Bugtraq
[Prev Page][Next Page]
- Telisca IPS Lock 2 Vulnerability,
karim reda Fakhir
- [SECURITY] [DSA 3556-1] libgd2 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3555-1] imlib2 security update,
Alessandro Ghedini
- Unlimited Pop-Ups WordPress Plugin XSS Vulnerability,
Rahul Pratap Singh
- CM-AD-Changer XSS Vulnerability,
Rahul Pratap Singh
- Easy Social Share Buttons for WordPress XSS Vulnerability,
Rahul Pratap Singh
- Google SEO Pressor Snippet Plugin XSS Vulnerability,
Rahul Pratap Singh
- Echosign Plugin for WordPress XSS Vulnerability,
Rahul Pratap Singh
- Tweet-wheel XSS Vulnerability,
Rahul Pratap Singh
- Persian-woocommerce-sms XSS Vulnerability,
Rahul Pratap Singh
- Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109),
david . vieira-kurz
- [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information,
security-alert
- SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator,
SEC Consult Vulnerability Lab
- SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app,
SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3553-1] varnish security update,
Sebastien Delafond
- [SECURITY] [DSA 3554-1] xen security update,
Salvatore Bonaccorso
- CVE-2016-3074: libgd: signedness vulnerability,
Hans Jerry Illikainen
- exploit CVE-2016-2203,
karim reda Fakhir
- OpenTSDB RCE,
gsoc
- Webutler CMS 3.2 - Cross-Site Request Forgery,
displaymyname
- Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- RCE via CSRF in phpMyFAQ,
High-Tech Bridge Security Research
- shell.com vulnerable TLS,
shell
- *.Shell.com Port 443 DROWN decryption attack,
shell
- PHPBack v1.3.0 SQL Injection,
apparitionsec
- [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information,
security-alert
- ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities,
Security Alert
- Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1,
research@xxxxxxxxxx
- [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability,
ERPScan inc
- [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability,
ERPScan inc
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege,
Stefan Kanthak
- [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges,
security-alert
- CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030),
klaus . eisentraut
- [SECURITY] [DSA 3552-1] tomcat7 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3551-1] fuseiso security update,
Florian Weimer
- Ahrare Andeysheh Cms Multiple Vulnerabilities,
iesb . team
- [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android,
urikanonov
- [slackware-security] samba (SSA:2016-106-02),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2016-106-01),
Slackware Security Team
- [SECURITY] [DSA 3550-1] openssh security update,
Moritz Muehlenhoff
- Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability,
Sandro Poppi
- [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues,
ERPScan inc
- [ERPSCAN-16-002] SAP HANA - log injection and no size restriction,
ERPScan inc
- [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability,
ERPScan inc
- [SECURITY] [DSA 3549-1] chromium-browser security update,
Michael Gilbert
- AST-2016-005: TCP denial of service in PJProject,
Asterisk Security Team
- AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk,
Asterisk Security Team
- NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin,
VMware Security Response Center
- ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability,
Security Alert
- Securing Android Applications from Screen Capture,
research
- Mybb Cms (private.php Page) Denial Of Service Vulnerability,
iedb . team
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3548-2] samba regression update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3548-1] samba security update,
Salvatore Bonaccorso
- Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Mybb Cms (create forum and edit) Cross-Site Script Vulnerability,
iedb . team
- Webline CMS (2016Q2) - SQL Injection Vulnerability,
Vulnerability Lab
- Vbulletin Cms (Sendmessage.php Page) 0Day Exploit,
iedb . team
- [SE-2012-01] Yet another broken security fix in IBM Java 7/8,
Security Explorations
- CAM UnZip v5.1 Archive Directory Traversal,
hyp3rlinx
- .NET Framework 4.6 allows side loading of Windows API Set DLL,
Securify B.V.
- Open redirect on Google.com,
research
- Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3485-2] didiwiki security update,
Sebastien Delafond
- [SECURITY] [DSA 3547-1] imagemagick security update,
Luciano Bello
- ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability,
Security Alert
- Blind SQL injections in CivicRM,
Simon Waters (Surevine)
- [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0,
Pedro Ribeiro
- Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability,
iedb . team
- OpenCart json_decode function Remote PHP Code Execution,
r3s34rch3r
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability,
iedb . team
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking,
hyp3rlinx
- CSRF - MySQL / PHP.INI Hijacking,
hyp3rlinx
- WPN-XM Serverstack v0.8.6 XSS,
hyp3rlinx
- CVE-2016-2170: Apache OFBiz information disclosure vulnerability,
jleroux@xxxxxxxxxx
- CVE-2015-3268: Apache OFBiz information disclosure vulnerability,
jleroux@xxxxxxxxxx
- JAWS Weak Service Permissions leads to Privilege Escalation,
Heimbuecher003
- AccelSite Content Manager v1.0 - SQL Injection Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3546-1] optipng security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3545-1] cgit security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3544-1] python-django security update,
Salvatore Bonaccorso
- [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection,
security-alert
- Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability,
Vulnerability Lab
- Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities,
Vulnerability Lab
- Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability,
Vulnerability Lab
- Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability,
Vulnerability Lab
- [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF),
security-alert
- [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information,
security-alert
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR,
Hector Marco-Gisbert
- SQL Injection in SocialEngine,
High-Tech Bridge Security Research
- [slackware-security] subversion (SSA:2016-097-01),
Slackware Security Team
- op5 v7.1.9 Remote Command Execution,
apparitionsec
- CA20160405-01: Security Notice for CA API Gateway,
Kotas, Kevin J
- [SECURITY] [DSA 3543-1] oar security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3542-1] mercurial security update,
Salvatore Bonaccorso
- Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3541-1] roundcube security update,
Sebastien Delafond
- [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information,
security-alert
- [slackware-security] mozilla-thunderbird (SSA:2016-095-01),
Slackware Security Team
- Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit,
lists@xxxxxxxxxxxxxxxxxx
- ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability,
Security Alert
- [SE-2012-01] Broken security fix in IBM Java 7/8,
Security Explorations
- CVE-2016-2191: optipng: invalid write,
Hans Jerry Illikainen
- ManageEngine Password Manager Pro Multiple Vulnerabilities,
Sebastian Perez
- FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability,
Vulnerability Lab
- Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability,
Vulnerability Lab
- Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- Bugcrowd CSV injection vulnerability,
Hack Ex
- [SECURITY] [DSA 3540-1] lhasa security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3539-1] srtp security update,
Salvatore Bonaccorso
- Open-Xchange Security Advisory 2016-04-02,
Martin Heiland
- [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS),
security-alert
- [slackware-security] mercurial (SSA:2016-092-01),
Slackware Security Team
- [slackware-security] php (SSA:2016-092-02),
Slackware Security Team
- [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities,
security-alert
- [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files,
security-alert
- [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files,
HP Security Alert
- APPLE-SA-2016-03-31-1 iBooks Author 2.4.1,
Apple Product Security
- WebKitGTK+ Security Advisory WSA-2016-0003,
Carlos Alberto Lopez Perez
- Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability,
Vulnerability Lab
- Docker UI v0.10.0 - Multiple Persistent Vulnerabilities,
Vulnerability Lab
- Dorsa Web CMS - Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities,
Vulnerability Lab
- WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities,
Vulnerability Lab
- Hi Technology & Services CMS - SQL Injection Vulnerabilities,
Vulnerability Lab
- Patron Info System - SQL Injection Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3538-1] libebml security update,
Sebastien Delafond
- [SECURITY] [DSA 3537-1] imlib2 security update,
Sebastien Delafond
- [SECURITY] [DSA 3536-1] libstruts1.2-java security update,
Sebastien Delafond
- Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal,
Maxim Solodovnik
- Multiple Vulnerabilities in CubeCart,
High-Tech Bridge Security Research
- CVE-2016-2385 Kamailio SEAS module heap buffer overflow,
Stelios Tsampas
- Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities,
kyle Lovett
- [SECURITY] [DSA 3535-1] kamailio security update,
Moritz Muehlenhoff
- [security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information,
security-alert
- [SECURITY] [DSA 3534-1] dhcpcd security update,
Salvatore Bonaccorso
- Fireware XTM Web UI - Open Redirect,
Manuel Mancera
- [SECURITY] [DSA 3533-1] openvswitch security update,
Salvatore Bonaccorso
- BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543),
appsec
- BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542),
appsec
- Validation Bypass in C2Box application : CVE - 2015-4626,
harish . ramadoss
- [SECURITY] [DSA 3532-1] quagga security update,
Salvatore Bonaccorso
- TrendMicro DDI Cross Site Request Forgerys,
hyp3rlinx
- [SECURITY] [DSA 3531-1] chromum-browser security update,
Michael Gilbert
- [slackware-security] mozilla-thunderbird (SSA:2016-085-02),
Slackware Security Team
- [slackware-security] libevent (SSA:2016-085-01),
Slackware Security Team
- [SECURITY] [DSA 3530-1] tomcat6 security update,
Moritz Muehlenhoff
- [CVE-2016-2163] Stored Cross Site Scripting in Event description,
Maxim Solodovnik
- [CVE-2016-2164] Arbitrary file read via SOAP API,
Maxim Solodovnik
- [CVE-2016-0783] Predictable password reset token,
Maxim Solodovnik
- [security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [SYSS-2016-016] innovaphone IP222 - Improper Input Validation,
sven . freund
- [SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts,
sven . freund
- [SYSS-2016-017] innovaphone IP222 - Improper Input Validation,
sven . freund
- [SECURITY] [DSA 3527-1] inspircd security update,
Sebastien Delafond
- XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section,
netizen01k
- [SECURITY] [DSA 3529-1] redmine security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3528-1] pidgin-otr security update,
Sebastien Delafond
- Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Hardcoded root password in Zyxel MAX3XX series Wimax CPEs,
Gianni Carabelli
- CA20160323-01: Security Notice for CA Single Sign-On Web Agents,
Kotas, Kevin J
- CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported,
Ken Giusti
- [SECURITY] [DSA 3526-1] libmatroska security update,
Sebastien Delafond
- Remote Code Execution in DVR affecting over 70 different vendors,
rotem kerner
- [SECURITY] [DSA 3525-1] pixman security update,
Salvatore Bonaccorso
- [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2,
RedTeam Pentesting GmbH
- APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002,
Apple Product Security
- APPLE-SA-2016-03-21-6 Safari 9.1,
Apple Product Security
- APPLE-SA-2016-03-21-3 tvOS 9.2,
Apple Product Security
- APPLE-SA-2016-03-21-7 OS X Server 5.1,
Apple Product Security
- APPLE-SA-2016-03-21-4 Xcode 7.3,
Apple Product Security
- APPLE-SA-2016-03-21-2 watchOS 2.2,
Apple Product Security
- APPLE-SA-2016-03-21-1 iOS 9.3,
Apple Product Security
- [security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- AbsoluteTelnet 10.14 DLL Hijack Code Exec,
hyp3rlinx
- [SECURITY] [DSA 3524-1] activemq security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3523-1] iceweasel security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3522-1] squid3 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3521-1] git security update,
Salvatore Bonaccorso
- [security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass,
HP Security Alert
- [SECURITY] [DSA 3520-1] icedove security update,
Moritz Muehlenhoff
- SQL Injection and RCE in WebsiteBaker,
High-Tech Bridge Security Research
- Admin Password Reset & RCE via CSRF in Dating Pro,
High-Tech Bridge Security Research
- Remote Code Execution via CSRF in iTop,
High-Tech Bridge Security Research
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315),
Laël Cellier
- Xoops 2.5.7.2 Directory Traversal Bypass,
hyp3rlinx
- Xoops 2.5.7.2 CSRF - Arbitrary User Deletions,
hyp3rlinx
- [slackware-security] mozilla-firefox (SSA:2016-077-01),
Slackware Security Team
- [SECURITY] [DSA 3519-1] xen security update,
Moritz Muehlenhoff
- [CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability,
contact
- CVE-2016-1520: GrandStream Android VoIP App Update Redirection,
Georg Lukas
- CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability,
Georg Lukas
- CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability,
Georg Lukas
- Multiple (persistent) XSS in ProjectSend,
mail
- FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:14.openssh,
FreeBSD Security Advisories
- [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow,
CORE Advisories Team
- [security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information,
security-alert
- [SECURITY] [DSA 3518-1] spip security update,
Sebastien Delafond
- Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS,
rsrathoreravi
- [slackware-security] seamonkey (SSA:2016-075-02),
Slackware Security Team
- [slackware-security] git (SSA:2016-075-01),
Slackware Security Team
- [ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases,
Romain Manni-Bucau
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing,
Stefan Kanthak
- [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution,
security-alert
- [security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information,
security-alert
- Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability,
Vulnerability Lab
- Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability,
Vulnerability Lab
- ChitaSoft (Web-Application) - SQL Injection Vulnerability,
Vulnerability Lab
- Reflected Cross-Site Scripiting in CuteEditor,
adrmm
- Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver),
amaris
- Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver),
amaris
- Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver),
amaris
- Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver),
amaris
- [SECURITY] [DSA 3516-1] wireshark security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3515-1] graphite2 security update,
Moritz Muehlenhoff
- Soundy Background Music XSS Vulnerability,
Rahul Pratap Singh
- [SECURITY] [DSA 3514-1] samba security update,
Salvatore Bonaccorso
- Microsoft Edge CDOMTextNode::get_data type confusion,
Berend-Jan Wever
- WebKitGTK+ Security Advisory WSA-2016-0002,
Carlos Alberto Lopez Perez
- DW Question Answer Stored XSS Vulnerability,
Rahul Pratap Singh
- [slackware-security] openssh (SSA:2016-070-01),
Slackware Security Team
- oss-2016-18: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver),
Ralf Spenneberg
- oss-2016-17: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver),
Ralf Spenneberg
- oss-2016-16: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver),
Ralf Spenneberg
- oss-2016-15: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver),
Ralf Spenneberg
- oss-2016-14: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver),
Ralf Spenneberg
- oss-2016-13: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver),
Ralf Spenneberg
- [SECURITY] [DSA 3513-1] chromium-browser security update,
Michael Gilbert
- [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking,
Christopher Shannon
- [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting,
Christopher Shannon
- FreeBSD Security Advisory FreeBSD-SA-16:12.openssl,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:13.bind,
FreeBSD Security Advisories
- [slackware-security] mozilla-nss (SSA:2016-069-02),
Slackware Security Team
- [slackware-security] bind (SSA:2016-069-01),
Slackware Security Team
- [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9,
Security Explorations
- [SECURITY] [DSA 3512-1] libotr security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3511-1] bind9 security update,
Michael Gilbert
- [CORE-2016-0003] - Samsung SW Update Tool MiTM,
CORE Advisories Team
- [SECURITY] [DSA 3510-1] iceweasel security update,
Moritz Muehlenhoff
- Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [CORE-2016-0004] - SAP Download Manager Password Weak Encryption,
CORE Advisories Team
- Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr",
X41 D-Sec GmbH Advisories
- [SECURITY] [DSA 3509-1] rails security update,
Luciano Bello
- Cisco Security Advisory: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences,
Ralf Spenneberg
- OS-S 2016-10 Linux visor (treo_attach) Nullpointer Dereference CVE-2016-2782,
Ralf Spenneberg
- OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566,
Ralf Spenneberg
- OS-S 2016-08 Linux mct_u232 Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-06 Linux cdc_acm Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-05 Linux aiptek Nullpointer Dereference CVE-2015-7515,
Ralf Spenneberg
- LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities,
LSE-Advisories
- Thomson TWG850 Wireless Router Multiple Vulnerabilities,
Sebastian Perez
- [slackware-security] mozilla-firefox (SSA:2016-068-01),
Slackware Security Team
- [slackware-security] samba (SSA:2016-068-02),
Slackware Security Team
- Windows Mail Find People DLL side loading vulnerability,
Securify B.V.
- [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS),
security-alert
- [slackware-security] php (SSA:2016-067-01),
Slackware Security Team
- ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability,
Security Alert
- Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link),
Vulnerability Lab
- [SECURITY] [DSA 3508-1] jasper security update,
Salvatore Bonaccorso
- Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager,
mail
- [SECURITY] [DSA 3507-1] chromium-browser security update,
Michael Gilbert
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- McAfee VirusScan Enterprise security restrictions bypass,
Agazzini Maurizio
- [SECURITY] [DSA 3504-1] bsh security update,
Sebastien Delafond
- [SECURITY] [DSA 3505-1] wireshark security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3506-1] libav security update,
Moritz Muehlenhoff
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED),
erlijn . vangenuchten
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service,
disclosure
- [security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information,
HP Security Alert
- [security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service,
HP Security Alert
- [security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 3503-1] linux security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3426-2] ctdb regression update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3502-1] roundup security update,
Yves-Alexis Perez
- [slackware-security] mailx (SSA:2016-062-01),
Slackware Security Team
- [slackware-security] openssl (SSA:2016-062-02),
Slackware Security Team
- [slackware-security] php (SSA:2016-062-03),
Slackware Security Team
- WordPress Bulk Delete Plugin [Privilege Escalation],
Panagiotis Vagenas
- [security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges,
HP Security Alert
- Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability,
David Coomber
- Open-Xchange Security Advisory 2016-03-02,
Martin Heiland
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities,
Matteo Beccati
- [security bulletin] HPSBHF03545 rev. 1 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities,
HP Security Alert
- [security bulletin] HPSBGN03442 rev.1 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- Vivint Sky Control Panel Unauthenticated Access Vulnerability,
jeremyscott
- [SECURITY] [DSA 3501-1] perl security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3500-1] openssl security update,
Alessandro Ghedini
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in,
adrian . vollmer
- WordPress plugin GravityForms Cross-site Scripting vulnerability,
Henri Salo
- Microsoft PowerPointViewer Code Execution,
hyp3rlinx
- [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS),
security-alert
- [SYSS-2015-069] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [SYSS-2015-067] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [SYSS-2015-066] perfact::mpa - Cross-Site Scripting,
matthias . deeg
- [SYSS-2015-070] perfact::mpa - Cross-Site Scripting,
matthias . deeg
- [SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery,
matthias . deeg
- [SYSS-2015-072] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site,
matthias . deeg
- Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability,
Vulnerability Lab
- WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3495-1] xymon security update,
Sebastien Delafond
- [SECURITY] [DSA 3498-1] drupal7 security advisory,
Moritz Muehlenhoff
- [SECURITY] [DSA 3499-1] pillow security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3496-1] php-horde-core security update,
Salvatore Bonaccorso
- Call For Papers - CISTI 2016 Workshops - Deadline March 15,
Maria Lemos
- [SECURITY] [DSA 3497-1] php-horde security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3494-1] cacti security update,
Salvatore Bonaccorso
- [slackware-security] libssh (SSA:2016-057-01),
Slackware Security Team
- [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- Zimbra Cross-Site Scripting vulnerabilities,
pxli
- WordPress plugin wp-ultimate-exporter SQL injection vulnerability,
Henri Salo
- APPLE-SA-2016-02-25-1 Apple TV 7.2.1,
Apple Product Security
- [SECURITY] [DSA 3492-1] gajim security update,
Yves-Alexis Perez
- [SECURITY] [DSA 3493-1] xerces-c security update,
Salvatore Bonaccorso
- CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input,
Cantor, Scott
- [SECURITY] [DSA 3491-1] icedove security update,
Moritz Muehlenhoff
- JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities,
Ratio Sec
- WordPress User Submitted Posts Plugin [Persistent XSS],
Panagiotis Vagenas
- [SECURITY] [DSA 3490-1] websvn security update,
Sebastien Delafond
- Belkin N150 Router Multiple XSS Vulnerability,
Rahul Pratap Singh
- Import Woocommerce XSS Vulnerability,
Rahul Pratap Singh
- WP Ultimate Exporter XSS Vulnerability,
Rahul Pratap Singh
- WP Advanced Importer XSS Vulnerability,
Rahul Pratap Singh
- CSV Import XSS Vulnerability,
Rahul Pratap Singh
- eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability,
Vulnerability Lab
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe,
Stefan Kanthak
- Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege,
Stefan Kanthak
- Extra User Details [Privilege Escalation],
Panagiotis Vagenas
- [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability,
Egidio Romano
- [slackware-security] ntp (SSA:2016-054-04),
Slackware Security Team
- [slackware-security] libgcrypt (SSA:2016-054-03),
Slackware Security Team
- [slackware-security] glibc (SSA:2016-054-02),
Slackware Security Team
- [slackware-security] bind (SSA:2016-054-01),
Slackware Security Team
- Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass,
Julien Ahrens
- [SECURITY] [DSA 3489-1] lighttpd security update,
Sebastien Delafond
- [SECURITY] [DSA 3488-1] libssh security update,
Salvatore Bonaccorso
- CSNC-2016-001 - XSS in OpenAM,
Alexandre Herzog
- CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM),
Alexandre Herzog
- CSNC-2016-002 - Open Redirect in OpenAM,
Alexandre Herzog
- Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability,
Vulnerability Lab
- [SYSS-2015-063] OpenCms - Cross Site Scripting,
rainer . boie
- Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities,
Vulnerability Lab
- InstantCoder v1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal,
Mark Thomas
- [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak,
Mark Thomas
- [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass,
Mark Thomas
- [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure,
Mark Thomas
- [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass,
Mark Thomas
- [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass,
Mark Thomas
- [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation,
Mark Thomas
- [SECURITY] [DSA 3486-1] chromium-browser security update,
Michael Gilbert
- [security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access,
security-alert
- [SECURITY] [DSA 3485-1] didiwiki security update,
Sebastien Delafond
- Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016,
Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution,
security-alert
- [SECURITY] [DSA 3483-1] cpio security update,
Salvatore Bonaccorso
- ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability,
Vulnerability Lab
- Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability,
Vulnerability Lab
- Investors Application - Client Side Cross Site Scripting Vulnerability,
Vulnerability Lab
- Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability,
Vulnerability Lab
- Chamilo LMS - Persistent Cross Site Scripting Vulnerability,
Vulnerability Lab
- Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities,
Vulnerability Lab
- ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability,
Vulnerability Lab
- [SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection,
erlijn . vangenuchten
- [SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting,
erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932),
erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358),
erlijn . vangenuchten
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932),
erlijn . vangenuchten
- [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548),
erlijn . vangenuchten
- [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79),
erlijn . vangenuchten
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932),
erlijn . vangenuchten
- [SECURITY] [DSA 3484-1] xdelta3 security update,
Salvatore Bonaccorso
- CVE-2015-7521: Apache Hive authorization bug disclosure (update),
Sushanth Sowmyan
- [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS),
security-alert
- [SECURITY] [DSA 3482-1] libreoffice security update,
Sebastien Delafond
- RCE via CSRF in osCommerce,
High-Tech Bridge Security Research
- SSO Authentication Bypass and Website Takeover in DOKEOS,
High-Tech Bridge Security Research
- SQL Injection in webSPELL,
High-Tech Bridge Security Research
- SQL Injection in TestLink,
High-Tech Bridge Security Research
- SQL Injection in WeBid,
High-Tech Bridge Security Research
- SQL Injection in Osclass,
High-Tech Bridge Security Research
- RCE via CSRF in osCmax,
High-Tech Bridge Security Research
- Redaxo CMS contains multiple vulnerabilities,
LSE-Advisories
- [SECURITY] [DSA 3481-1] glibc security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3480-1] eglibc security update,
Salvatore Bonaccorso
- CSRF and XsS In Manage Engine oputils,
kingkaustubh
- Privilege escalation Vulnerability in ManageEngine oputils,
kingkaustubh
- Missing Function Level Access control Vulnerability in OPutils,
kingkaustubh
- [SECURITY] [DSA 3478-1] libgcrypt11 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3479-1] graphite2 security update,
Moritz Muehlenhoff
- CyberCop Scanner Smbgrind v5.5 Buffer Overflow,
hyp3rlinx
- phpMyBackupPro v.2.5 Remote Command Execution / CSRF,
hyp3rlinx
- phpMyBackupPro v.2.5 Arbitrary File Upload,
hyp3rlinx
- phpMyBackupPro v.2.5 XSS,
hyp3rlinx
- BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware,
Blue Frost Security Research Lab
- Xymon: Critical security issues in all versions prior to 4.3.25,
Xymon Software
- [SECURITY] [DSA 3477-1] iceweasel security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3476-1] postgresql-9.4 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3475-1] postgresql-9.1 security update,
Salvatore Bonaccorso
- KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution,
KoreLogic Disclosures
- [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability,
ERPScan inc
- [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability,
ERPScan inc
- [SECURITY] [DSA 3474-1] libgcrypt20 security update,
Salvatore Bonaccorso
- HD Video Player v2.5 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
- CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011),
Berend-Jan Wever
- [slackware-security] mozilla-firefox (SSA:2016-042-01),
Slackware Security Team
- [SECURITY] [DSA 3473-1] nginx security update,
Salvatore Bonaccorso
- Re: [oss-security] HTTPS Only (Open Source, Python),
P J P
- Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability,
Ratio Sec
- Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities,
Securify B.V.
MapsUpdateTask Task DLL side loading vulnerability,
Securify B.V.
BDA MPEG2 Transport Information Filter DLL side loading vulnerability,
Securify B.V.
NPS Datastore server DLL side loading vulnerability,
Securify B.V.
Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability,
Cisco Systems Product Security Incident Response Team
Remote Code Execution in Exponent,
High-Tech Bridge Security Research
Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability,
Vulnerability Lab
MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability,
Vulnerability Lab
File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability,
Vulnerability Lab
VP2016-001: Remote Command Execution in File Replication Pro,
Vantage Point Security
SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities,
SEC Consult Vulnerability Lab
ManageEngine Eventlog Analyzer Privilege Escalation v10.8,
graphx
dotDefender Firewall CSRF,
hyp3rlinx
Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216),
Amit Klein
ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities,
Security Alert
Privilege escalation Vulnerability in ManageEngine Network Configuration Management,
kingkaustubh
[slackware-security] curl (SSA:2016-039-01),
Slackware Security Team
[slackware-security] libsndfile (SSA:2016-039-02),
Slackware Security Team
[SECURITY] [DSA 3472-1] wordpress security update,
Salvatore Bonaccorso
[SECURITY] [DSA 3470-1] qemu-kvm security update,
Sebastien Delafond
[SECURITY] [DSA 3469-1] qemu security update,
Sebastien Delafond
[SECURITY] [DSA 3471-1] qemu security update,
Sebastien Delafond
WordPress WP User Frontend Plugin [Unrestricted File Upload],
Panagiotis Vagenas
WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation],
Panagiotis Vagenas
PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities,
Vulnerability Lab
Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities,
Vulnerability Lab
Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability,
Vulnerability Lab
Getdpd BB #4 - (name) Persistent Validation Vulnerability,
Vulnerability Lab
Getdpd BB #5 - Persistent Filename Vulnerability,
Vulnerability Lab
JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability,
Vulnerability Lab
Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys),
Ralf Spenneberg
Symphony CMS multiple vulnerabilities,
Filippo Cavallarin
WordPress User Meta Manager Plugin [Information Disclosure],
Panagiotis Vagenas
Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege,
Stefan Kanthak
CFP: SIN 2016 - 9th International Conference on Security of Information and Networks,
Hossain Shahriar
[SECURITY] [DSA 3468-1] polarssl security update,
Sebastien Delafond
[SECURITY] [DSA 3467-1] tiff security update,
Salvatore Bonaccorso
Multiple vulnerabilities in Open Real Estate v 1.15.1,
Simon Waters (Surevine)
[security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege,
security-alert
[CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox,
Stefan Kanthak
[security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
[security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities,
security-alert
CVE-2015-3252: Apache CloudStack VNC authentication issue,
John Kinsella
CVE-2015-3251: Apache CloudStack VM Credential Exposure,
John Kinsella
[SECURITY] [DSA 3466-1] krb5 security update,
Salvatore Bonaccorso
WordPress User Meta Manager Plugin [Blind SQLI],
pan . vagenas
WordPress User Meta Manager Plugin [Privilege Escalation],
pan . vagenas
Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass,
Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2016-034-01),
Slackware Security Team
[slackware-security] openssl (SSA:2016-034-03),
Slackware Security Team
[slackware-security] php (SSA:2016-034-04),
Slackware Security Team
[slackware-security] MPlayer (SSA:2016-034-02),
Slackware Security Team
AST-2016-002: File descriptor exhaustion in chan_sip,
Asterisk Security Team
AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.,
Asterisk Security Team
AST-2016-001: BEAST vulnerability in HTTP server,
Asterisk Security Team
[CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300,
Pedro Ribeiro
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability,
David Coomber
Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability,
Cisco Systems Product Security Incident Response Team
Security Advisories,
Portcullis Advisories
Soso Transfer v1.1 iOS - Denial of Service Vulnerability,
Vulnerability Lab
File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
SimpleView CRM - Client Side Open Redirect Vulnerability,
Vulnerability Lab
Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability,
Vulnerability Lab
Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability,
Vulnerability Lab
Mezzanine CMS 4.1.0 XSS,
hyp3rlinx
Mezzanine CMS 4.1.0 Arbitrary File Upload,
hyp3rlinx
ASUS RT-N56U Persistent XSS,
graphx
TimeClock - Multiple SQL Injections,
marcelabx
[SECURITY] [DSA 3465-1] openjdk-6 security update,
Moritz Muehlenhoff
MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS,
Onur Yilmaz
Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability,
Phil Pearl
A tale of openssl_seal(), PHP and Apache2handle,
s3810
WebKitGTK+ Security Advisory WSA-2016-0001,
Carlos Alberto Lopez Perez
File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities,
Vulnerability Lab
[SECURITY] [DSA 3461-1] freetype security update,
Sebastien Delafond
[SECURITY] [DSA 3462-1] radicale security update,
Yves-Alexis Perez
[SECURITY] [DSA 3463-1] prosody security update,
Moritz Muehlenhoff
[SECURITY] [DSA 3464-1] rails security update,
Moritz Muehlenhoff
eClinicalWorks (CCMR) - Multiple Vulnerabilities,
jerold
Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege,
Stefan Kanthak
WP-Comment-Rating XSS Vulnerability,
Rahul Pratap Singh
OpenXchange | Information Disclosure,
t . schughart
VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability,
t . schughart
[SECURITY] [DSA 3460-1] privoxy security update,
Sebastien Delafond
CVE-2015-5344 - Apache Camel medium disclosure vulnerability,
Claus Ibsen
FreeBSD Security Advisory FreeBSD-SA-16:11.openssl,
FreeBSD Security Advisories
[security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access,
security-alert
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network,
kingkaustubh
[security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification,
security-alert
ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation,
graphx
[security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS),
security-alert
[security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS),
security-alert
[security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification,
security-alert
[security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability,
Vulnerability Lab
ProjectSend multiple vulnerabilities,
Filippo Cavallarin
[security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS),
security-alert
[security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities,
security-alert
CVE-2015-7521: Apache Hive authorization bug disclosure,
Sushanth Sowmyan
[SECURITY] [DSA 3459-1] mysql-5.5 security update,
Salvatore Bonaccorso
New Era Company CMS - (id) SQL Injection Vulnerability,
Vulnerability Lab
Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability,
Vulnerability Lab
HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase,
Hacking Corporation Sàrl
[SECURITY] [DSA 3458-1] openjdk-7 security update,
Moritz Muehlenhoff
[SECURITY] [DSA 3457-1] iceweasel security update,
Moritz Muehlenhoff
Log2Space Central v 6.2 Multiple XSS Vulnerability,
Rahul Pratap Singh
Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability,
Cisco Systems Product Security Incident Response Team
Netgear GS105Ev2 - Multiple Vulnerabilities,
benedikt . westermann
los818 CMS 2016 Q1 - SQL Injection Web Vulnerability,
Vulnerability Lab
WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability,
Vulnerability Lab
Classic Infomedia (Login) - Auth Bypass Web Vulnerability,
Vulnerability Lab
Kleefa v1.7 (IR) - Multiple Web Vulnerabilities,
Vulnerability Lab
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability,
Vulnerability Lab
Telegram (API) - Cross Site Request Forgery Vulnerabilities,
Vulnerability Lab
Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities,
Vulnerability Lab
Apple WatchOS v2.1 - Denial of Service Vulnerability,
Vulnerability Lab
Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities,
Vulnerability Lab
BK Mobile CMS SQLi and XSS Vulnerability,
Rahul Pratap Singh
[SECURITY] [DSA 3456-1] chromium-browser security update,
Michael Gilbert
[SECURITY] [DSA 3455-1] curl security update,
Alessandro Ghedini
[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption,
ERPScan inc
FreeBSD Security Advisory FreeBSD-SA-16:10.linux,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:09.ntp,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:08.bind,
FreeBSD Security Advisories
[SECURITY] [DSA 3454-1] virtualbox security update,
Moritz Muehlenhoff
WP-Ultimate CSV Importer XSS Vulnerability,
Rahul Pratap Singh
[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS),
security-alert
[security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS),
security-alert
PHP LiteSpeed SAPI out of boundaries read due to missing input validation,
Imre RAD
[CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities,
CORE Advisories Team
Authentication bypass in PHP File Manager 0.9.8,
Imre Rad
APPLE-SA-2016-01-25-1 tvOS 9.1.1,
Apple Product Security
Magento 1.9.x Multiple Man-In The Middle,
cxsecurity
glibc catopen() Multiple unbounded stack allocations,
cxsecurity
[SECURITY] [DSA 3453-1] mariadb-10.0 security update,
Salvatore Bonaccorso
WP Easy Gallery v4.1.4 Stored XSS Vulnerability,
Rahul Pratap Singh
PHP LiteSpeed SAPI secret key improper disposal,
Imre RAD
PHP-FPM fpm_log.c memory leak and buffer overflow,
Imre RAD
Remote shutdown vulnerability in Buffalo NAS (Linkstation 420),
zemnmez
ZyXel WAP3205 v1 Multiple XSS,
graphx
HP ToComMsg DLL side loading vulnerability,
Securify B.V.
LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities,
Securify B.V.
HP LaserJet Fax Preview DLL side loading vulnerability,
Securify B.V.
XMB - eXtreme Message Board v1.9.11.13 Weak Crypto,
hyp3rlinx
[SECURITY] [DSA 3452-1] claws-mail security update,
Ben Hutchings
imageone Cms Multiple vulnerabilities,
iedb . team
January 2016 - Bamboo - Critical Security Advisory,
David Black
[SECURITY] [DSA 3451-1] fuse security update,
Yves-Alexis Perez
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe",
Stefan Kanthak
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices,
SEC Consult Vulnerability Lab
Oracle HtmlConverter.exe Buffer Overflow,
hyp3rlinx
QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys,
issues
Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability,
Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3450-1] ecryptfs-utils security update,
Salvatore Bonaccorso
Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
[CVE-2016-1926] XSS in Greenbone Security Assistant ≥ 6.0.0 and < 6.0.8,
bugtraq
LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability,
Onur Yilmaz
APPLE-SA-2016-01-19-3 Safari 9.0.3,
Apple Product Security
APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001,
Apple Product Security
APPLE-SA-2016-01-19-1 iOS 9.2.1,
Apple Product Security
[SECURITY] [DSA 3449-1] bind9 security update,
Salvatore Bonaccorso
[security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS),
security-alert
Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe,
Stefan Kanthak
[CORE-2016-0001] - Intel Driver Update Utility MiTM,
CORE Advisories Team
Quick Cart v6.6 XSS Vulnerability,
Rahul Pratap Singh
[SECURITY] [DSA 3448-1] linux security update,
Salvatore Bonaccorso
Quick CMS v 6.1 XSS Vulnerability,
Rahul Pratap Singh
Advanced Electron Forum v1.0.9 RFI / CSRF,
hyp3rlinx
Advanced Electron Forum v1.0.9 Persistent XSS,
hyp3rlinx
Advanced Electron Forum v1.0.9 CSRF,
hyp3rlinx
[SECURITY] [DSA 3447-1] tomcat7 security update,
Salvatore Bonaccorso
[CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3,
urikanonov
[CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3,
urikanonov
[KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability,
Egidio Romano
Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?,
Stefan Kanthak
[Index of Archives]
[Netfilter]
[Security]
[PHP]
[Linux Kernel]
