Bugtraq

Date Index

[Prev Page][Next Page]

APPLE-SA-2016-09-20-6 tvOS 10, Apple Product Security
APPLE-SA-2016-09-20-5 watchOS 3, Apple Product Security
APPLE-SA-2016-09-20-4 macOS Server 5.2, Apple Product Security
APPLE-SA-2016-09-20-3 iOS 10, Apple Product Security
APPLE-SA-2016-09-20-2 Safari 10, Apple Product Security
ESA-2016-093: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability , EMC Product Security Response Center
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
- <Possible follow-ups>
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
- ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability, EMC Product Security Response Center
ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities, EMC Product Security Response Center
Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer), ML
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell, Flavio Junqueira
- <Possible follow-ups>
- [SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell, Flavio Junqueira
[slackware-security] curl (SSA:2016-259-01), Slackware Security Team
[SECURITY] [DSA 3669-1] tomcat7 security update, Moritz Muehlenhoff
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities, EMC Product Security Response Center
Cisco EPC 3925 Multiple Vulnerabilities, msg
Insecure transmission of data in Android applications developed with Adobe AIR [CVE-2016-6936], research
APPLE-SA-2016-09-14-1 iOS 10.0.1, Apple Product Security
[SECURITY] [DSA 3666-1] mysql-5.5 security update, Salvatore Bonaccorso
[security bulletin] HPSBST03640 rev.1 - HP XP7 Command View Advance Edition Suite (CVAE) using Replication Manager (RepMgr) and Device Manager (DevMgr), Local Access Restriction Bypass, security-alert
[security bulletin] HPSBGN03572 rev.1 - HPE Performance Center, Remote User Validation Failure, security-alert
ESA-2016-108: EMC Documentum D2 Authentication Bypass Vulnerability, EMC Product Security Response Center
ESA-2016-104: EMC ViPR SRM Multiple Vulnerabilities, EMC Product Security Response Center
[ANNOUNCE][CVE-2016-6802] Apache Shiro 1.3.2 released, Brian Demers
Multiple DoS vulnerabilities in libosip2-4.1.0, bshastry
Open-Xchange Security Advisory 2016-09-13 (2), Martin Heiland
Open-Xchange Security Advisory 2016-09-13, Martin Heiland
AST-2016-007: RTP Resource Exhaustion, Asterisk Security Team
[slackware-security] php (SSA:2016-252-01), Slackware Security Team
PHPHolidays CMS v3.00.50 - Cross Site Scripting Web Vulnerability, Vulnerability Lab
Picosmos Shows v1.6.0 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability, Dawid Golunski
CVE-2016-6920 ffmpeg exr file Heap Overflow, unlimitsec
Infoblox Cross-site scripting vulnerabilities, alex_haynes
[CVE-2016-6484] Infoblox Network Automation CRLF Injection/ HTTP splitting, alex_haynes
[SECURITY] [DSA 3661-1] charybdis security update, Moritz Muehlenhoff
Unauthenticated Arbitrary Directory Dump in BMC BladeLogic Server Automation, ZeroDay
[SECURITY] [DSA 3659-1] linux security update, Salvatore Bonaccorso
Google Nexus 5X Bootloader Unauthorized Memory Dumping via USB, Roee Hay
FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability, Vulnerability Lab
Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Small Business 220 Series Smart Plus Switches SNMP Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco WebEx Meetings Player Arbitrary Code Execution, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS), security-alert
[security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information, security-alert
[slackware-security] kernel (SSA:2016-242-01), Slackware Security Team
[security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information, security-alert
Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2, submit
[SECURITY] [DSA 3654-1] quagga security update, Sebastien Delafond
Necroscan <= v0.9.1 Buffer Overflow, hyp3rlinx
[SECURITY] [DSA 3652-1] imagemagick security update, Moritz Muehlenhoff
APPLE-SA-2016-08-25-1 iOS 9.3.5, Apple Product Security
SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise, SEC Consult Vulnerability Lab
WebKitGTK+ Security Advisory WSA-2016-0005, Carlos Alberto Lopez Perez
nullcon 8-bit Call for Papers is open, nullcon
[slackware-security] gnupg (SSA:2016-236-01), Slackware Security Team
[security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities, security-alert
Path traversal vulnerability in WordPress Core Ajax handlers, Summer of Pwnage
Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client, Florian Bogner
[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method, Justin Bull
[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
- <Possible follow-ups>
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
[SYSS-2016-055] QNAP QTS - OS Command Injection, bugtraq
[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting, bugtraq
[SYSS-2016-054] QNAP QTS - OS Command Injection, bugtraq
- <Possible follow-ups>
- [SYSS-2016-054] QNAP QTS - OS Command Injection, bugtraq
[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
- <Possible follow-ups>
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting, bugtraq
[SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
- <Possible follow-ups>
- [SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
- [SYSS-2016-048] QNAP QTS - OS Command Injection, bugtraq
[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite, bugtraq
[SYSS-2016-052] QNAP QTS - OS Command Injection, bugtraq
Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access, Andrew Klaus
[SECURITY] [DSA 3650-1] libgcrypt20 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3649-1] gnupg security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
[SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79), Micha Borrmann
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID, ERPScan inc
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials, ERPScan inc
Lepton CMS PHP Code Injection, hyp3rlinx
Lepton CMS Archive Directory Traversal, hyp3rlinx
[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution, security-alert
[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information, security-alert
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin, Summer of Pwnage
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin, Summer of Pwnage
Cross-Site Scripting in Link Library WordPress Plugin, Summer of Pwnage
Ajax Load More Local File Inclusion vulnerability, Summer of Pwnage
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin, Summer of Pwnage
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin, Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin, Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images, Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images, Summer of Pwnage
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries, Summer of Pwnage
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass, reggie . dodd30
PayPal Inc BB #127 - 2FA Bypass Vulnerability, Vulnerability Lab
Stash v1.0.3 CMS - SQL Injection Vulnerability, Vulnerability Lab
Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70, tal argoni
Linksys E2500 and E1200 (Unauth Command Injection), samhuntley84
Linksys E1200 and E2500 (Missing authorization on parental control), samhuntley84
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
- <Possible follow-ups>
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET), hamedizadi
WSO2-CARBON v4.4.5 CSRF / DOS, hyp3rlinx
WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT, hyp3rlinx
WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION, apparitionsec
WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity, hyp3rlinx
[SECURITY] [DSA 3648-1] wireshark security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution, security-alert
[security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS), security-alert
[CVE-2016-3089] Apache OpenMeetings XSS in SWF panel, Maxim Solodovnik
[SECURITY] [DSA 3647-1] icedove security update, Moritz Muehlenhoff
Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%, Stefan Kanthak
[SECURITY] [DSA 3646-1] postgresql-9.4 security update, Salvatore Bonaccorso
Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8), Rv3Lab.org
QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability, Vulnerability Lab
Microsoft Education - Stored Cross Site Web Vulnerability, Vulnerability Lab
[CORE-2016-0006] - SAP CAR Multiple Vulnerabilities, CORE Advisories Team
Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Internet Explorer iframe sandbox local file name disclosure vulnerability, Securify B.V.
Nagios NA v2.2.1 XSS, hyp3rlinx
Notepad++6.9.2 DLL Hijacking Vulnerability, mehta . himanshu21
Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin, Summer of Pwnage
Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities, Vulnerability Lab
FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability, Vulnerability Lab
Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability, Vulnerability Lab
AirSnort v0.2.7 Stack Corruption DOS, hyp3rlinx
Any Video Converter DLL Hijack, hyp3rlinx
Nagios Network Analyzer v2.2.1 Multiple CSRF, hyp3rlinx
[SECURITY] [DSA 3645-1] chromium-browser security update, Michael Gilbert
[CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1, Pedro Ribeiro
ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability, Security Alert
[SECURITY] [DSA 3644-1] fontconfig security update, Salvatore Bonaccorso
phpCollab v2.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF), Dawid Golunski
[slackware-security] openssh (SSA:2016-219-03), Slackware Security Team
[slackware-security] curl (SSA:2016-219-01), Slackware Security Team
[slackware-security] stunnel (SSA:2016-219-04), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2016-219-02), Slackware Security Team
[SECURITY] [DSA 3643-1] kde4libs security update, Salvatore Bonaccorso
[SECURITY] [DSA 3642-1] lighttpd security update, Sebastien Delafond
Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability, Summer of Pwnage
DLL side loading vulnerability in VMware Host Guest Client Redirector, Securify B.V.
[SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
- <Possible follow-ups>
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20), matthias . deeg
Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597), Tim Kretschmann
- <Possible follow-ups>
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597), Tim Kretschmann
FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities, Vulnerability Lab
Subrion v4.0.5 CMS - SQL Injection Vulnerability, Vulnerability Lab
Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability, Vulnerability Lab
[0day] net2ftp multiple XSS on unauthenticated users, Jacobo Avariento
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin, Summer of Pwnage
Cross-Site Scripting in Count per Day WordPress Plugin, Summer of Pwnage
Cross-Site Scripting in FormBuilder WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin, Summer of Pwnage
Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
- Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance, Pedro Ribeiro
Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3641-1] openjdk-7 security update, Moritz Muehlenhoff
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection, klaus . eisentraut
FortiManager (Series) - (Bookmark) Persistent Vulnerability, Vulnerability Lab
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
Cross-Site Scripting in WordPress Landing Pages Plugin, Summer of Pwnage
Cross-Site Scripting in Activity Log WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin, Summer of Pwnage
[SECURITY] [DSA 3640-1] firefox-esr security update, Moritz Muehlenhoff
Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability, Secunia Research
[security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF), security-alert
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3639-1] wordpress security update, Salvatore Bonaccorso
[SECURITY] [DSA 3638-1] curl security update, Alessandro Ghedini
WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5, Maria Lemos
Arbitrary File Content Disclosure in Atutor, High-Tech Bridge Security Research
Cross-Site Scripting in WangGuard WordPress Plugin, Summer of Pwnage
Cross-Site Scripting in Uji Countdown WordPress Plugin, Summer of Pwnage
WinSaber - Unquoted Service Path Privilege Escalation, Vulnerability Lab
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability, Vulnerability Lab
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
FortiManager (Series) - Multiple Web Vulnerabilities, Vulnerability Lab
[security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution, security-alert
[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information, security-alert
[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c, wpengfeinudt
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin, Summer of Pwnage
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231), David Coomber
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability, Vulnerability Lab
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability, Vulnerability Lab
Cross-Site Scripting in Contact Bank WordPress Plugin, Summer of Pwnage
SQL injection vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin, Summer of Pwnage
[SECURITY] [DSA 3637-1] chromium-browser security update, Michael Gilbert
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA, Summer of Pwnage
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin, Summer of Pwnage
Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP, Summer of Pwnage
Huawei eSpace IAD Remote Information Disclosure Vulnerability, ak47464659484
[SECURITY] [DSA 3634-1] redis security update, Sebastien Delafond
[SECURITY] [DSA 3636-1] collectd security update, Sebastien Delafond
Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492), unlimitsec
[SECURITY] [DSA 3635-1] libdbd-mysql-perl security update, Salvatore Bonaccorso
CVE-2016-5672: Intel Crosswalk SSL Prompt Issue, research
[SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability, matthias . deeg
- <Possible follow-ups>
- [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability, matthias . deeg
[SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
- <Possible follow-ups>
- [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
[SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks, matthias . deeg
- <Possible follow-ups>
- [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks, matthias . deeg
[SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345), matthias . deeg
[SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key), matthias . deeg
[SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability, matthias . deeg
[SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks, matthias . deeg
[SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks, matthias . deeg
- <Possible follow-ups>
- [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks, matthias . deeg
ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting, S21sec Vulnerability Research
Vicon Network Cameras - Authentication Bypass, reggie . dodd30
Saveya Bounty #1 - Bypass & Persistent Vulnerability, Vulnerability Lab
Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities, Vulnerability Lab
Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability, Vulnerability Lab
Zortam Media Studio 20.60 - Buffer Overflow Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3633-1] xen security update, Moritz Muehlenhoff
CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal, Grebovich, Dragan (Dragan)
[SECURITY] [DSA 3632-1] mariadb-10.0 security update, Salvatore Bonaccorso
VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability, Vulnerability Lab
- RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability, Wick, Ryan (US - Chicago)
VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability, Vulnerability Lab
DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3631-1] php5 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3630-1] libgd2 security update, Salvatore Bonaccorso
[security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS), security-alert
Silurus Classifieds XSS Vulnerability, ak47464659484
Cross-Site Scripting vulnerability in ColorWay WordPress Theme, Summer of Pwnage
Dropbox 6.4.14 DLL Hijacking Vulnerability, mehta . himanshu21
Huawei ISM Professional XSS Vulnerability, ak47464659484
Crashing Browsers Remotely via Insecure Search Suggestions, research
MySQL 0days followup (CVE-2016-3477) CVSS 8.1, lem . nikolas
July 2016 - Bamboo Server - Critical Security Advisory, David Black
[SECURITY] [DSA 3629-1] ntp security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution, security-alert
Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability, Secunia Research
Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability, Secunia Research
FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch, FreeBSD Security Advisories
[SECURITY] [DSA 3628-1] perl security update, Salvatore Bonaccorso
XSS and SQLi in huge IT gallery v1.1.5 for Joomla, Larry W. Cashdollar
SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr, SEC Consult Vulnerability Lab
[SECURITY] [DSA 3627-1] phpmyadmin security update, Thijs Kinkhorst
Cross-Site Scripting in Code Snippets WordPress Plugin, Summer of Pwnage
Cross-Site Scripting in Contact Form to Email WordPress Plugin, Summer of Pwnage
Neoscreen v4.5 Cross-site scripting, alex_haynes
Neoscreen v4.5 Blind SQL injection, alex_haynes
Neoscreen v4.5 Authentication bypass, alex_haynes
[SECURITY] [DSA 3626-1] openssh security update, Salvatore Bonaccorso
Autobahn|Python Insecure allowedOrigins validation >= 0.14.1, mgill
Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design, Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking, Stefan Kanthak
[slackware-security] bind (SSA:2016-204-01), Slackware Security Team
CA20160721-01: Security Notice for CA eHealth, Kotas, Kevin J
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example, Tim Allison
[SECURITY] [DSA 3625-1] squid3 security update, Sebastien Delafond
Dreammail 5 mail client XSS Vulnerability, wwiinngd
[slackware-security] gimp (SSA:2016-203-01), Slackware Security Team
[slackware-security] php (SSA:2016-203-02), Slackware Security Team
[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS), security-alert
MySQL zero-day vulnerabilities (July 2016 CPU), lem . nikolas
- <Possible follow-ups>
- MySQL zero-day vulnerabilities (July 2016 CPU), lem . nikolas
[SECURITY] [DSA 3624-1] mysql-5.5 security update, Salvatore Bonaccorso
Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
CVE-2016-5399: php: out-of-bounds write in bzread(), Hans Jerry Illikainen
Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF), Summer of Pwnage
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin, Summer of Pwnage
Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability, Cisco Systems Product Security Incident Response Team
[SEARCH-LAB advisory] UPC Hungary network problems, Gergely Eberhardt
[SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities, Gergely Eberhardt
[SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities, Gergely Eberhardt
[SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities, Gergely Eberhardt
[SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities, Gergely Eberhardt
[SECURITY] [DSA 3623-1] apache2 security update, Salvatore Bonaccorso
CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603], Programa STIC
Multiple SQL injection vulnerabilities in WordPress Video Player, Summer of Pwnage
Cross-Site Request Forgery in Icegram WordPress Plugin, Summer of Pwnage
Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin, Summer of Pwnage
Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking, Stefan Kanthak
Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186), Vulnerability Lab
APPLE-SA-2016-07-18-6 iTunes 12.4.2, Apple Product Security
APPLE-SA-2016-07-18-5 Safari 9.1.2, Apple Product Security
APPLE-SA-2016-07-18-4 tvOS 9.2.2, Apple Product Security
APPLE-SA-2016-07-18-3 watchOS 2.2.2, Apple Product Security
APPLE-SA-2016-07-18-2 iOS 9.3.3, Apple Product Security
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004, Apple Product Security
[SECURITY] [DSA 3622-1] python-django security update, Salvatore Bonaccorso
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking, Stefan Kanthak
[SECURITY] [DSA 3621-1] mysql-connector-java security update, Salvatore Bonaccorso
[Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon, bashis
Multiple vulns in Vodafone EasyBox 804, Tim Schughart
[SECURITY] [DSA 3620-1] pidgin security update, Salvatore Bonaccorso
[SECURITY] [DSA 3619-1] libgd2 security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution, security-alert
[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability, ERPScan inc
[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability, ERPScan inc
[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability, ERPScan inc
Cross-Site Scripting vulnerability in Google Forms WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress, Summer of Pwnage
Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin, Summer of Pwnage
Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Open-Xchange Security Advisory 2016-07-13, Martin Heiland
missing input validation in pmount: arbitrary mount as non-root, Imre RAD
[CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers, Stefan Kanthak
Easy Forms for MailChimp Local File Inclusion vulnerability, Summer of Pwnage
WP Fastest Cache Member Local File Inclusion vulnerability, Summer of Pwnage
Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Email Users WordPress Plugin, Summer of Pwnage
Cross-Site Scripting vulnerability in Master Slider WordPress Plugin, Summer of Pwnage
[security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code, security-alert
Persistent Cross-Site Scripting in WordPress Activity Log plugin, Summer of Pwnage
[RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting, Julien Ahrens
[RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries, Julien Ahrens
Persistent Cross-Site Scripting in WP Live Chat Support plugin, Summer of Pwnage
Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin, Summer of Pwnage
BMW - (Token) Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
BMW ConnectedDrive - (Update) VIN Session Vulnerability, Vulnerability Lab
Microsoft Process Kill Utility "kill.exe" Buffer Overflow, hyp3rlinx
Microsoft WinDbg logviewer.exe Buffer Overflow DOS, hyp3rlinx
[slackware-security] samba (SSA:2016-189-01), Slackware Security Team
[security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information, security-alert
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability, Egidio Romano
Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648), David Coomber
[SECURITY] [DSA 3617-1] horizon security update, Moritz Muehlenhoff
ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability, Security Alert
Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability, Vulnerability Lab
Teampass 2.1.26 - Authenticated File Upload Vulnerability, Vulnerability Lab
IBM BlueMix Cloud - (API) Persistent Web Vulnerability, Vulnerability Lab
[security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, security-alert
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs], Dirk-Willem van Gulik
- <Possible follow-ups>
- CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs], Dirk-Willem van Gulik
[slackware-security] mozilla-thunderbird (SSA:2016-187-01), Slackware Security Team
Putty (beta 0.67) DLL Hijacking Vulnerability, wsachin092
- <Possible follow-ups>
- Re: Putty (beta 0.67) DLL Hijacking Vulnerability, wsachin092
Apple Safari for Mac OS X SVG local XXE, Filippo Cavallarin
Syslog Server "npriority" field remote Denial of Service vulnerability, chaoyi . huang
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c, wpengfeinudt
OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability, Vulnerability Lab
KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability, Vulnerability Lab
[CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c, wpengfeinudt
[SECURITY] [DSA 3616-1] linux security update, Salvatore Bonaccorso
WebCalendar v1.2.7 CSRF Protection Bypass, hyp3rlinx
- <Possible follow-ups>
- WebCalendar v1.2.7 CSRF Protection Bypass, hyp3rlinx
- WebCalendar v1.2.7 CSRF Protection Bypass, hyp3rlinx
HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation, Andrey B. Panfilov
WebCalendar v1.2.7 PHP Code Injection, hyp3rlinx
[FD]CVE ID request : SQL injection in 24Online Client, rahullraz
[SECURITY] [DSA 3614-1] tomcat7 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3615-1] wireshark security update, Moritz Muehlenhoff
[SECURITY] [DSA 3613-1] libvirt security update, Salvatore Bonaccorso
[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage, Robbie Gemmell
[security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3612-1] gimp security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam, security-alert
KL-001-2016-003 : SQLite Tempdir Selection Vulnerability, KoreLogic Disclosures
Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking, Stefan Kanthak
Logic security flaw in TP-LINK - tplinklogin.net, Info
[CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c, wpengfeinudt
[CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c, wpengfeinudt
CA20160627-01: Security Notice for Release Automation, Kotas, Kevin J
[SECURITY] [DSA 3611-1] libcommons-fileupload-java security update, Salvatore Bonaccorso
[SECURITY] [DSA 3610-1] xerces-c security update, Salvatore Bonaccorso
BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs, Blue Frost Security Research Lab
[SECURITY] [DSA 3608-1] libreoffice security update, Moritz Muehlenhoff
[SECURITY] [DSA 3609-1] tomcat8 security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability, Cisco Systems Product Security Incident Response Team
CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD, Cantor, Scott
Symantec SEPM v12.1 Multiple Vulnerabilities, hyp3rlinx
KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution, KoreLogic Disclosures
[KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability, Egidio Romano
[KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities, Egidio Romano
[KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities, Egidio Romano
Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities, Vulnerability Lab
Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability, Vulnerability Lab
Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability, Vulnerability Lab
Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3607-1] linux security update, Salvatore Bonaccorso
Craft CMS affected by server side template injection, Securify B.V.
BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability, mehmet
[fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection, Matt Bush
MyLittleForum v2.3.5 PHP Command Injection, hyp3rlinx
[slackware-security] php (SSA:2016-176-01), Slackware Security Team
[SECURITY] [DSA 3606-1] libpdfbox security update, Moritz Muehlenhoff
#146416 Ruby:HTTP Header injection in 'net/http', redrain root
SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure, SEC Consult Vulnerability Lab
[KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability, Egidio Romano
[KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities, Egidio Romano
[KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities, Egidio Romano
[KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability, Egidio Romano
ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability, Security Alert
Open-Xchange Security Advisory 2016-06-22, Martin Heiland
[ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability, ERPScan inc
Magic values in 32-bit processes on 64-bit OS-es and how to exploit them, Berend-Jan Wever
[ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability, ERPScan inc
[ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities, ERPScan inc
[ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability, ERPScan inc
[slackware-security] pcre (SSA:2016-172-02), Slackware Security Team
[slackware-security] libarchive (SSA:2016-172-01), Slackware Security Team
APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7, Apple Product Security
Symphony CMS v2.6.7 Session Fixation, hyp3rlinx
[SECURITY] [DSA 3605-1] libxslt security update, Salvatore Bonaccorso
sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS, hyp3rlinx
CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion, Berend-Jan Wever
[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability, ERPScan inc
[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability, ERPScan inc
[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability, ERPScan inc
[CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player, Stefan Kanthak
[FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense, Remco Sprooten
User enumeration in Skype for Business 2013, nyxgeek
[SECURITY] [DSA 3604-1] drupal7 security update, Moritz Muehlenhoff
[security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties, security-alert
Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0), iancling
[MWR-2016-0002] DDN Default SSH Keys, john . fitzpatrick
[MWR-2016-0001] DDN Insecure Update Mechanism, john . fitzpatrick
Microsoft Visio multiple DLL side loading vulnerabilities, Securify B.V.
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
BookingWizz < 5.5 Multiple Vulnerability, mehmet
FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability, Vulnerability Lab
Joomla com_enmasse - SQL Injection, hamedizadi
NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue, VMware Security Response Center
[CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers, Stefan Kanthak
[SECURITY] [DSA 3603-1] libav security update, Moritz Muehlenhoff
Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3602-1] php5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3601-1] icedove security update, Moritz Muehlenhoff
Oracle Orakill.exe Buffer Overflow, hyp3rlinx
ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability, Security Alert
CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability, Vulnerability Lab
FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability, Vulnerability Lab
OpenWRT: swconfig infrastructure fails to check permissions, Elliott Mitchell
ESA-2016-062: EMC Data Domain Multiple Vulnerabilities, Security Alert
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update, Moritz Muehlenhoff
SimpleSAMLphp Link Injection, hyp3rlinx
[SECURITY] [DSA 3599-1] p7zip security update, Salvatore Bonaccorso
CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability, John Kinsella
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability, Security Alert
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability, Security Alert
[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery, security-alert
[security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands, security-alert
Cisco EPC 3928 Multiple Vulnerabilities, patryk . bogdan
[SECURITY] [DSA 3598-1] vlc security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information, security-alert
[security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon, security-alert
[security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information, security-alert
[CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection, john . fitzpatrick
[SECURITY] [DSA 3597-1] expat security update, Luciano Bello
Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability, Vulnerability Lab
Microsoft Education - Code Execution Vulnerability, Vulnerability Lab
Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability, Vulnerability Lab
Mapbox (API) - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access, security-alert
[security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution, security-alert
[security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion, Gregory Pickett
[SECURITY] [DSA 3596-1] spice security update, Salvatore Bonaccorso
[SECURITY] [DSA 3595-1] mariadb-10.0 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3548-3] samba regression update, Salvatore Bonaccorso
[SECURITY] [DSA 3594-1] chromium-browser security update, Michael Gilbert
FreeBSD Security Advisory FreeBSD-SA-16:24.ntp, FreeBSD Security Advisories
[slackware-security] ntp (SSA:2016-155-01), Slackware Security Team
[security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER, HP Security Alert
[security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access, security-alert
[Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability, Brian Demers
Notilus v2012 R3 - SQL injection, alex_haynes
[SECURITY] [DSA 3593-1] libxml2 security update, Salvatore Bonaccorso
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability, Security Alert
Zoho OpManager < v12, d_fens
[security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF), security-alert
SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway, SEC Consult Vulnerability Lab
XML External Entity XXE vulnerability in OpenID component of Liferay, Sandro Gauci
[security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3592-1] nginx security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS), security-alert
[SECURITY] [DSA 3591-1] imagemagick security update, Luciano Bello
AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS, hyp3rlinx
[SECURITY] [DSA 3590-1] chromium-browser security update, Michael Gilbert
FreeBSD Security Advisory FreeBSD-SA-16:20.linux, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd, FreeBSD Security Advisories
[RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution, RedTeam Pentesting GmbH
[RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow, RedTeam Pentesting GmbH
[RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor, RedTeam Pentesting GmbH
[slackware-security] mozilla-thunderbird (SSA:2016-152-02), Slackware Security Team
[slackware-security] imagemagick (SSA:2016-152-01), Slackware Security Team
[SECURITY] Lorex ECO DVR Hard coded password, andrew . hofmans
[SECURITY] [DSA 3589-1] gdk-pixbuf security update, Salvatore Bonaccorso
WebKitGTK+ Security Advisory WSA-2016-0004, Carlos Alberto Lopez Perez
[oCERT 2016-001] Jetty path sanitization issues, Daniele Bianco
[SECURITY] [DSA 3588-1] symfony security update, Luciano Bello
Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router, mohitreload
[slackware-security] php (SSA:2016-148-03), Slackware Security Team
[slackware-security] libxslt (SSA:2016-148-02), Slackware Security Team
[slackware-security] libxml2 (SSA:2016-148-01), Slackware Security Team
[CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway, Daniel Schliebner
[CVE-2016-4432] Apache Qpid Java Broker - authentication bypass, Keith W
[CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability, Lorenz Quack
[SECURITY] [DSA 3587-1] libgd2 security update, Salvatore Bonaccorso
[CVE-2016-2175] Apache PDFBox XML External Entity vulnerability, Andreas Lehmkuehler
[CVE-2016-4434] Apache Tika XML External Entity vulnerability, Tim Allison
ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability, Security Alert
[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities, security-alert
VMWare vSphere Web Client Flash XSS, apparitionsec
Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Open-Xchange Security Advisory 2016-05-25, Martin Heiland
[slackware-security] libarchive (SSA:2016-145-01), Slackware Security Team
[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information, security-alert
AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection, mehmet . ince
[SECURITY] [DSA 3586-1] atheme-services security update, Moritz Muehlenhoff
[RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections, Julien Ahrens
[SECURITY] [DSA 3585-1] wireshark security update, Moritz Muehlenhoff
[RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries, Julien Ahrens
[slackware-security] curl (SSA:2016-141-01), Slackware Security Team
[security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution, security-alert
[SECURITY] [DSA 3584-1] librsvg security update, Salvatore Bonaccorso
[ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability, ERPScan inc
[ERPSCAN-16-010] SAP NetWeaver AS JAVA – information disclosure vulnerability, ERPScan inc
TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4, mandy
[SECURITY] [DSA 3583-1] swift-plugin-s3 security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information, security-alert
Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3582-1] expat security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd, FreeBSD Security Advisories
[security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information, security-alert
WSO2 SOA Enablement Server - Reflected Cross-Site Scripting, Etnies
[security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3581-1] libndp security update, Salvatore Bonaccorso
APPLE-SA-2016-05-16-6 iTunes 12.4, Apple Product Security
APPLE-SA-2016-05-16-5 Safari 9.1.1, Apple Product Security
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003, Apple Product Security
APPLE-SA-2016-05-16-3 watchOS 2.2.1, Apple Product Security
APPLE-SA-2016-05-16-2 iOS 9.3.2, Apple Product Security
APPLE-SA-2016-05-16-1 tvOS 9.2.1, Apple Product Security
Security advisory for Bugzilla 5.0.3 and 4.4.12, LpSolit
[SECURITY] [DSA 3580-1] imagemagick security update, Luciano Bello
[ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet, ERPScan inc
[ERPSCAN-16-009] SAP xMII - directory traversal vulnerability, ERPScan inc
[SECURITY] [DSA 3579-1] xerces-c security update, Salvatore Bonaccorso
[SECURITY] [DSA 3578-1] libidn security update, Alessandro Ghedini
[SECURITY] [DSA 3577-1] jansson security update, Alessandro Ghedini
dns_dhcp Web Interface SQL Injection, hyp3rlinx
eXtplorer v2.1.9 Archive Path Traversal, hyp3rlinx
[SECURITY] [DSA 3576-1] icedove security update, Moritz Muehlenhoff
[security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities, security-alert
May 2016 - HipChat Server - Critical Security Advisory, David Black
[security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3575-1] libxstream-java security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS), security-alert
[slackware-security] mozilla-thunderbird (SSA:2016-132-01), Slackware Security Team
[security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass, security-alert
[security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
[security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification, security-alert
[security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update, Sebastien Delafond
[slackware-security] imagemagick (SSA:2016-132-01), Slackware Security Team
- <Possible follow-ups>
- Re: [slackware-security] imagemagick (SSA:2016-132-01), U2ME236
BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities, Onur Yilmaz
[security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure, security-alert
[security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access, security-alert
[SECURITY] [DSA 3574-1] libarchive security update, Salvatore Bonaccorso
Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution, support
Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability, Vulnerability Lab
Stanford University - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
Notes v4.5 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
Skype Manager - (Email Change) Filter Bypass Vulnerability, Vulnerability Lab
[security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files, security-alert
[SECURITY] [DSA 3573-1] qemu security update, Salvatore Bonaccorso
[SECURITY] [DSA 3572-1] websvn security update, Salvatore Bonaccorso
WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS, mail
[SECURITY] [DSA 3571-1] ikiwiki security update, Moritz Muehlenhoff
ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection., Saif El-Sherei
- Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection., Saif El-Sherei
[security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3570-1] mercurial security update, Salvatore Bonaccorso
[SECURITY] [DSA 3569-1] openafs security update, Salvatore Bonaccorso
[SECURITY] [DSA 3568-1] libtasn1-6 security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-16:17.openssl, FreeBSD Security Advisories
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016, Cisco Systems Product Security Incident Response Team
ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities, Security Alert
[SECURITY] [DSA 3567-1] libpam-sshauth security update, Salvatore Bonaccorso
APPLE-SA-2016-05-03-1 Xcode 7.3.1, Apple Product Security
Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning, Lab I-Tracing
[slackware-security] openssl (SSA:2016-124-01), Slackware Security Team
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting, Julien Ahrens
LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability, LSE-Advisories
[SECURITY] [DSA 3566-1] openssl security update, Alessandro Ghedini
NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities, bhadresh . patel
- <Possible follow-ups>
- Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities, bhadresh . patel
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection, Timo Juhani Lindfors
[slackware-security] mercurial (SSA:2016-123-01), Slackware Security Team
ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities, Security Alert
[SECURITY] [DSA 3565-1] botan1.10 security update, Sebastien Delafond
[SECURITY] [DSA 3564-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 3563-1] poppler security update, Moritz Muehlenhoff
[SECURITY] [DSA 3562-1] tardiff security update, Salvatore Bonaccorso
Exploit-DB Captcha Bypass, Rahul Pratap Singh
[slackware-security] subversion (SSA:2016-121-01), Slackware Security Team
[slackware-security] php (SSA:2016-120-02), Slackware Security Team
[slackware-security] ntp (SSA:2016-120-01), Slackware Security Team
[security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution, security-alert
[SECURITY] [DSA 3561-1] subversion security update, Salvatore Bonaccorso
SQL Injection in GLPI, High-Tech Bridge Security Research
Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream, Stefan Kanthak
[security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS), security-alert
CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*, Hans Jerry Illikainen
[SECURITY] [DSA 3560-1] php5 security update, Salvatore Bonaccorso
CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS, Tony Homer
- <Possible follow-ups>
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS, Tony Homer
CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS, Tony Homer
[SECURITY] [DSA 3559-1] iceweasel security update, Moritz Muehlenhoff
EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection, Securify B.V.
Oracle Discoverer Viewer BI - Open Redirect Vulnerability, Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2016-117-01), Slackware Security Team
[SECURITY] [DSA 3558-1] openjdk-7 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3557-1] mysql-5.5 security update, Salvatore Bonaccorso
Sophos XG Firewall (SF01V) - Persistent Web Vulnerability, Vulnerability Lab
VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability, Vulnerability Lab
Trend Micro (Account) - Email Spoofing Web Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS), security-alert
Negin Group CMS - (v) Multiple Web Vulnerabilities, Vulnerability Lab
Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities, Vulnerability Lab
UBNT Bug Bounty #2 - XML External Entity Vulnerability, Vulnerability Lab
Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
C & C++ for OS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]