Bugtraq

Date Index

[Prev Page][Next Page]

[SECURITY] [DSA 4163-1] beep security update, Moritz Muehlenhoff
[SECURITY] [DSA 4160-1] libevt security update, Moritz Muehlenhoff
[SECURITY] [DSA 4159-1] remctl security update, Moritz Muehlenhoff
[SECURITY] [DSA 4162-1] irssi security update, Moritz Muehlenhoff
[SECURITY] [DSA 4161-1] python-django security update, Luciano Bello
[slackware-security] php (SSA:2018-090-01), Slackware Security Team
[SECURITY] [DSA 4158-1] openssl1.0 security update, Salvatore Bonaccorso
APPLE-SA-2018-3-29-3 tvOS 11.3, Apple Product Security
[slackware-security] ruby (SSA:2018-088-01), Slackware Security Team
APPLE-SA-2018-3-29-5 macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan, Apple Product Security
APPLE-SA-2018-3-29-8 iCloud for Windows 7.4, Apple Product Security
APPLE-SA-2018-3-29-4 Xcode 9.3, Apple Product Security
CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center, Williams, Ken
APPLE-SA-2018-3-29-2 watchOS 4.3, Apple Product Security
[SECURITY] [DSA 4157-1] openssl security update, Salvatore Bonaccorso
APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows, Apple Product Security
APPLE-SA-2018-3-29-6 Safari 11.1, Apple Product Security
APPLE-SA-2018-3-29-1 iOS 11.3, Apple Product Security
[SECURITY] [DSA 4156-1] drupal7 security update, Salvatore Bonaccorso
CA20180328-01: Security Notice for CA API Developer Portal, Kotas, Kevin J
[SECURITY] [DSA 4155-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4154-1] net-snmp security update, Salvatore Bonaccorso
[SECURITY] [DSA 4153-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4152-1] mupdf security update, Luciano Bello
Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability, Vulnerability Lab
Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities, Vulnerability Lab
Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities, Vulnerability Lab
AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2018-085-01), Slackware Security Team
[SECURITY] [DSA 4151-1] librelp security update, Salvatore Bonaccorso
[slackware-security] mozilla-thunderbird (SSA:2018-082-01), Slackware Security Team
Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links, Securify B.V.
[SECURITY] [DSA 4150-1] icu security update, Moritz Muehlenhoff
[SECURITY] [DSA 4149-1] plexus-utils2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4148-1] kamailio security update, Moritz Muehlenhoff
ModSecurity WAF 3.0 for Nginx - Denial of Service, x ksi
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal, x ksi
Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation, x ksi
Secunia Research: Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure Vulnerability, Secunia Research
Secunia Research: Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure Vulnerability, Secunia Research
Advisory - Bitbucket Server - CVE-2018-5225, Matthew Hart
Secunia Research: Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure Vulnerability, Secunia Research
[SECURITY] [DSA 4147-1] polarssl security update, Sebastien Delafond
[SECURITY] [DSA 4146-1] plexus-utils security update, Moritz Muehlenhoff
CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries, Advisories
ES2018-05 Kamailio heap overflow, Sandro Gauci
[slackware-security] mozilla-firefox (SSA:2018-075-01), Slackware Security Team
[slackware-security] libvorbis (SSA:2018-076-01), Slackware Security Team
[SECURITY] [DSA 4142-1] uwsgi security update, Salvatore Bonaccorso
[SECURITY] [DSA 4145-1] gitlab security update, Moritz Muehlenhoff
[SECURITY] [DSA 4143-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4144-1] openjdk-8 security update, Moritz Muehlenhoff
RedCoded ISR: Abine Blur Password Manager Insecure Permissions (CVE-2018-8213), (RS) Tyler Schroder
[SECURITY] [DSA 4141-1] libvorbisidec security update, Salvatore Bonaccorso
[SECURITY] [DSA 4140-1] libvorbis security update, Salvatore Bonaccorso
[CVE-2017-1205] IBM Spectrum LSF Privilege Escalation, john . fitzpatrick
[SECURITY] [DSA 4139-1] firefox-esr security update, Moritz Muehlenhoff
[slackware-security] curl (SSA:2018-074-01), Slackware Security Team
[SECURITY] [DSA 4138-1] mbedtls security update, Sebastien Delafond
[SECURITY] [DSA 4137-1] libvirt security update, Moritz Muehlenhoff
[SECURITY] [DSA 4136-1] curl security update, Alessandro Ghedini
SEC Consult SA-20180314-0 :: Arbitrary Shortcode Execution & Local File Inclusion in WooCommerce Products Filter (PluginUs.Net), SEC Consult Vulnerability Lab
FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution, FreeBSD Security Advisories
[slackware-security] mozilla-firefox (SSA:2018-072-01), Slackware Security Team
[slackware-security] samba (SSA:2018-072-02), Slackware Security Team
[RT-SA-2017-012] Shopware Cart Accessible by Third-Party Websites, RedTeam Pentesting GmbH
[SECURITY] [DSA 4135-1] samba security update, Salvatore Bonaccorso
SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4134-1] util-linux security update, Salvatore Bonaccorso
[RT-SA-2018-001] Arbitrary Redirect in Tuleap, RedTeam Pentesting GmbH
FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec [REVISED], FreeBSD Security Advisories
[SECURITY] [DSA 4133-1] isc-dhcp security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-18:01.ipsec, FreeBSD Security Advisories
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Downloadable Products, Defense Code
DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities, Defense Code
DefenseCode Security Advisory: Magento Stored Cross-Site Scripting – Product Attributes, Defense Code
DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery, Defense Code
- <Possible follow-ups>
- DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery, Defense Code
[SECURITY] [DSA 4120-2] linux regression update, Salvatore Bonaccorso
[SECURITY] [DSA 4132-1] libvpx security update, Moritz Muehlenhoff
[SECURITY] [DSA 4129-1] freexl security update, Moritz Muehlenhoff
[SECURITY] [DSA 4130-1] dovecot security update, Salvatore Bonaccorso
KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service, KoreLogic Disclosures
- <Possible follow-ups>
- KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service, KoreLogic Disclosures
[SECURITY] [DSA 4131-1] xen security update, Moritz Muehlenhoff
[SECURITY] [DSA 4128-1] trafficserver security update, Sebastien Delafond
[Newsletter/Marketing] [slackware-security] ntp (SSA:2018-060-02), Slackware Security Team
[Newsletter/Marketing] [slackware-security] dhcp (SSA:2018-060-01), Slackware Security Team
[security bulletin] MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS), cyber-psrt
[SECURITY] [DSA 4127-1] simplesamlphp security update, Thijs Kinkhorst
CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor, spinfoo
- <Possible follow-ups>
- CVE-2017-12544 XSS on HPE System Management Homepage v7.6.0.11 and minor, spinfoo
[security bulletin] MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities, cyber-psrt
Secunia Research: Linux Kernel "_sctp_make_chunk()" Denial of Service Vulnerability, Secunia Research
SEC Consult SA-20180228-0 :: Insecure Direct Object Reference vulnerability in TestLink Open Source Test Management, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4124-1] lucene-solr security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service, security-alert
SEC Consult SA-20180227-0 :: OS command injection, arbitrary file upload & SQL injection in ClipBucket, SEC Consult Vulnerability Lab
ES2018-03 Asterisk pjsip sdp invalid media format description segfault, Sandro Gauci
ES2018-04 Asterisk pjsip tcp segfault, Sandro Gauci
ES2018-02 Asterisk pjsip sdp invalid fmtp segfault, Sandro Gauci
ES2018-01 Asterisk pjsip subscribe stack corruption, Sandro Gauci
CMS Made Simple 2.1.6 - Remote Code Execution, displaymyname
[SECURITY] [DSA 4123-1] drupal7 security update, Moritz Muehlenhoff
Re: [CVE-2018-1000088] Stored XSS vulnerability in Doorkeeper gem v2.1.0 - v4.2.5, Justin Bull
[security bulletin] MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance, cyber-psrt
[SECURITY] [DSA 4122-1] squid3 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4120-1] linux security update, Yves-Alexis Perez
[CORE-2017-0006] Trend Micro Email Encryption Gateway Multiple Vulnerabilities, Core Security Advisories Team
DefenseCode Security Advisory: PureVPN Windows Privilege Escalation Vulnerability, Defense Code
[SECURITY] [DSA 4121-1] gcc-6 security update, Moritz Muehlenhoff
SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors, SEC Consult Vulnerability Lab
Sharutils 4.15.2 Heap-Buffer-Overflow, nafiez
- Sharutils 4.15.2 Heap-Buffer-Overflow, nafiez
Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS, preethiknambiar
Multiple Persistent XSS vulnerabilities in Radiant Content Management System, suparna . kachru
APPLE-SA-2018-02-19-3 tvOS 11.2.6, Apple Product Security
APPLE-SA-2018-02-19-1 iOS 11.2.6, Apple Product Security
APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update, Apple Product Security
APPLE-SA-2018-02-19-4 watchOS 4.2.3, Apple Product Security
[SECURITY] [DSA 4119-1] libav security update, Moritz Muehlenhoff
[SECURITY] [DSA 4118-1] tomcat-native security update, Salvatore Bonaccorso
Kentico CMS version 9 through 11 - Cross-Site Scripting (Reflect), displaymyname
Kentico CMS version 9 through 11 - Arbitrary Code Execution, displaymyname
[SECURITY] [DSA 4117-1] gcc-4.9 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4116-1] plasma-workspace security update, Moritz Muehlenhoff
Security advisory for Bugzilla 5.1.1, 5.0.3, and 4.4.12, dkl
[slackware-security] irssi (SSA:2018-046-01), Slackware Security Team
[SECURITY] [DSA 4115-1] quagga security update, Salvatore Bonaccorso
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-Unrestricted File Upload, Arvind Vishwakarma
Vulnerability Disclosure (Web Apps)-Bravo Tejari Web Portal-CSRF, Arvind Vishwakarma
[SECURITY] [DSA 4114-1] jackson-databind security update, Sebastien Delafond
[SECURITY] [DSA 4113-1] libvorbis security update, Moritz Muehlenhoff
[SECURITY] [DSA 4112-1] xen security update, Moritz Muehlenhoff
NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security), apparitionsec
Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS, Stefan Kanthak
[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification, cyber-psrt
CSNC-2017-027 Microsoft Intune - App PIN Bypass, Advisories
[SECURITY] [DSA 4111-2] libreoffice security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03819 rev.1 - HPE XP Storage using HGLM, Local Authentication Bypass, security-alert
CVE-2018-6892 CloudMe Sync <= v1.10.9 Unauthenticated Remote Buffer Overflow (hyp3rlinx / apparition security), apparitionsec
KL-001-2018-005 : NetEx HyperIP Local File Inclusion Vulnerability, KoreLogic Disclosures
[SECURITY] [DSA 4109-1] ruby-omniauth security update, Luciano Bello
[SECURITY] [DSA 4110-1] exim4 security update, Salvatore Bonaccorso
[SECURITY] [DSA 4111-1] libreoffice security update, Moritz Muehlenhoff
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Stefan Kanthak
- Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Jeffrey Walton
  - Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM, Stefan Kanthak
KL-001-2018-004 : NetEx HyperIP Privilege Escalation Vulnerability, KoreLogic Disclosures
KL-001-2018-003 : NetEx HyperIP Post-Auth Command Execution, KoreLogic Disclosures
KL-001-2018-006 : Trend Micro IMSVA Management Portal Authentication Bypass, KoreLogic Disclosures
KL-001-2018-002 : NetEx HyperIP Authentication Bypass, KoreLogic Disclosures
[SECURITY] [DSA 4108-1] mailman security update, Thijs Kinkhorst
Advisory - Fisheye and Crucible - CVE-2017-16861, David Black
[SECURITY] [DSA 4105-2] mpv security update, Luciaon Bello
SEC Consult SA-20180208-0 :: Multiple Cross-Site Scripting Vulnerabilities in Sonatype Nexus Repository Manager OSS/Pro, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4107-1] django-anymail security update, Salvatore Bonaccorso
[security bulletin] HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP), security-alert
[SECURITY] [DSA 4106-1] libtasn1-6 security update, Salvatore Bonaccorso
SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip, SEC Consult Vulnerability Lab
[slackware-security] Slackware 14.2 kernel (SSA:2018-037-01), Slackware Security Team
[SE-2011-01] A security issue with a Multiroom service of NC+ SAT TV platform, Security Explorations
[SECURITY] [DSA 4105-1] mpv security update, Luciano Bello
[CORE-2017-0010] - Kaspersky Secure Mail Gateway Multiple Vulnerabilities, Core Security Advisories Team
[slackware-security] php (SSA:2018-034-01), Slackware Security Team
[SECURITY] [DSA 4104-1] p7zip security update, Salvatore Bonaccorso
[security bulletin] MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection, cyber-psrt
SEC Consult SA-20180201-0 :: Multiple critical vulnerabilities in Whole Vibratissimo Smart Sex Toy product range, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4103-1] chromium-browser security update, Michael Gilbert
Advisory - Sourcetree - CVE-2017-14592 CVE-2017-14593 CVE-2017-14592 CVE-2017-17831, Atlassian
KonaKart Path Traversal Vulnerability, ajcraggs
Recon Montreal 2018 Call For Papers - 0xE - Registration - Training - Conference - Submit! - PGP key, cfpmontreal2018
SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433, SEC Consult Vulnerability Lab
[SECURITY] [DSA 4094-2] smarty3 security update, Luciano Bello
Defense in depth -- the Microsoft way (part 49): fun with application manifests, Stefan Kanthak
[SECURITY] [DSA 4100-1] tiff security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03811 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities, security-alert
[SECURITY] [DSA 4101-1] wireshark security update, Moritz Muehlenhoff
[slackware-security] mozilla-thunderbird (SSA:2018-025-01), Slackware Security Team
[SECURITY] [DSA 4098-1] curl security update, Alessandro Ghedini
[SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks, matthias . deeg
[security bulletin] HPESBHF03814 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Unauthorized Modification, security-alert
[SECURITY] [DSA 4099-1] ffmpeg security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple Vulnerabilities, security-alert
KL-001-2018-001 : Sophos Web Gateway Persistent Cross Site Scripting Vulnerability, KoreLogic Disclosures
[security bulletin] HPESBHF03815 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
[security bulletin] HPESBHF03810 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Disclosure of Information, security-alert
[security bulletin] HPESBHF03813 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
[security bulletin] HPESBHF03808 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
[security bulletin] HPESBHF03809 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Authentication Restriction Bypass, security-alert
[SECURITY] [DSA 4097-1] poppler security update, Moritz Muehlenhoff
[slackware-security] curl (SSA:2018-024-01), Slackware Security Team
[SECURITY] [DSA 4095-1] gcab security update, Salvatore Bonaccorso
[SECURITY] [DSA 4096-1] firefox-esr security update, Moritz Muehlenhoff
WebKitGTK+ Security Advisory WSA-2018-0002, Carlos Alberto Lopez Perez
CVE-2017-15718: Apache Hadoop YARN NodeManager vulnerability, Akira Ajisaka
APPLE-SA-2018-1-23-3 watchOS 4.2.2, Apple Product Security
APPLE-SA-2018-1-23-2 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, Apple Product Security
APPLE-SA-2018-1-23-7 iCloud for Windows 7.3, Apple Product Security
APPLE-SA-2018-1-23-6 iTunes 12.7.3 for Windows, Apple Product Security
APPLE-SA-2018-1-23-1 iOS 11.2.5, Apple Product Security
APPLE-SA-2018-1-23-5 Safari 11.0.3, Apple Product Security
APPLE-SA-2018-1-23-4 tvOS 11.2.5, Apple Product Security
DefenseCode ThunderScan SAST Advisory: SugarCRM Community Edition Multiple SQL Injection Vulnerabilities, DefenseCode
SEC Consult SA-20180123-0 :: XXE & Reflected XSS in Oracle Financial Services Analytical Applications, SEC Consult Vulnerability Lab
[security bulletin] HPESBHF03805 rev.7 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure., security-alert
[SECURITY] [DSA 4094-1] smarty3 security update, Luciano Bello
CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities, Vulnerability Lab
CentOS Web Panel v0.9.8.12 - Non-Persistent Cross Site Scripting Vulnerabilities, Vulnerability Lab
Photo Vault v1.2 iOS - Insecure Authentication Vulnerability, Vulnerability Lab
CentOS Web Panel v0.9.8.12 - Multiple Persistent Web Vulnerabilities, Vulnerability Lab
Oracle JDeveloper IDE Directory Traversal CVE-2017-10273 (hyp3rlinx / apparition security), apparitionsec
Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability, Vulnerability Lab
[SECURITY] [DSA 4093-1] openocd security update, luciano
CVE-2017-15713: Apache Hadoop MapReduce job history server vulnerability, Jason Lowe
[SECURITY] [DSA 4092-1] awstats security update, Sebastien Delafond
[security bulletin] HPESBMU03806 rev.1 - HPE IceWall Products, Multiple Remote Unauthorized Disclosure of Information, Unauthorized Modificiation, security-alert
[security bulletin] HPESBHF03805 rev.5 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure., security-alert
[security bulletin] HPSBGN02925 rev.3 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities, security-alert
[slackware-security] bind (SSA:2018-017-01), Slackware Security Team
[SECURITY] [DSA 4090-1] wordpress security update, Sebastien Delafond
[SECURITY] [DSA 4089-1] bind9 security update, Salvatore Bonaccorso
ADVISORY - LiveZilla - Cross-site scripting (XSS) vulnerability in knowledgebase.php - CVE-2017-15869, tim . kretschmann
[SECURITY] [DSA 4088-1] gdk-pixbuf security update, Moritz Muehlenhoff
Zenario v7.6 CMS - SQL Injection Web Vulnerability, Vulnerability Lab
[RT-SA-2017-013] Truncation of SAML Attributes in Shibboleth 2, RedTeam Pentesting GmbH
Arbitrary file read in Kaseya VSA, Securify B.V.
Broken TLS certificate pinning in VTech DigiGo Kid Connect app, Summer of Pwnage
[SECURITY] [DSA 4087-1] transmission security update, Moritz Muehlenhoff
[SECURITY] [DSA 4086-1] libxml2 security update, Salvatore Bonaccorso
Broken TLS certificate validation in VTech DigiGo browser, Summer of Pwnage
Adminer <= v4.3.1 Server Side Request Forgery, apparitionsec
Seagate Media Server allows deleting of arbitrary files and folders, Summer of Pwnage
Authentication bypass in Kaseya VSA, Securify B.V.
Multiple vulnerabilities in VTech DigiGo allow browser overlay attack, Summer of Pwnage
Code execution in Kaseya VSA, Securify B.V.
[SECURITY] [DSA 4085-1] xmltooling security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03800 rev.1 - HPE Comware 7 MSR Routers, Remote Denial of Service and Local Elevation or Privilege, security-alert
[security bulletin] HPESBNS03804 rev.1 - HPE NonStop Server, Local Authentication Restriction Bypass, security-alert
[SECURITY] [DSA 4084-1] gifsicle security update, Sebastien Delafond
MagicSpam 2.0.13 - Insecure File Permission Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- MagicSpam 2.0.13 - Insecure File Permission Vulnerability, Vulnerability Lab
Microsoft Sharepoint 2013 - Limited Access Permission Bypass Vulnerability, Vulnerability Lab
Piwigo v2.8.2 & 2.9.2 CMS - Multiple Cross Site Vulnerabilities, Vulnerability Lab
SonicWall GMS v8.1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
Magento Commerce - SSRF & XSPA Web Vulnerability, Vulnerability Lab
Magento Connect T1 - (Claim) Persistent Vulnerability, Vulnerability Lab
Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
Flash Operator Panel v2.31.03 - Command Execution Vulnerability, Vulnerability Lab
CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting, Advisories
[SECURITY] [DSA 4083-1] poco security update, Sebastien Delafond
WebKitGTK+ Security Advisory WSA-2018-0001, Carlos Alberto Lopez Perez
DefenseCode ThunderScan SAST Advisory: WordPress Smooth Slider Plugin SQL injection Security Vulnerability, DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Dbox 3D Slider Lite Multiple SQL injection Security Vulnerabilities, DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Testimonial Slider Plugin SQL injection Security Vulnerability, DefenseCode
Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637), chunibalon
[security bulletin] HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure., security-alert
[SECURITY] [DSA 4082-1] linux security update, Salvatore Bonaccorso
CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used, Imre Rad
[SECURITY] [DSA 4080-1] php7.0 security update, Moritz Muehlenhoff
[slackware-security] irssi (SSA:2018-008-01), Slackware Security Team
[SECURITY] [DSA 4081-1] php5 security update, Moritz Muehlenhoff
Response to Meltdown and Spectre, Gordon Tetlow
Social Media Widget by Acurax [CSRF], Panagiotis Vagenas
- Admin Menu Tree Page View [CSRF, Privilege Escalation], Panagiotis Vagenas
- CMS Tree Page View [CSRF, Privilege Escalation], Panagiotis Vagenas
SonicWall SonicOS NSA Web Firewall - Multiple Web Vulnerabilities, Vulnerability Lab
Wickr Inc - App Clock & Message Deletion Glitch - Bug Bounty, Vulnerability Lab
WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 4079-1] poppler security update, Moritz Muehlenhoff
APPLE-SA-2018-1-8-2 macOS High Sierra 10.13.2 Supplemental Update, Apple Product Security
APPLE-SA-2018-1-8-3 Safari 11.0.2, Apple Product Security
CVE-2017-16884 Mist Server v2.12 Unauthenticated Persistent XSS (hyp3rlinx / ApparitionSec), apparitionsec
APPLE-SA-2018-1-8-1 iOS 11.2.2, Apple Product Security
CVE-2017-17055 Artica Web Proxy v3.06 Remote Code Execution (hyp3rlinx / ApparitionSec), apparitionsec
Abyss Web Server < v2.11.6 Memory Heap Corruption (hyp3rlinx / apparitionsec), apparitionsec
iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities, Vulnerability Lab
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability, Vulnerability Lab
Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 4078-1] linux security update, Yves-Alexis Perez
Intel CPU bug forcing page table switch during syscalls?, Pavel Machek
Re "Intel responds to security research findings", Ed Maste
[security bulletin] HPESBHF03803 rev.1 - Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance, Remote Denial of Service and Execution of Code, security-alert
[security bulletin] MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities, cyber-psrt
CVE-2017-6094 - Genexis GAPS Access Control Vulnerability, Antoine Neuenschwander
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution, Anti Räis
Advisory - Bamboo - CVE-2017-14589 CVE-2017-14590, Atlassian
APPLE-SA-2017-12-13-1 iOS 11.2.1, Apple Product Security
APPLE-SA-2017-12-13-2 tvOS 11.2.1, Apple Product Security
AST-2017-012: Remote Crash Vulnerability in RTCP Stack, Asterisk Security Team
APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2, Apple Product Security
ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524, tim . kretschmann
APPLE-SA-2017-12-13-5 Safari 11.0.2, Apple Product Security
[SECURITY] [DSA 4064-1] chromium-browser security update, Michael Gilbert
Advisory - Fisheye and Crucible - CVE-2017-14591, Atlassian
[SECURITY] [DSA 4062-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 4061-1] thunderbird security update, Moritz Muehlenhoff
[SECURITY] [DSA 4060-1] wireshark security update, Moritz Muehlenhoff
[slackware-security] openssl (SSA:2017-342-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-17:12.openssl, FreeBSD Security Advisories
CISTI'2018 -- Doctoral Symposium -- Call for contributions, ML
[SECURITY] [DSA 4059-1] libxcursor security update, Salvatore Bonaccorso
Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities, Secunia Research
- <Possible follow-ups>
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities, Secunia Research
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities, Secunia Research
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities, Secunia Research
- Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities, Secunia Research
[SECURITY] [DSA 4058-1] optipng security update, Salvatore Bonaccorso
[SECURITY] [DSA 4057-1] erlang security update, Moritz Muehlenhoff
[SECURITY] [DSA 4056-1] nova security update, Sebastien Delafond
[SECURITY] [DSA 4052-1] bzr security update, Salvatore Bonaccorso
[SECURITY] [DSA 4051-1] curl security update, Yves-Alexis Perez
Advisory - Hipchat Data Center, Hipchat Server - CVE-2017-14585, Matthew Hart
Advisory - Remote code execution in HipChat for Mac desktop client - CVE-2017-14586, Matthew Hart
[SECURITY] [DSA 4050-1] xen security update, Moritz Muehlenhoff
Edward Snowden free speech at JBFone - Data Security & Privacy, Vulnerability Lab
[SECURITY] [DSA 4046-1] libspring-ldap-java security update, Sebastien Delafond
Secunia Research: Oracle Outside In Denial of Service Vulnerability, Secunia Research
[SECURITY] [DSA 4045-1] vlc security update, Moritz Muehlenhoff
CSNC-2017-029 MyTy Blind SQL Injection, Advisories
[security bulletin] HPESBHF03798 rev.1 - HPE Proliant Gen10 Servers, DL20 Gen9, ML30 Gen9 and Certain Apollo Servers Using Intel Server Platform Service (SPS) v4.0, Local Denial of Service and Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 4044-1] swauth security update, Yves-Alexis Perez
CSNC-2017-030 MyTy Reflected Cross-Site Scripting (XSS), Advisories
FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat [REVISED], FreeBSD Security Advisories
[CVE-2017-15044] DocuWare FullText Search - Incorrect Access Control vulnerability, Graham Leggett
[security bulletin] HPESBMU03794 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPESBMU03795 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 4037-1] jackson-databind security update, Sebastien Delafond
[SECURITY] [DSA 4039-1] opensaml2 security update, Salvatore Bonaccorso
[security bulletin] HPESBHF03705 rev.4 - HPE Integrated Lights-Out 4, 3, 2 and Moonshot Remote Console Administrator (iLO 4 and MRCA) Remote Disclosure of Information, security-alert
FreeBSD Security Advisory FreeBSD-SA-17:10.kldstat, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-17:09.shm, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-17:08.ptrace, FreeBSD Security Advisories
[SECURITY] [DSA 4036-1] mediawiki security update, Moritz Muehlenhoff
[SECURITY] [DSA 4035-1] firefox-esr security update, Moritz Muehlenhoff
Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 26, Maria Lemos
CA20171114-01: Security Notice for CA Identity Governance, Kotas, Kevin J
[SECURITY] [DSA 4033-1] konversation security update, Salvatore Bonaccorso
[CVE-2017-15288] A privilege escalation vulnerability in the Scala compilation daemon, jason . zaugg
Symantec Endpoint Protection (SEP) v12.1 Tamper-protection Bypass CVE-2017-6331 (hyp3rlinx), apparitionsec
[SECURITY] [DSA 4032-1] imagemagick security update, Moritz Muehlenhoff
[SECURITY] [DSA 4031-1] ruby2.3 security update, Salvatore Bonaccorso
Bypassable authentication in SingTel / Aztech DSL8900GR(AC) router, cort
[SECURITY] [DSA 4006-2] mupdf security update, Luciano Bello
Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server, X41 D-Sec GmbH Advisories
WebKitGTK+ Security Advisory WSA-2017-0009, Carlos Alberto Lopez Perez
[RT-SA-2016-008] XML External Entity Expansion in Ladon Webservice, RedTeam Pentesting GmbH
[SECURITY] [DSA 4029-1] postgresql-common security update, Moritz Muehlenhoff
[SECURITY] [DSA 4028-1] postgresql-9.6 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4027-1] postgresql-9.4 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4026-1] bchunk security update, Sebastien Delafond
Datto Windows Agent 1.0.5.0 Remote Command Execution [CVE-2017-16673][CVE-2017-16674], brainn
AST-2017-009: Buffer overflow in pjproject header parsing can cause crash in Asterisk, Asterisk Security Team
AST-2017-010: Buffer overflow in CDR's set user, Asterisk Security Team
AST-2017-011: Memory leak in pjsip session resource, Asterisk Security Team
[SECURITY] [DSA 4025-1] libpam4j security update, Moritz Muehlenhoff
[SECURITY] [DSA 4021-1] otrs2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 4020-1] chromium-browser security update, Michael Gilbert
CVE-2017-9096 iText XML External Entity Vulnerability, Advisories
[SECURITY] [DSA 4019-1] imagemagick security update, Moritz Muehlenhoff
Call for papers - WorldCIST'18 - Naples, Italy - Extended deadline: November 22, ML
Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec), apparitionsec
[SECURITY] [DSA 4016-1] irssi security update, Salvatore Bonaccorso
KL-001-2017-022 : Splunk Local Privilege Escalation, KoreLogic Disclosures
[SECURITY] [DSA 4015-1] openjdk-8 security update, Moritz Muehlenhoff
APPLE-SA-2017-10-31-6 iTunes 12.7.1 for Windows, Apple Product Security
APPLE-SA-2017-10-31-11 Additional information for APPLE-SA-2017-09-20-3 tvOS 11, Apple Product Security
APPLE-SA-2017-10-31-2 macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, Security Update 2017-004 El Capitan, Apple Product Security
APPLE-SA-2017-10-31-12 Additional information for APPLE-SA-2017-09-25-9 macOS Server 5.4, Apple Product Security
APPLE-SA-2017-10-31-3 tvOS 11.1, Apple Product Security
APPLE-SA-2017-10-31-10 Additional information for APPLE-SA-2017-09-20-2 watchOS 4, Apple Product Security
APPLE-SA-2017-10-31-7 iCloud for Windows 7.1, Apple Product Security
APPLE-SA-2017-10-31-9 Additional information for APPLE-SA-2017-09-19-1 iOS 11, Apple Product Security
APPLE-SA-2017-10-31-4 watchOS 4.1, Apple Product Security
[SECURITY] [DSA 4012-1] libav security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03785 rev.1 - HPE B-Series SAN Network Advisor Software, Multiple Remote Vulnerabilities, HPE Product Security Response Team
[SECURITY] [DSA 4009-1] shadowsocks-libev security update, Moritz Muehlenhoff
[slackware-security] wget (SSA:2017-300-02), Slackware Security Team
[security bulletin] HPESBHF03787 rev.1 - Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution, security-alert
Bomgar Remote Support - Local Privilege Escalation (CVE-2017-5996), VSR Advisories
October 2017 - Bamboo - Critical Security Advisory, Atlassian
KL-001-2017-020 : Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions, KoreLogic Disclosures
KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation, KoreLogic Disclosures
[SECURITY] [DSA 4006-1] mupdf security update, Luciano Bello
[security bulletin] HPESBHF03779 rev.1 - HPE Fabric OS using OpenSSH, Denial of Service, HPE Product Security Response Team
[SECURITY] [DSA 4003-1] libvirt security update, Salvatore Bonaccorso
[SECURITY] [DSA 4002-1] mysql-5.5 security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED], FreeBSD Security Advisories
[slackware-security] xorg-server (SSA:2017-291-03), Slackware Security Team
[slackware-security] wpa_supplicant (SSA:2017-291-02), Slackware Security Team
[slackware-security] libXres (SSA:2017-291-01), Slackware Security Team
WebKitGTK+ Security Advisory WSA-2017-0008, Carlos Alberto Lopez Perez
SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products, SEC Consult Vulnerability Lab
[security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data, security-alert
[SECURITY] [DSA 3999-1] wpa security update, Yves-Alexis Perez
SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++, SEC Consult Vulnerability Lab
[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege, swpmb . cyber-psrt
Advisory X41-2017-010: Command Execution in Shadowsocks-libev, X41 D-Sec GmbH Advisories
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks, X41 D-Sec GmbH Advisories
[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure, Julien Ahrens
Multiple vulnerabilities in OpenText Documentum Content Server, Andrey B. Panfilov
[SECURITY] [DSA 3995-1] libxfont security update, Moritz Muehlenhoff
[SECURITY] [DSA 3994-1] nautilus security update, Yves-Alexis Perez
[SECURITY] [DSA 3993-1] tor security update, Moritz Muehlenhoff
[slackware-security] xorg-server (SSA:2017-279-03), Slackware Security Team
DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1, DefenseCode
[security bulletin] HPESBHF03776 rev.1 - HPE Intelligent Management Center (iMC) Service Operation Management (SOM), Remote Arbitrary File Download, security-alert
HPESBMU03753 rev.1 - HPE System Management Homepage, Multiple Remote Vulnerabilities, HPE Product Security Response Team
[SECURITY] [DSA 3988-1] libidn2-0 security update, Salvatore Bonaccorso
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized NT Domain / PHP Information Disclosures CVE-2017-14085 (apparitionsec / hyp3rlinx), apparitionsec
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Server Side Request Forgery (apparitionsec / hyp3rlinx), apparitionsec
[SECURITY] [DSA 3987-1] firefox-esr security update, Moritz Muehlenhoff
[SECURITY] [DSA 3986-1] ghostscript security update, Salvatore Bonaccorso
Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution CVE-2017-14084 (apparitionsec / hyp3rlinx), apparitionsec
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx), apparitionsec
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx), apparitionsec
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Change Prevention Image File Execution Bypass (apparitionsec / hyp3rlinx), apparitionsec
Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Memory Corruption CVE-2017-14089 (apparitionsec / hyp3rlinx), apparitionsec
Mac OS X Local Javascript Quarantine Bypass, Filippo Cavallarin
- <Possible follow-ups>
- Mac OS X Local Javascript Quarantine Bypass, filippo . cavallarin
CVE-2017-14087 Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection (apparitionsec / hyp3rlinx), apparitionsec
[security bulletin] HPESBGN03773 rev.2 - HPE Application Performance Management (BSM), Remote Code Execution, swpmb . cyber-psrt
CVE-2017-14084 Trend Micro OfficeScan v11.0 and XG (12.0)* CURL (MITM) Remote Code Execution (apparitionsec / hyp3rlinx), apparitionsec
[CVE-2017-9538] Persistent Application Denial of Service, andys3c
[CVE-2017-9537] Persistent Cross-Site Scripting Vulnerabilities, andys3c
Faleemi FSC-880 Multiple Security Vulnerabilities, oleg
Bitdefender Total Security 2017 Unquoted Service Path Vulnerability, wsachin092
[SECURITY] [DSA 3984-1] git security update, Florian Weimer
Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253), Qualys Security Advisory
[security bulletin] HPESBGN03773 rev.1 - HPE Application Performance Management (BSM), Remote Code Execution, swpmb . cyber-psrt
Mako Web Server v2.5 Multiple Unauthenticated Vulnerabilities (apparitionsec / hyp3rlinx), apparitionsec
Kaltura - Remote Code Execution and Cross-Site Scripting, robin . verton
[slackware-security] libxml2 (SSA:2017-266-01), Slackware Security Team
[SECURITY] [DSA 3983-1] samba security update, Moritz Muehlenhoff
APPLE-SA-2017-09-19-1 iOS 11, Apple Product Security
[slackware-security] httpd (SSA:2017-261-01), Slackware Security Team
[slackware-security] libgcrypt (SSA:2017-261-02), Slackware Security Team
[slackware-security] ruby (SSA:2017-261-03), Slackware Security Team
Watchguard Fireware OS DOS & Stored XSS, David Fernandez
[SECURITY] [DSA 3978-1] gdk-pixbuf security update, Moritz Muehlenhoff
ZK Time_Web Software 2.0 - Broken Authentication, Arvind Vishwakarma
ZKTime_Web Software 2.0 - Cross Site Request Forgery, Arvind Vishwakarma
[SECURITY] [DSA 3976-1] freexl security update, Salvatore Bonaccorso
[slackware-security] kernel (SSA:2017-258-02), Slackware Security Team
[SECURITY] [DSA 3975-1] emacs25 security update, Moritz Muehlenhoff
[slackware-security] emacs (SSA:2017-255-01), Slackware Security Team
[slackware-security] libzip (SSA:2017-255-02), Slackware Security Team
[SECURITY] [DSA 3970-1] emacs24 security update, Moritz Muehlenhoff
SEC Consult SA-20170912-0 :: Email verification bypass in SAP E-Recruiting, SEC Consult Vulnerability Lab
[slackware-security] bash (SSA:2017-251-01), Slackware Security Team
[slackware-security] mariadb (SSA:2017-251-02), Slackware Security Team
[SECURITY] [DSA 3967-1] mbedtls security update, Salvatore Bonaccorso
Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol, Pierre Kim
August 2017 - SourceTree - Critical Security Advisory, David Black
[SECURITY] [DSA 3965-1] file security update, Salvatore Bonaccorso
[security bulletin] HPESBUX03772 rev.1 - HP-UX BIND Service Running Named, Multiple Vulnerabilities, security-alert
CVE-2017-11567 Mongoose Web Server v6.5 CSRF Command Execution ( apparitionsec @ gmail / hyp3rlinx ), apparitionsec
Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3963-1] mercurial security update, Sebastien Delafond
[SECURITY] [DSA 3962-1] strongswan security update, Yves-Alexis Perez
[SECURITY] [DSA 3961-1] libgd2 security update, Salvatore Bonaccorso
[security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information, security-alert
[security bulletin] HPESBGN03767 rev.1 - HPE Operations Orchestration, Remote Code Execution, security-alert
[SECURITY] [DSA 3957-1] ffmpeg security update, Luciano Bello
[security bulletin] HPESBHF03770 rev.1 - HPE Comware 7 MSR Routers using PHP, Go, Apache Http Server, and Tomcat, Remote Arbitrary Code Execution, HPE Product Security Response Team
[SECURITY] [DSA 3956-1] connman security update, Luciano Bello
Trend Micro Hosted Email Security (HES) - Email Interception and Direct Object Reference, Patrick Webster
[security bulletin] HPESBHF03769 rev.1 - HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3953-1] aodh security update, Luciano Bello
[SECURITY] [DSA 3951-1] smb4k security update, Moritz Muehlenhoff
[RT-SA-2015-008] WebClientPrint Processor 2.0: Remote Code Execution via Print Jobs, RedTeam Pentesting GmbH
[RT-SA-2015-009] WebClientPrint Processor 2.0: Remote Code Execution via Updates, RedTeam Pentesting GmbH
[RT-SA-2015-010] WebClientPrint Processor 2.0: Unauthorised Proxy Modification, RedTeam Pentesting GmbH
[RT-SA-2015-011] WebClientPrint Processor 2.0: No Validation of TLS Certificates, RedTeam Pentesting GmbH
[SECURITY] [DSA 3950-1] libraw security update, Luciano Bello
[SECURITY] [DSA 3948-1] ioquake3 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3946-1] libmspack security update, Sebastien Delafond
[SECURITY] [DSA 3928-2] firefox-esr security update, Moritz Muehlenhoff
Microsoft Resnet - DNS Configuration Web Vulnerability, Vulnerability Lab
FreeBSD <= 10.3 jail SHM hole, WhiteWinterWolf
[SECURITY] [DSA 3943-1] gajim security update, Salvatore Bonaccorso
CVE-2017-9802: Apache Sling XSS vulnerability, Robert Munteanu
[CVE-2017-9767] Quali CloudShell (v7.1.0.6508 Patch 6) Multiple Stored Cross Site Scripting Vulnerability, x62x65x6e
[SECURITY] [DSA 3940-1] iortcw security update, Moritz Muehlenhoff
[slackware-security] mercurial (SSA:2017-223-03), Slackware Security Team
[SECURITY] [DSA 3937-1] zabbix security update, Moritz Muehlenhoff
[SECURITY] [DSA 3936-1] postgresql-9.6 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3935-1] postgresql-9.4 security update, Moritz Muehlenhoff
[security bulletin] HPESB3P03762 rev.1 - HPE C Switch Software using Cisco Prime Data Center Network Manager (DCNM), Remote Code Execution, security-alert
[ANN] Apache Struts: S2-049 Security Bulletin update, Lukasz Lenart
[SECURITY] [DSA 3932-1] subversion security update, Sebastien Delafond
[SECURITY] [DSA 3933-1] pjproject security update, Moritz Muehlenhoff
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released, Daniel Shahaf
[SECURITY] [DSA 3929-1] libsoup2.4 security update, Salvatore Bonaccorso
[slackware-security] curl (SSA:2017-221-01), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2017-221-02), Slackware Security Team
DefenseCode ThunderScan SAST Advisory: WordPress Easy Modal Plugin Multiple Security Vulnerabilities, DefenseCode
[SECURITY] [DSA 3927-1] linux security update, Salvatore Bonaccorso
Re: [oss-security] [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename(), Brad Spengler
[SECURITY] [DSA 3926-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 3925-1] qemu security update, Moritz Muehlenhoff
SEC Consult SA-20170804-1 :: Ubiquiti Networks UniFi Cloud Key authenticated command injection, SEC Consult Vulnerability Lab
SEC Consult SA-20170804-0 :: phpBB Server Side Request Forgery (SSRF) vulnerability, SEC Consult Vulnerability Lab
[security bulletin] HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem, security-alert
[SECURITY] [DSA 3924-1] varnish security update, Salvatore Bonaccorso
[slackware-security] gnupg (SSA:2017-213-01), Slackware Security Team
CVE-2017-1500 - Relected XSS in IBM WorkLight OAuth Server Web Api, gabriele . gristina
[security bulletin] HPESBHF03763 rev.1 - HPE Comware 7, IMC, VCX products using OpenSSL, Remote Denial of Service (DoS), security-alert
[security bulletin] HPESBGN03766 rev.1 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting, security-alert
[CVE-2017-11494] SOL.Connect ISET-mpp meter 1.2.4.2 Authentication Bypass SQL Injection Vulnerability, andys3c
[SECURITY] [DSA 3923-1] freerdp security update, Sebastien Delafond
FortiOS <= 5.6.0 Multiple XSS Vulnerabilities, msg
[security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information, HPE Product Security Response Team
[SECURITY] [DSA 3919-1] openjdk-8 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3920-1] qemu security update, Moritz Muehlenhoff
[slackware-security] tcpdump (SSA:2017-205-01), Slackware Security Team
SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
[RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance, RedTeam Pentesting GmbH
[RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance, RedTeam Pentesting GmbH
[SECURITY] [DSA 3917-1] catdoc security update, Salvatore Bonaccorso
[slackware-security] seamonkey (SSA:2017-202-01), Slackware Security Team
[security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
[security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS), security-alert
File Upload in Integration Gateway (PSIGW), ERPScan inc
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft), ERPScan inc
Directory Traversal vulnerability in Integration Gateway (PSIGW), ERPScan inc
APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2, Apple Product Security
APPLE-SA-2017-07-19-5 Safari 10.1.2, Apple Product Security
APPLE-SA-2017-07-19-2 macOS 10.12.6, Apple Product Security
APPLE-SA-2017-07-19-3 watchOS 3.2.2, Apple Product Security
APPLE-SA-2017-07-19-1 iOS 10.3.3, Apple Product Security
APPLE-SA-2017-07-19-6 iTunes 12.6.2, Apple Product Security
APPLE-SA-2017-07-19-4 tvOS 10.2.2, Apple Product Security
[SECURITY] [DSA 3914-1] imagemagick security update, Moritz Muehlenhoff
[CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm, ilia . shnaidman
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update, Maxim Solodovnik
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload, Maxim Solodovnik
CVE-2017-7663 - Apache OpenMeetings - XSS in chat, Maxim Solodovnik
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation, Maxim Solodovnik
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest, William A Rowe Jr
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2, William A Rowe Jr
[SECURITY] [DSA 3908-1] nginx security update, Moritz Muehlenhoff
SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products, SEC Consult Vulnerability Lab
[CVE request]linux kernel xfrm migrate out-of-bound access, bo Zhang
[RT-SA-2017-011] Remote Command Execution in PDNS Manager, RedTeam Pentesting GmbH
CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client, Florian Bogner
[security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution, HPE Product Security Response Team
[security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection, HPE Product Security Response Team
[security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, HPE Product Security Response Team
[security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities, HPE Product Security Response Team
CVE-2017-5640 Apache Impala (incubating) Information Disclosure, Sailesh Mukil
[SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure, Sailesh Mukil
ToorCon 19 Call For Papers Closing This Week!, h1kari
[slackware-security] irssi (SSA:2017-190-01), Slackware Security Team
[SECURITY] [DSA 3905-1] xorg-server security update, Moritz Muehlenhoff
[SECURITY] [DSA 3904-1] bind9 security update, Yves-Alexis Perez
[slackware-security] php (SSA:2017-188-01), Slackware Security Team
CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure, hyp3rlinx
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr, Shalin Shekhar Mangar
[SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613), Micha Borrmann
Firefox v54.0.1 Denial Of Service, apparitionsec
KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials, KoreLogic Disclosures
KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack, KoreLogic Disclosures
KL-001-2017-012 : Barracuda WAF Grub Password Complexity, KoreLogic Disclosures
KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure, KoreLogic Disclosures
[SECURITY] [DSA 3903-1] tiff security update, Moritz Muehlenhoff
[SECURITY] [DSA 3902-1] jabberd2 security update, Salvatore Bonaccorso
[security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS), HPE Product Security Response Team
[slackware-security] Slackware 14.0 kernel (SSA:2017-184-01), Slackware Security Team
[SECURITY] [DSA 3901-1] libgcrypt20 security update, Salvatore Bonaccorso
[CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities, andys3c
InsomniaX loader allows loading of arbitrary Kernel Extensions, Securify B.V.
[slackware-security] glibc (SSA:2017-181-01), Slackware Security Team
[slackware-security] kernel (SSA:2017-181-02), Slackware Security Team
Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability, gregory draperi
SEC Consult SA-20170630-0 :: Multiple critical vulnerabilities in OSCI-Transport library 1.2 for German e-Government, SEC Consult Vulnerability Lab
ESA-2017-062: VASA Provider Virtual Appliance Remote Code Execution Vulnerability, EMC Product Security Response Center
[SECURITY] [DSA 3900-1] openvpn security update, Sebastien Delafond
[SECURITY] [DSA 3886-2] linux regression update, Salvatore Bonaccorso
[SECURITY] [DSA 3899-1] vlc security update, Salvatore Bonaccorso
[slackware-security] kernel (SSA:2017-177-01), Slackware Security Team
DefenseCode Security Advisory: IBM DB2 Command Line Processor Buffer Overflow, DefenseCode
Microsoft Skype v7.2, v7.35 & v7.36 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
[CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c, wpengfeinudt
- <Possible follow-ups>
- [CVE-2017-8831] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c, wpengfeinudt
[CVE-2017-8813] Double-Fetch Vulnerability in Linux-4.10.1/drivers/media/pci/saa7164/saa7164-bus.c, wpengfeinudt
[SECURITY] [DSA 3893-1] jython security update, Salvatore Bonaccorso
[slackware-security] openvpn (SSA:2017-172-01), Slackware Security Team
Sitecore 7.1-7.2 Cross Site Scripting Vulnerability, hamedizadi
[SECURITY] [DSA 3890-1] spip security update, Salvatore Bonaccorso
ESA-2017-053: EMC Isilon OneFS Privilege Escalation Vulnerability, EMC Product Security Response Center
ESA-2017-054: EMC Avamar Multiple Vulnerabilities, EMC Product Security Response Center
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass, Jacob Champion
CVE-2017-7659: mod_http2 null pointer dereference, Jim Jagielski
[SECURITY] [DSA 3886-1] linux security update, Salvatore Bonaccorso
[SECURITY] [DSA 3887-1] glibc security update, Moritz Muehlenhoff
[security bulletin] HPESBGN03758 rev.2 - HPE UCMDB, Remote Code Execution, HPE Product Security Response Team
Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting, ghasseminia
- <Possible follow-ups>
- Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting, ghasseminia
- Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting, ghasseminia
ESA-2017-041: EMC VNX1 and VNX2 Family Multiple Vulnerabilities in VNX Control Station, EMC Product Security Response Center
June 2017 - Bamboo - Critical Security Advisory, Atlassian
[security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege, security-alert
[SECURITY] [DSA 3882-1] request-tracker4 security update, Salvatore Bonaccorso
CVE-2017-9613: Stored Cross-Site Scripting in SAP successfactors, dunstan . pinto
[slackware-security] mozilla-firefox (SSA:2017-165-02), Slackware Security Team
[slackware-security] bind (SSA:2017-165-01), Slackware Security Team
[SECURITY] [DSA 3881-1] firefox-esr security update, Moritz Muehlenhoff
ESA-2017-043: EMC ESRS Virtual Edition Authentication Bypass Vulnerability, EMC Product Security Response Center
ESA-2017-031: RSA BSAFE® Cert-C Improper Certificate Processing Vulnerability, EMC Product Security Response Center
[SECURITY] [DSA 3880-1] libgcrypt20 security update, Salvatore Bonaccorso
Secunia Research: libsndfile "aiff_read_chanmap()" Information Disclosure Vulnerability, Secunia Research
SEC Consult SA-20170613-0 :: Access Restriction Bypass in Atlassian Confluence, SEC Consult Vulnerability Lab
Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3877-1] tor security update, Salvatore Bonaccorso
[security bulletin] HPESBHF03730 rev.2 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities, security-alert
[SECURITY] [DSA 3876-1] otrs2 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3875-1] libmwaw security update, Moritz Muehlenhoff
[security bulletin] HPESBUX03759 rev.1 - HP-UX CIFS Sever using Samba, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of Service, security-alert
ESA-2017-064: RSA Identity Governance and Lifecycle Multiple Vulnerabilities, EMC Product Security Response Center
[SYSS-2017-018] OTRS - Access to Installation Dialog, sebastian . auwaerter
[security bulletin] HPESBGN03758 rev.1 - HPE UCMDB, Remote Code Execution, security-alert
CVE update - fixed in Apache Ranger 0.7.1, Velmurugan Periasamy
[security bulletin] HPESBHF03757 rev.1 - HPE Network Products including Comware 5 and Comware 7 running NTP, Remote Denial of Service (DoS), security-alert
Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities, Vulnerability Lab
Sophos Cyberoam Cross-site scripting (XSS) vulnerability, bhdresh
[security bulletin] HPESBGN03752 rev.1 - HPE IceWall using OpenSSL, remote Denial of Service (DoS), security-alert
[security bulletin] HPESBHF03756 rev.1 - HPE Network Products including Comware 7, iMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information, security-alert
X41-2017-005 - Multiple Vulnerabilities in peplink balance routers, X41 D-Sec GmbH Advisories
[SECURITY] [DSA 3873-1] perl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3870-1] wordpress security update, Sebastien Delafond
[SECURITY] [DSA 3869-1] tnef security update, Sebastien Delafond
[CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege, Stefan Kanthak
DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities, DefenseCode
[SECURITY] [DSA 3867-1] sudo security update, Salvatore Bonaccorso
[SECURITY] [DSA 3866-1] strongswan security update, Yves-Alexis Perez
[SECURITY] [DSA 3865-1] mosquitto security update, Moritz Muehlenhoff
Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11, Florian Bogner
Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token, kyle Lovett
[security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities, security-alert
[security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass, security-alert
[security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS), security-alert
[SECURITY] [DSA 3863-1] imagemagick security update, Moritz Muehlenhoff
[security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, HPE Product Security Response Team
WebKitGTK+ Security Advisory WSA-2017-0004, Carlos Alberto Lopez Perez
[slackware-security] samba (SSA:2017-144-01), Slackware Security Team
[security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution, security-alert
DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability, DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability, DefenseCode
DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability, DefenseCode
[SECURITY] [DSA 3861-1] libtasn1-6 security update, Sebastien Delafond
Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities, Secunia Research
HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS), HPE Product Security Response Team
CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution, hyp3rlinx
CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection, hyp3rlinx
May 2017 - SourceTree - Critical Security Advisory, Atlassian
CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal, hyp3rlinx

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]