Bugtraq
[Prev Page][Next Page]
- [security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access
- [security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information
- [SECURITY] [DSA 3345-1] iceweasel security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-firefox (SSA:2015-241-01)
- From: Slackware Security Team
- Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- [SECURITY] [DSA 3344-1] php5 security update
- [security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information
- UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- [security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
- [security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information
- CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins
- From: grajalerts . noreply
- [security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information
- [security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information
- [security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information
- [security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information
- [SECURITY] [DSA 3343-1] twig security update
- RE: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-15:21.amd64
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:22.openssh
- From: FreeBSD Security Advisories
- [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities
- [security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities
- [security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities
- [security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
- [security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification
- [security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification
- [SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation
- [SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials
- Cross site request forgery vulnerability in Linksys WAG120N
- [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution
- Logstash vulnerability CVE-2015-5619
- [slackware-security] gnutls (SSA:2015-233-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution
- Logstash vulnerability CVE-2015-5619
- [security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- Re: [SECURITY] [DSA 3325-2] apache2 regression update
- APPLE-SA-2015-08-20-1 QuickTime 7.7.8
- From: Apple Product Security
- Re: Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability
- [security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege
- [SECURITY] [DSA 3342-1] vlc security update
- [oCERT-2015-009] VLC arbitrary pointer dereference
- UBNT Bug Bounty #3 - Persistent Filename Vulnerability
- UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability
- WebSolutions India Design CMS - SQL Injection Vulnerability
- ChiefPDF Software v2.x - Buffer Overflow Vulnerability
- PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability
- Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
- [SECURITY] [DSA 3341-1] conntrack security update
- From: Salvatore Bonaccorso
- ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- [SECURITY] [DSA 3340-1] zendframework security update
- [SECURITY] [DSA 3339-1] openjdk-6 security update
- [security bulletin] HPSBUX03400 SSRT102211 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
- Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532)
- Re: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- RE: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- From: Chillman, Paul, Vodafone UK
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- [SYSS-2015-041] XSS in OpenText Secure MFT
- Trend Micro Deep Discovery XSS
- Trend Micro Deep Discovery Authentication Bypass
- Re: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
- CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation
- FreeBSD Security Advisory FreeBSD-SA-15:20.expat
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3338-1] python-django security update
- [SECURITY] [DSA 3337-1] gdk-pixbuf security update
- [SECURITY] [DSA 3325-2] apache2 regression update
- Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE
- Re: Re: [SECURITY] [DSA 3336-1] nss security update
- Re: [SECURITY] [DSA 3336-1] nss security update
- EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
- [SECURITY] [DSA 3336-1] nss security update
- From: Salvatore Bonaccorso
- sysadmin privilege in EMC Documentum Content Server
- Insufficient certificate validation in EMC Secure Remote Services Virtual Edition
- Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal
- [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE
- [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow
- ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability
- ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
- ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities
- ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
- Oracle CSO numbers, security hygiene and fixes at the same time
- From: Security Explorations
- Poor security in SOHO routers, again. Changing configuration parameters with a click.
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,
- Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
- Re: [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: [FD] Mozilla extensions: a security nightmare
- Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability
- vBulletin x.x.x rce "0day"
- [slackware-security] mozilla-firefox (SSA:2015-226-01)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2015-226-02)
- From: Slackware Security Team
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
- From: Blue Frost Security Research Lab
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local)
- APPLE-SA-2015-08-13-4 OS X Server v4.1.5
- From: Apple Product Security
- APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
- From: Apple Product Security
- APPLE-SA-2015-08-13-3 iOS 8.4.1
- From: Apple Product Security
- APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
- From: Apple Product Security
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- [security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution
- [security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information
- Update: Backdoor and RCE found in 8 TOTOLINK router models
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- From: Limanovski, Dimitri
- [SECURITY] [DSA 3335-1] request-tracker4 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3332-1] wordpress security update
- [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0
- phpipam-1.1.010 XSS Vulnerability
- PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users
- phpipam-1.1.010 XSS Vulnerability
- BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
- From: Blue Frost Security Research Lab
- PHPfileNavigator 2.3.3 Persistent & Reflected XSS
- [SECURITY] [DSA 3333-1] iceweasel security update
- bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
- Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Pdf Shaper Buffer Overflow
- [SECURITY] [DSA 3334-1] gnutls28 security update
- From: Salvatore Bonaccorso
- [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
- From: Onapsis Research Labs
- [slackware-security] mozilla-firefox (SSA:2015-219-01)
- From: Slackware Security Team
- [slackware-security] mozilla-nss (SSA:2015-219-02)
- From: Slackware Security Team
- [SECURITY] [DSA 3330-1] activemq security update
- QNAP crypto keys logged on unencrypted disk partition in world accessible files
- Device Inspector v1.5 iOS - Command Inject Vulnerabilities
- Ferrari - PHP CGI Argument Injection (RCE) Vulnerability
- Thomson Reuters FATCA - Arbitrary File Upload
- From: jakub . palaczynski
- Re: [FD] Mozilla extensions: a security nightmare
- [SECURITY] [DSA 3329-1] linux security update
- From: Salvatore Bonaccorso
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- RE: [FD] Mozilla extensions: a security nightmare
- RE: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- FreeBSD Security Advisory FreeBSD-SA-15:19.routed
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch
- From: FreeBSD Security Advisories
- Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
- Re: [FD] Mozilla extensions: a security nightmare
- [security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3328-2] wordpress regression update
- Mozilla extensions: a security nightmare
- [SECURITY] [DSA 3328-1] wordpress security update
- [SECURITY] [DSA 3327-1] squid3 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3326-1] ghostscript security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3325-1] apache2 security update
- [SECURITY] [DSA 3324-1] icedove security update
- [SECURITY] [DSA 3323-1] icu security update
- Multiple XSS vulnerabilities in FortiSandbox WebUI
- [SECURITY] [DSA 3322-1] ruby-rack security update
- From: Salvatore Bonaccorso
- phpFileManager 0.9.8 Remote Command Execution
- HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
- [SECURITY] [DSA 3321-1] xmltooling security update
- [SECURITY] [DSA 3320-1] openafs security update
- Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Dell Netvault Backup Remote Denial of Service
- FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
- From: FreeBSD Security Advisories
- [security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information
- Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information
- phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability
- [slackware-security] bind (SSA:2015-209-01)
- From: Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-15:17.bind
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:16.openssh
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:15.tcp
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch
- From: FreeBSD Security Advisories
- [security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information
- [SECURITY] [DSA 3319-1] bind9 security update
- From: Salvatore Bonaccorso
- SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities
- From: SEC Consult Vulnerability Lab
- Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne
- From: Samuel Lavitt - CVE-2015-0942
- Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
- Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability
- [SECURITY] [DSA 3318-1] expat security update
- [SECURITY] [DSA 3317-1] lxc security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3316-1] openjdk-7 security update
- Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
- Hawkeye-G v3.0.1 Persistent XSS & Information Leakage
- Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
- [SECURITY] [DSA 3315-1] chromium-browser security update
- Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878
- [SECURITY] [DSA 3314-1] typo3-src end of life
- Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
- From: Qualys Security Advisory
- ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability
- [SECURITY] [DSA 3313-1] linux security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2015-118: EMC Avamar Directory Traversal Vulnerability
- Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02]
- Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin
- From: High-Tech Bridge Security Research
- SQL Injection in Count Per Day WordPress Plugin
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3312-1] cacti security update
- NetCracker Resource Management 8.0 - SQL Injection Vulnerability
- NetCracker Resource Management 8.0 - XSS Vulnerability
- Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
- From: FreeBSD Security Advisories
- Logstash vulnerability CVE-2015-5378
- WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals
- CVE-2015-5379: Axigen XSS vulnerability for html attachments
- [security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
- [security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information
- [security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3311-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3310-1] freexl security update
- [SECURITY] [DSA 3309-1] tidy security update
- [SECURITY] [DSA 3308-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [slackware-security] httpd (SSA:2015-198-01)
- From: Slackware Security Team
- [slackware-security] php (SSA:2015-198-02)
- From: Slackware Security Team
- AirDroid ID - Client Side JSONP Callback Vulnerability
- FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability
- UDID+ v2.5 iOS - Mail Command Inject Vulnerability
- Oracle E-Business Suite Servlet URL Redirection Vulnerability
- Novell GroupWise 2014 WebAccess vulnerable to XSS attacks
- SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express
- From: SEC Consult Vulnerability Lab
- Elasticsearch CVE-2015-5531
- Elasticsearch CVE-2015-5377
- ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability
- ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability
- Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs
- [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure
- Backdoor and RCE found in 8 TOTOLINK router models
- Backdoor credentials found in 4 TOTOLINK router models
- 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
- 15 TOTOLINK router models vulnerable to multiple RCEs
- Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5
- XSS vulnerability in OFBiz forms
- [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect
- CFP: Passwords 2015, Dec 7-9, Cambridge, UK
- CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal
- [SYSS-2015-031] sysPass - SQL Injection
- phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS
- [slackware-security] mozilla-thunderbird (SSA:2015-192-01)
- From: Slackware Security Team
- SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8
- [security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information
- Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)
- ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability
- CVE-2014-7952, Android ADB backup APK injection vulnerability
- NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
- From: VMware Security Response Center
- [SECURITY] [DSA 3307-1] pdns-recursor security update
- [SECURITY] [DSA 3306-1] pdns security update
- [slackware-security] openssl (SSA:2015-190-01)
- From: Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-15:12.openssl
- From: FreeBSD Security Advisories
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution
- [SECURITY] [DSA 3305-1] python-django security update
- [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection
- From: CORE Advisories Team
- [security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information
- Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution
- SQL Injection in easy2map-photos wordpress plugin v1.09
- From: Larry W. Cashdollar
- Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
- From: Larry W. Cashdollar
- Symantec EP 12.1.4013 Disabling Vulnerability
- [slackware-security] bind (SSA:2015-188-04)
- From: Slackware Security Team
- [slackware-security] ntp (SSA:2015-188-03)
- From: Slackware Security Team
- [slackware-security] cups (SSA:2015-188-01)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-188-02)
- From: Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-15:11.bind
- From: FreeBSD Security Advisories
- [security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information
- [security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information
- RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED)
- From: Patterson, Derrick A CTR (US)
- [security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information
- [security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information
- [SECURITY] [DSA 3303-1] cups-filters security update
- [SECURITY] [DSA 3302-1] libwmf security update
- [CORE-2015-0012] - AirLive Multiple Products OS Command Injection
- From: CORE Advisories Team
- Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
- phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities
- Google Chrome Address Spoofing - Google's Opinion
- [SECURITY] [DSA 3301-1] haproxy security update
- From: Salvatore Bonaccorso
- 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request
- Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability
- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
- Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled
- Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
- [SECURITY] [DSA 3300-1] iceweasel security update
- WK UDID v1.0.1 iOS - Command Inject Vulnerability
- Ruxcon 2015 Final Call For Presentations
- CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0
- SQL Injection in easy2map wordpress plugin v1.24
- From: Larry W. Cashdollar
- ipTIME n104r3 vulnerable to CSRF and XSS attacks
- [SECURITY] [DSA 3299-1] stunnel4 security update
- From: Salvatore Bonaccorso
- ToorCon 17 Call For Papers!
- iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)
- ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability
- ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
- ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities
- Path Traversal in BlackCat CMS
- From: High-Tech Bridge Security Research
- Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability
- FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability
- Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability
- Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability
- Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects
- APPLE-SA-2015-06-30-6 iTunes 12.2
- From: Apple Product Security
- [SECURITY] [DSA 3298-1] jackrabbit security update
- APPLE-SA-2015-06-30-5 QuickTime 7.7.7
- From: Apple Product Security
- APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
- From: Apple Product Security
- APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
- From: Apple Product Security
- APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
- From: Apple Product Security
- APPLE-SA-2015-06-30-1 iOS 8.4
- From: Apple Product Security
- Google Chrome Address Spoofing (Request For Comment)
- CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
- [SECURITY] [DSA 3297-1] unattended-upgrades security update
- [SECURITY] [DSA 3296-1] libcrypto++ security update
- novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
- CollabNet Subversion Edge indes local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing single login restriction
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge weak password storage mechanism
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing XSRF protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge weak password policy
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge autocomplete on
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing clickjacking protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing brute force protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge show local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge insecure password change
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge tail local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge downloadHook local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge Password Hash Leak
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge Hook Script Privilege Escalation
- From: Oliver-Tobias Ripka
- CSRF Vulnerability in C2Box application CVE-2015-4460
- Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10
- [security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information
- [security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege
- [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
- SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences
- From: SEC Consult Vulnerability Lab
- ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
- CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability
- Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
- From: Cisco Systems Product Security Incident Response Team
- ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
- Netgear Prosafe VPN Firewalls - Multiple vulnerabilities
- [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE
- [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll
- [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS
- [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
- [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure
- [ERPSCAN-15-005] SAP Mobile Platform - XXE
- [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE
- [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE
- [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS
- [SECURITY] [DSA 3295-1] cacti security update
- From: Salvatore Bonaccorso
- CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders
- From: Federick Joe P Fajardo
- CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004
- [SECURITY] [DSA 3294-1] wireshark security update
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability
- ESA-2015-109: EMC Documentum D2 Cross-Site Scripting
- KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass)
- [security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information
- The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address
- ManageEngine Asset Explorer v6.1 - Persistent Vulnerability
- [oCERT-2015-008] FreeRADIUS insufficent CRL application
- GeniXCMS XSS Vulnerabilities
- mysql-lite-administrator XSS vulnerabilities
- mysql-lite-administrator XSS vulnerabilities
- [SECURITY] [DSA 3293-1] pyjwt security update
- [CVE-2015-3188] Apache Storm remote code execution vulnerability
- Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability
- Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability
- Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability
- ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability
- ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
- [SECURITY] [DSA 3292-1] cinder security update
- DUO Security push Timing Attack
- [SECURITY] [DSA 3291-1] drupal7 security update
- [SECURITY] [DSA 3290-1] linux security update
- [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information
- [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information
- VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities
- Reflected Cross-Site Scripting (XSS) in SearchBlox
- From: High-Tech Bridge Security Research
- OS Command Injection in Vesta Control Panel
- From: High-Tech Bridge Security Research
- ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities
- ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability
- BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability
- [SECURITY] [DSA 3289-1] p7zip security update
- [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager
- From: RedTeam Pentesting GmbH
- WebdesignJiNi Cms Sql Injection Vulnerability
- Productsurf Cms Sql Injection Vulnerability
- [SECURITY] [DSA 3252-2] sqlite3 security update
- [SECURITY] [DSA 3288-1] libav security update
- [SECURITY] [DSA 3287-1] openssl security update
- Buffer Overflow in My Wifi Router Software
- [SECURITY] [DSA 3286-1] xen security update
- [SECURITY] [DSA 3285-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [slackware-security] openssl (SSA:2015-162-01)
- From: Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-15:10.openssl
- From: FreeBSD Security Advisories
- [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting
- ZCMS SQL Injection & Persistent XSS
- [slackware-security] php (SSA:2015-162-02)
- From: Slackware Security Team
- Nakid-CMS CSRF, Persistent XSS & LFI
- [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
- [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
- [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
- Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
- From: Larry W. Cashdollar
- Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- D-Link DSP-W110 - multiple vulnerabilities
- [security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities
- Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
- From: Larry W. Cashdollar
- XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
- Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability
- Use-After-Free in PHP
- From: High-Tech Bridge Security Research
- Multiple Vulnerabilities in ISPConfig
- From: High-Tech Bridge Security Research
- Arbitrary File Disclosure and Open Redirect in Bonita BPM
- From: High-Tech Bridge Security Research
- [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
- From: RedTeam Pentesting GmbH
- [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
- From: RedTeam Pentesting GmbH
- [security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities
- Elasticsearch vulnerability CVE-2015-4165
- Kibana vulnerability CVE-2015-4093
- Logstash vulnerability CVE-2015-4152
- [SECURITY] [DSA 3283-1] cups security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution
- [security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS)
- NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues
- From: VMware Security Response Center
- CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016
- From: icissp . secretariat
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities
- Symphony CMS XSS Vulnerability [Corrected Post]
- [SECURITY] [DSA 3282-1] strongswan security update
- Symphony CMS XSS Vulnerability
- AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
- [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice
- [SECURITY] [DSA 3280-1] php5 security update
- Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App
- [SECURITY] [DSA 3279-1] redis security update
- Symphony CMS 2.6.2
- CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4
- Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
- From: Larry W. Cashdollar
- Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure
- CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
- 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- Wing FTP Server Remote Code Execution vulnerability
- [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities
- [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability
- CA20150604-01: Security Notice for CA Common Services
- [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access
- CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
- IBM Watson (Cognea) - XSS and Redirect Vulnerabilities
- [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
- [SECURITY] [DSA 3278-1] libapache-mod-jk security update
- ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability
- Local PHP File Inclusion in ResourceSpace
- From: High-Tech Bridge Security Research
- Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability
- Safari Address Spoofing - Impact, Code, How It Works, History
- [SECURITY] [DSA 3249-2] jqueryui security update
- [SECURITY] [DSA 3277-1] wireshark security update
- WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability
- vfront-0.99.2 CSRF & Persistent XSS
- Enhanced SQL Portal 5.0.7961 XSS Vulnerability
- Freebox OS Web interface 3.0.2 XSS, CSRF
- t2'15: Call for Papers 2015 (Helsinki / Finland)
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
- WebDrive Buffer OverFlow PoC
- Ektron CMS 9.10 SP1 - XSS Vulnerability
- Ektron CMS 9.10 SP1 - CSRF Vulnerability
- [SECURITY] [DSA 3276-1] symfony security update
- [SECURITY] [DSA 3269-2] postgresql-9.1 regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3275-1] fusionforge security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
- [security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
- JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities
- [SECURITY] [DSA 3274-1] virtualbox security update
- [security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege
- Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution
- CVE-2015-1835: ...
- From: Dirk-Willem van Gulik on behalf of Apache Cordova
- [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices
- DbNinja 3.2.6 Flash XSS Vulnerabilities
- DbNinja 3.2.6 Flash XSS Vulnerabilities
- [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability
- From: Onapsis Research Labs
- Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability
- [SECURITY] [DSA 3268-2] ntfs-3g security update
- From: Salvatore Bonaccorso
- CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]
- [SECURITY] [DSA 3273-1] tiff security update
- Synology Photo Station multiple Cross-Site Scripting vulnerabilities
- Reflected Cross-Site Scripting in Synology DiskStation Manager
- Command injection vulnerability in Synology Photo Station
- [SECURITY] [DSA 3265-2] zendframework regression update
- [SECURITY] [DSA 3272-1] ipsec-tools security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3271-1] nbd security update
- [security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege
- [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
- From: CORE Advisories Team
- [SECURITY] [DSA 3270-1] postgresql-9.4 security update
- [SECURITY] [DSA 3268-1] ntfs-3g security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3267-1] chromium-browser security update
- [security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
- [SECURITY] [DSA 3266-1] fuse security update
- From: Salvatore Bonaccorso
- Webgrind XSS vulnerability
- CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
- CVE for Apple's ECDHE-ECDSA SecureTransport bug?
- [SECURITY] [DSA 3261-2] libmodule-signature-perl regression update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities
- [security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities
- Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability
- Stored XSS in WP Photo Album Plus WordPress Plugin
- From: High-Tech Bridge Security Research
- WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability
- [SECURITY] [DSA 3265-1] zendframework security update
- Staff FTP v3.04 Software - DLL Hijacking Vulnerability
- HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability
- ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability
- Staff FTP v3.04 Software - DLL Hijacking Vulnerability
- [SECURITY] [DSA 3263-1] proftpd-dfsg security update
- [SECURITY] [DSA 3264-1] icedove security update
- [security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
- APPLE-SA-2015-05-19-1 Watch OS 1.0.1
- From: Apple Product Security
- [security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
- WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability
- [SECURITY] [DSA 3175-2] kfreebsd-9 security update
- [SECURITY] [DSA 3262-1] xen security update
- OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities
- iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability
- Wireless Photo Transfer v3.0 iOS - File Include Vulnerability
- CRUCMS Crucial Networking - SQL Injection Vulnerability
- [slackware-security] mozilla-thunderbird (SSA:2015-137-01)
- From: Slackware Security Team
- ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability
- [SECURITY] [DSA 3261-1] libmodule-signature-perl security update
- From: Salvatore Bonaccorso
- [SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine
- From: Security Explorations
- phpMyAdmin 4.4.6 Man-In-the-Middle API Github
- [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
- SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2)
- From: SEC Consult Vulnerability Lab
- Sidu 5.2 Admin XSS Vulnerability
- Certificate trust vulnerability in Websense Content Gateway
- Server buffer overflow in Pure Faction <= 3.0c
- [SECURITY] [DSA 3260-1] iceweasel security update
- [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities
- From: CORE Advisories Team
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
- From: Cisco Systems Product Security Incident Response Team
- Web India Solutions CMS 2015 - SQL Injection Vulnerability
- [SECURITY] [DSA 3259-1] qemu security update
- Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250
- Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products
- From: Cisco Systems Product Security Incident Response Team
- SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server
- From: SEC Consult Vulnerability Lab
- [slackware-security] mozilla-firefox (SSA:2015-132-04)
- From: Slackware Security Team
- [SECURITY] [DSA 3258-1] quassel security update
- [security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information
- [slackware-security] mysql (SSA:2015-132-02)
- From: Slackware Security Team
- [slackware-security] wpa_supplicant (SSA:2015-132-03)
- From: Slackware Security Team
- [slackware-security] mariadb (SSA:2015-132-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3257-1] mercurial security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
- [oCERT-2015-006] dcraw input sanitization errors
- [SECURITY] [DSA 3256-1] libtasn1-6 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3255-1] zeromq3 security update
- [SECURITY] [DSA 3254-1] suricata security update
- From: Salvatore Bonaccorso
- Sqlbuddy Path Traversal Vulnerability
- Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability
- [security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
- Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities
- [ MDVSA-2015:232 ] libtasn1
- [SECURITY] [DSA 3251-2] dnsmasq regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3253-1] pound security update
- CSRF/XSS In Ad_Button Wordpress
- CSRF/XSS in embed-articles Wordpress Plugin
- [security bulletin] HPSBUX03194 rev.1 - HP-UX running sendmail(1M), Remote Disclosure of Information
- Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability
- Album Streamer v2.0 iOS - Directory Traversal Vulnerability
- Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability
- Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429
- [ MDVSA-2015:231 ] perl-XML-LibXML
- [SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass
- [SYSS-2015-019] BullGuard Antivirus - Authentication Bypass
- [SYSS-2015-017] BullGuard Internet Security - Authentication Bypass
- F5 ASM JSON Profile Bypass
- APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
- From: Apple Product Security
- [SE-2014-02] Some additional GAE Java security sandbox bypasses
- From: Security Explorations
- Alienvault OSSIM/USM Multiple Vulnerabilities
- [SECURITY] [DSA 3252-1] sqlite3 security update
- CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin
- CSRF/XSS In ClickBank ads Wordpress Plugin
- CSRF/XSS In Manage Engine Asset Explorer
- CSRF/XSSIn Ad_InSerter Wordpress
- CSRF/XSS In Embed ArticlesWordpress Plugin
- Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Advisory: Filezilla FTP server is vulnerable to FTP PORT bounce
- TORNADO Computer Trading CMS - SQL Injection Vulnerability
- PDF Converter & Editor 2.1 iOS - File Include Vulnerability
- [ MDVSA-2015:230 ] squid
- [ MDVSA-2015:229 ] net-snmp
- [ MDVSA-2015:228 ] nodejs
- Arbitrary Variable Overwrite in eShop WordPress Plugin
- From: High-Tech Bridge Security Research
- [SECURITY] CVE-2014-0230: Apache Tomcat DoS
- F5 BIG-IQ Enumeration of users and Information Disclosure
- [SECURITY] [DSA 3251-1] dnsmasq security update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:227 ] mariadb
- Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability
- vPhoto-Album v4.2 iOS - File Include Web Vulnerability
- [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL
- [SECURITY] [DSA 3250-1] wordpress security update
- ESA-2015-084: EMC AutoStart Packet Injection Vulnerability
- European Cyber Security Challenge 2015
- [ MDVSA-2015:226 ] fcgi
- ESA-2015-077: EMC SourceOne Email Management Account Lockout
- [ MDVSA-2015:225 ] cherokee
- [ MDVSA-2015:224 ] ruby
- [ MDVSA-2015:223 ] directfb
- [ MDVSA-2015:222 ] ppp
- [ MDVSA-2015:221 ] clamav
- [SECURITY] [DSA 3249-1] jqueryui security update
- [ MDVSA-2015:219 ] curl
- [ MDVSA-2015:220 ] curl
- HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability
- Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability
- Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities
- Grindr v2.1.1 iOS - (eMail) Session Vulnerability
- Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability
- PhotoWebsite v3.1 iOS - File Include Web Vulnerability
- [SECURITY] [DSA 3248-1] libphp-snoopy security update
- [SECURITY] [DSA 3247-1] ruby2.1 security update
- [SECURITY] [DSA 3246-1] ruby1.9.1 security update
- [SECURITY] [DSA 3245-1] ruby1.8 security update
- [SECURITY] [DSA 3244-1] owncloud security update
- From: Salvatore Bonaccorso
- Code Injection in Epicor Retail Store 3.2.03.01.008
- [SECURITY] [DSA 3243-1] libxml-libxml-perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3242-1] chromium-browser security update
- SevDesk v1.1 iOS - Persistent Dashboard Vulnerability
- [SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities
- [ MDVSA-2015:218 ] glibc
- [ MDVSA-2015:217 ] sqlite3
- [SECURITY] [DSA 3241-1] elasticsearch security update
- [security bulletin] HPSBGN03324 rev.1 - HP Business Service Automation Essentials Core, Remote Disclosure of Information
- [security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information
- [SECURITY] [DSA 3239-1] icecast2 security update
- [SECURITY] [DSA 3240-1] curl security update
- ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability
- [security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
- [ MDVSA-2015:216 ] ntop
- [ MDVSA-2015:214 ] libksba
- [ MDVSA-2015:215 ] t1utils
- [ MDVSA-2015:213 ] lftp
- [oCERT-2015-003] MySQL SSL/TLS downgrade
- Multiple Vulnerabilities in TheCartPress WordPress plugin
- From: High-Tech Bridge Security Research
- CSRF & XSS Wing FTP Server Admin <= v4.4.5
- PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability
- SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability
[Index of Archives]
[Linux Security]
[Netfilter]
[PHP]
[Yosemite News]
[Linux Kernel]
