent.exe Buffer Overflow
  • From: apparitionsec
• [security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege
  • From: security-alert
• [SECURITY] [DSA 3368-1] cyrus-sasl2 security update
  • From: Salvatore Bonaccorso
• CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
  • From: Portcullis Advisories
• Insecure application-coupling in Good Authentication Delegation [MZ-15-03]
  • From: modzero
• FortiManager v5.2.2 Multiple XSS Vulnerabilities
  • From: apparitionsec
• Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android
  • From: Shazron
• [SECURITY] [DSA 3367-1] wireshark security update
  • From: Moritz Muehlenhoff
• BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting
  • From: appsec
• BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting
  • From: appsec
• [SECURITY] [DSA 3366-1] rpcbind security update
  • From: Salvatore Bonaccorso
• Cisco AnyConnect elevation of privileges via DMG install script
  • From: Securify B.V.
• [SECURITY] [DSA 3365-1] iceweasel security update
  • From: Moritz Muehlenhoff
• ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities
  • From: Security Alert
• Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• UltraEdit v22.20 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability
  • From: Vulnerability Lab
• Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability
  • From: Vulnerability Lab
• Reflected Cross-Site Scripting (XSS) in iTop
  • From: High-Tech Bridge Security Research
• Open-Xchange Security Advisory 2015-09-23
  • From: Martin Heiland
• [slackware-security] mozilla-firefox (SSA:2015-265-01)
  • From: Slackware Security Team
• Cisco AnyConnect elevation of privileges via DLL side loading
  • From: Securify B.V.
• [security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
  • From: security-alert
• UDID v1.0 iOS - Persistent Mail Encode Vulnerability
  • From: Vulnerability Lab
• Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3364-1] linux security update
  • From: Ben Hutchings
• APPLE-SA-2015-09-21-1 watchOS 2
  • From: Apple Product Security
• Jasig CAS server vulnerabilities
  • From: Antoni Klajn
• Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)
  • From: securityresearch
• CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
  • From: Antoine Neuenschwander
• SAP Netwaver - XML External Entity Injection
  • From: Lukasz Miedzinski
• [SECURITY] [DSA 3363-1] owncloud-client security update
  • From: Luciano Bello
• Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
  • From: Stefan Kanthak
• [SECURITY] [DSA 3362-1] qemu-kvm security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3361-1] qemu security update
  • From: Salvatore Bonaccorso
• KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• [security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information
  • From: security-alert
• APPLE-SA-2015-09-16-4 OS X Server 5.0.3
  • From: Apple Product Security
• Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)
  • From: Amit Klein
• APPLE-SA-2015-09-16-3 iTunes 12.3
  • From: Apple Product Security
• APPLE-SA-2015-09-16-2 Xcode 7.0
  • From: Apple Product Security
• APPLE-SA-2015-09-16-1 iOS 9
  • From: Apple Product Security
• Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution
  • From: security-alert
• Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files
  • From: gregory draperi
• Microsoft Exchange Information Disclosure
  • From: apparitionsec
• [SECURITY] [DSA 3360-1] icu security update
  • From: GCS
• [security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data
  • From: security-alert
• Paypal Inc - Open Redirect Web Vulnerability
  • From: Vulnerability Lab
• Openfire 3.10.2 CSRF Vulnerabilities
  • From: apparitionsec
• IKEView.exe R60 Stack Buffer Overflow
  • From: apparitionsec
• [security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass
  • From: security-alert
• [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
  • From: Ahrens, Julien
• [SECURITY] [DSA 3358-1] php5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3359-1] virtualbox security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3357-1] vzctl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3356-1] openldap security update
  • From: Salvatore Bonaccorso
• IKEView.exe Fox beta 1 Stack Buffer Overflow
  • From: apparitionsec
• [security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
  • From: security-alert
• [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
  • From: Egidio Romano
• Magento Bug Bounty #19 - Persistent Filename Vulnerability
  • From: Vulnerability Lab
• PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability
  • From: Vulnerability Lab
• Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability
  • From: Vulnerability Lab
• Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability
  • From: Vulnerability Lab
• Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15
  • From: LpSolit
• Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14
  • From: dkl
• Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
  • From: Stefan Kanthak
• DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
  • From: Onur Yilmaz
• [SECURITY] [DSA 3355-1] libvdpau security update
  • From: Alessandro Ghedini
• Multiple Cross-Site Scripting vulnerabilities in Synology Download Station
  • From: Securify B.V.
• Synology Video Station command injection and multiple SQL injection vulnerabilities
  • From: Securify B.V.
• [security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information
  • From: security-alert
• [security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS)
  • From: security-alert
• [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials
  • From: ERPScan inc
• [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
  • From: ERPScan inc
• [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository
  • From: ERPScan inc
• ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability
  • From: Security Alert
• ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities
  • From: Security Alert
• [security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
  • From: Securify B.V.
• Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
  • From: Stefan Kanthak
• [SECURITY] [DSA 3354-1] spice security update
  • From: Salvatore Bonaccorso
• Re: Oracle Hyperion password disclosure...
  • From: jeff . kayser
• [CVE-2015-3623] Qlikview blind XXE Security Vulnerability
  • From: alex_haynes
• NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation.
  • From: Elliott Lewis
• [SECURITY] [DSA 3353-1] openslp-dfsg security update
  • From: Alessandro Ghedini
• JSPMySQL Administrador CSRF & XSS Vulnerabilities
  • From: apparitionsec
• Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability
  • From: David Coomber
• Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability
  • From: David Coomber
• Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
  • From: Stefan Kanthak
• Oracle Hyperion password disclosure...
  • From: Jeff Kayser
• [SECURITY] [DSA 3352-1] screen security update
  • From: Laszlo Boszormenyi
• [slackware-security] seamonkey (SSA:2015-246-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3351-1] chromium-browser security update
  • From: Michael Gilbert
• [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
  • From: Julien Ahrens
• ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability
  • From: Security Alert
• Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
  • From: hdau
• [SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key
  • From: sven . freund
• [slackware-security] bind (SSA:2015-245-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3350-1] bind9 security update
  • From: Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-15:23.bind
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3348-1] qemu security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3349-1] qemu-kvm security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3347-1] pdns security update
  • From: Sébastien Delafond
• ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability
  • From: Security Alert
• Cross-Site Request Forgery in Cerb
  • From: High-Tech Bridge Security Research
• [slackware-security] gdk-pixbuf2 (SSA:2015-244-01)
  • From: Slackware Security Team
• CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
  • From: David Black
• KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
  • From: KoreLogic Disclosures
• KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
  • From: KoreLogic Disclosures
• [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
  • From: CORE Advisories Team
• [security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code
  • From: security-alert
• [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
  • From: security-alert
• Dogma India dogmaindia CMS - Auth Bypass Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3346-1] drupal7 security update
  • From: Alessandro Ghedini
• Jenkins 1.626 - Cross Site Request Forgery / Code Execution
  • From: smash
• LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
  • From: Vulnerability Lab
• PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information
  • From: security-alert