Bugtraq

Date Index

[Prev Page][Next Page]

Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution, Stefan Kanthak
[slackware-security] openssh (SSA:2016-014-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-16:07.openssh, FreeBSD Security Advisories
FreeBSD bsnmpd information disclosure, Pierre Kim
[SECURITY] [DSA 3431-2] ganeti regression update, Salvatore Bonaccorso
Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778, Qualys Security Advisory
[SECURITY] [DSA 3446-1] openssh security update, Yves-Alexis Perez
FreeBSD Security Advisory FreeBSD-SA-16:04.linux, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:01.sctp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:02.ntp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:05.tcp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-16:03.linux, FreeBSD Security Advisories
[security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege, security-alert
[SECURITY] [DSA 3443-1] libpng security update, Salvatore Bonaccorso
[slackware-security] dhcp (SSA:2016-012-01), Slackware Security Team
Remote Code Execution in Roundcube, High-Tech Bridge Security Research
[CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ..., Stefan Kanthak
[security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities, security-alert
Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module, High-Tech Bridge Security Research
[security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities, security-alert
Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3444-1] wordpress security update, Salvatore Bonaccorso
Commentator Wordpress Plugin 2.5.2 XSS Vulnerability, Rahul Pratap Singh
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3445-1] pygments security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3442-1] isc-dhcp security update, Michael Gilbert
WP Symposium Pro Social Network Plugin XSS Vulnerability, Rahul Pratap Singh
SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems, SEC Consult Vulnerability Lab
[SECURITY] [DSA 3441-1] perl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3440-1] sudo security update, Ben Hutchings
Exploiting XXE vulnerabilities in AMF libraries, Nicolas Grégoire
Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, iedb . team
- Message not available
  - Message not available
    - Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, Reed Loden
- <Possible follow-ups>
- Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, iedb . team
OpenBravo Hibernate HQL Injection, Ng, Sam (Fortify)
[SECURITY] [DSA 3439-1] prosody security update, Salvatore Bonaccorso
[SECURITY] [DSA 3437-1] gnutls26 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3438-1] xscreensaver security update, Michael Gilbert
CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer, Stelios Tsampas
CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent, Stelios Tsampas
[SECURITY] [DSA 3436-1] openssl security update, Salvatore Bonaccorso
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
- Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Sarah Allen
MobaXTerm before version 8.5 vulnerability in "jump host" functionality, Thomas Bleier
[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials, RedTeam Pentesting GmbH
WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability, Rahul Pratap Singh
Symantec EP DOS, hyp3rphp
- <Possible follow-ups>
- Re: Symantec EP DOS, hyp3rlinx
[security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS), security-alert
- <Possible follow-ups>
- [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS), security-alert
APPLE-SA-2016-01-07-1 QuickTime 7.7.9, Apple Product Security
- <Possible follow-ups>
- APPLE-SA-2016-01-07-1 QuickTime 7.7.9, Apple Product Security
Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through, Eitan Caspi
[CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability, Daniel Schliebner
Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603, Onur Yilmaz
[RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow, RedTeam Pentesting GmbH
[RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images, RedTeam Pentesting GmbH
Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
[SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499), erlijn . vangenuchten
Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
[security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access, security-alert
[SECURITY] [DSA 3434-1] linux security update, Ben Hutchings
[SECURITY] [DSA 3435-1] git security update, Laszlo Boszormenyi (GCS)
CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak), Pierre Kim
Confluence Vulnerabilities, Sebastian Perez
Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities, Stefan Kanthak
[SECURITY] [DSA 3433-1] samba security update, Salvatore Bonaccorso
Open Audit SQL Injection Vulnerability, Rahul Pratap Singh
[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability, Stefan Seelmann
OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag, Ralf Spenneberg
OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S, Ralf Spenneberg
[SECURITY] [DSA 3431-1] ganeti security update, Moritz Muehlenhoff
OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders, Ralf Spenneberg
[SECURITY] [DSA 3432-1] icedove security update, Moritz Muehlenhoff
Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang), irancrash
Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution, Stefan Kanthak
FTPShell Client v5.24 Buffer Overflow, apparitionsec
[oCERT 2015-012] Ganeti multiple issues, Daniele Bianco
WebKitGTK+ Security Advisory WSA-2015-0002, Carlos Alberto Lopez Perez
libtiff bmp file Heap Overflow (CVE-2015-8668), riusksk
libtiff: invalid write (CVE-2015-7554), Hans Jerry Illikainen
AccessDiver V4.301 Buffer Overflow, apparitionsec
[slackware-security] mozilla-thunderbird (SSA:2015-357-01), Slackware Security Team
[SECURITY] [DSA 3430-1] libxml2 security update, Salvatore Bonaccorso
Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
[slackware-security] blueman (SSA:2015-356-01), Slackware Security Team
Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16, LpSolit
ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability, Security Alert
ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability, Security Alert
Aeris Calandar v2.1 - Buffer Overflow Vulnerability, Vulnerability Lab
POP Peeper 4.0.1 - Persistent Code Execution Vulnerability, Vulnerability Lab
Switch v4.68 - Code Execution Vulnerability, Vulnerability Lab
Lithium Forum - (previewImages) Persistent Vulnerability, Vulnerability Lab
Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability, Vulnerability Lab
Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability, Vulnerability Lab
[RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality, RedTeam Pentesting GmbH
Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution, Stefan Kanthak
[security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access., security-alert
[security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification, security-alert
[security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, security-alert
[SECURITY] [DSA 3429-1] foomatic-filters security update, Salvatore Bonaccorso
ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability, Security Alert
giflib: heap overflow in giffix (CVE-2015-7555), Hans Jerry Illikainen
Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege, Stefan Kanthak
Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies, Stefan Kanthak
KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password, KoreLogic Disclosures
[SECURITY] [DSA 3427-1] blueman security update, Moritz Muehlenhoff
[SECURITY] [DSA 3428-1] tomcat8 security update, Moritz Muehlenhoff
KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address, KoreLogic Disclosures
[slackware-security] grub (SSA:2015-351-01), Slackware Security Team
[slackware-security] libpng (SSA:2015-351-02), Slackware Security Team
Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege, Stefan Kanthak
[SECURITY] [DSA 3426-1] linux security update, Salvatore Bonaccorso
ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability, Security Alert
[oCERT 2015-011] PyAMF input sanitization errors (XXE), Daniele Bianco
[SECURITY] [DSA 3425-1] tryton-server security update, Luciano Bello
- <Possible follow-ups>
- [SECURITY] [DSA 3425-1] tryton-server security update, Luciano Bello
CVE-2015-5348 - Apache Camel medium disclosure vulnerability, Claus Ibsen
[SECURITY] [DSA 3337-2] gdk-pixbuf security update, Salvatore Bonaccorso
[slackware-security] mozilla-firefox (SSA:2015-349-03), Slackware Security Team
[SECURITY] [DSA 3424-1] subversion security update, Moritz Muehlenhoff
[security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification, security-alert
[SECURITY] [DSA 3423-1] cacti security update, Luciano Bello
[SECURITY] [DSA 3421-1] grub2 security update, Luciano Bello
[SECURITY] [DSA 3422-1] iceweasel security update, Moritz Muehlenhoff
Shockwave Flash Object DLL side loading vulnerability, Securify B.V.
Shutdown UX DLL side loading vulnerability, Securify B.V.
[security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS), security-alert
Event Viewer Snapin multiple DLL side loading vulnerabilities, Securify B.V.
libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507), Hans Jerry Illikainen
FreeBSD Security Advisory FreeBSD-SA-15:27.bind, FreeBSD Security Advisories
SQL Injection in orion.extfeedbackform Bitrix Module, High-Tech Bridge Security Research
RCE in Zen Cart via Arbitrary File Inclusion, High-Tech Bridge Security Research
libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506), Hans Jerry Illikainen
[slackware-security] openssl (SSA:2015-349-04), Slackware Security Team
[slackware-security] bind (SSA:2015-349-01), Slackware Security Team
[slackware-security] libpng (SSA:2015-349-02), Slackware Security Team
[SECURITY] [DSA 3420-1] bind9 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3419-1] cups-filters security update, Salvatore Bonaccorso
Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta), Stefan Kanthak
[SECURITY] [DSA 3418-1] chromium-browser security update, Michael Gilbert
[security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), security-alert
Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370], Hector Marco-Gisbert
phpback v1.1 XSS vulnerability, apparitionsec
ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS, ERPScan inc
[SECURITY] [DSA 3417-1] bouncycastle security update, Luciano Bello
[ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability, ERPScan inc
ECommerceMajor SQL Injection Vulnerability, Rahul Pratap Singh
[SECURITY] [DSA 3416-1] libphp-phpmailer security update, Luciano Bello
COM+ Services DLL side loading vulnerability, Securify B.V.
Windows Authentication UI DLL side loading vulnerability, Securify B.V.
XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247, Aravind
[security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities, security-alert
APPLE-SA-2015-12-11-1 iTunes 12.3.2, Apple Product Security
ORGIN STUDIOS Cms Multiple Vulnerability, iedb . team
Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege, Stefan Kanthak
WordPress <=v4.4 Username Exists Information Disclosure, John SECURELI.com
BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability, Blue Frost Security Research Lab
SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities, SEC Consult Vulnerability Lab
Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-12-08-6 Xcode 7.2, Apple Product Security
Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability, Secunia Research
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008, Apple Product Security
[SECURITY] [DSA 3414-1] xen security update, Moritz Muehlenhoff
[security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution, security-alert
APPLE-SA-2015-12-08-2 tvOS 9.1, Apple Product Security
Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability, Cisco Systems Product Security Incident Response Team
[CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference, CORE Advisories Team
[security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information, security-alert
APPLE-SA-2015-12-08-5 Safari 9.0.2, Apple Product Security
APPLE-SA-2015-12-08-1 iOS 9.2, Apple Product Security
Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge), securityresearch
Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege, Stefan Kanthak
[security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information, security-alert
Path Traversal via CSRF in bitrix.xscan Bitrix Module, High-Tech Bridge Security Research
APPLE-SA-2015-12-08-4 watchOS 2.1, Apple Product Security
- <Possible follow-ups>
- APPLE-SA-2015-12-08-4 watchOS 2.1, Apple Product Security
[CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities, Vogt, Thomas
XSS vulnerability in Intellect Core banking software - Polaris, msahu
PHP File Inclusion in bitrix.mpbuilder Bitrix Module, High-Tech Bridge Security Research
WordPress Users Ultra Plugin [Blind SQL injection] - Update, Panagiotis Vagenas
MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow, submit
[SECURITY] [DSA 3415-1] chromium-browser security update, Michael Gilbert
Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup, Stefan Kanthak
iScripts Multicart Cms Multiple Vulnerability, iedb . team
WebBoutiques Cms Cross-Site Scripting Vulnerability, iedb . team
Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege, Stefan Kanthak
Command Injection in cool-video-gallery v1.9 Wordpress plugin, Larry Cashdollar
[SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79), disclosure
[SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932), disclosure
Edimax BR-6478AC & Others Multiple Vulnerabilites, mwinstead3790
FreeBSD Security Advisory FreeBSD-SA-15:26.openssl, FreeBSD Security Advisories
KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass, KoreLogic Disclosures
[SECURITY] [DSA 3413-1] openssl security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution, security-alert
[SECURITY] [DSA 3412-1] redis security update, Salvatore Bonaccorso
ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability, Security Alert
[slackware-security] mozilla-thunderbird (SSA:2015-337-02), Slackware Security Team
[slackware-security] libpng (SSA:2015-337-01), Slackware Security Team
[SECURITY] [DSA 3411-1] cups-filters security update, Moritz Muehlenhoff
Ellucian Banner Student Vulnerability Disclosure, sean . dillon
WordPress Users Ultra Plugin [Persistence XSS], pan . vagenas
WordPress Users Ultra Plugin [Blind SQL injection], pan . vagenas
Gnome Nautilus [Denial of Service], pan . vagenas
SQLi Vulnerability in ATuter management system, sirus . shahini
Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin, High-Tech Bridge Security Research
Remote File Inclusion in Gwolle Guestbook WordPress Plugin, High-Tech Bridge Security Research
Reflected XSS in Ultimate Member WordPress Plugin, High-Tech Bridge Security Research
Reflected XSS in Role Scoper WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3409-1] putty security update, Salvatore Bonaccorso
[SECURITY] [DSA 3410-1] icedove security update, Moritz Muehlenhoff
Zenphoto 1.4.10 Local File Inclusion, apparitionsec
Zenphoto 1.4.10 XSS Vulnerability, apparitionsec
[SECURITY] [DSA 3408-1] gnutls26 security update, Salvatore Bonaccorso
Huawei Wimax routers vulnerable to multiple threats, Pierre Kim
[SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7), Security Explorations
LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection, advisories
Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
Belkin N150 Wireless Home Router Multiple Vulnerabilities, Rahul Pratap Singh
Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report., Nicholas Lemonias.
Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- <Possible follow-ups>
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, aiscorp
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, lem . nikolas
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
[FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS), Manuel Mancera
[SECURITY] [DSA 3407-1] dpkg security update, Salvatore Bonaccorso
[SECURITY] [DSA 3405-1] smokeping security update, Florian Weimer
[SECURITY] [DSA 3406-1] nspr security update, Moritz Muehlenhoff
[SECURITY] [DSA 3404-1] python-django security update, Salvatore Bonaccorso
CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution, security-alert
- <Possible follow-ups>
- [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution, security-alert
[slackware-security] pcre (SSA:2015-328-01), Slackware Security Team
[SECURITY] [DSA 3403-1] libcommons-collections3-java security update, Moritz Muehlenhoff
ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability, Security Alert
[SECURITY] [DSA 3402-1] symfony security update, Salvatore Bonaccorso
Steam Weak File Permissions Privilege Escalation, ajs
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1, Christofer Dutz
[ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE, ERPScan inc
[ERPSCAN-15-019] SAP Afaria - Stored XSS, ERPScan inc
[FD] Celoxis <= 9.5 - Cross Site Scripting (XSS), Manuel Mancera
[ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import, ERPScan inc
Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation, Nicholas Lemonias.
Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation, Nicholas Lemonias.
Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
- <Possible follow-ups>
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android, Shazron
Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions, Shazron
[SECURITY] [DSA 3400-1] lxc security update, Salvatore Bonaccorso
[security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS), security-alert
NEW VMSA-2015-0008 - VMware product updates address information disclosure issue, VMware Security Response Center
CVE-2015-8131: Kibana CSRF vulnerability, Kevin Kluge
IBM i Access Buffer Overflow Code DOS CVE-2015-7422, apparitionsec
IBM i Access Buffer Overflow Code Exec CVE-2015-2023, apparitionsec
[security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF), security-alert
[SECURITY] [DSA 3399-1] libpng security update, Salvatore Bonaccorso
RCE and SQL injection via CSRF in Horde Groupware, High-Tech Bridge Security Research
Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF), security-alert
WordPress Users Ultra Plugin [Unrestricted File Upload], pan . vagenas
ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability, Security Alert
Open-Xchange Security Advisory 2015-11-17, Martin Heiland
Free WMA MP3 Converter - Buffer Overflow Exploit (SEH), Vulnerability Lab
Murgent CMS - SQL Injection Vulnerability, Vulnerability Lab
Magento Bug Bounty #22 - (Profile) Persistent Vulnerability, Vulnerability Lab
Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities, Vulnerability Lab
Port Scan v2.0 iOS - Command Inject Vulnerability, Vulnerability Lab
LAN Scan HD v1.20 iOS - Command Inject Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3398-1] strongswan security update, Yves-Alexis Perez
CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability, Matthew Flanagan
[security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information, security-alert
Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality, samhuntley84
Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities., samhuntley84
Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities., samhuntley84
- <Possible follow-ups>
- Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities., samhuntley84
Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists, samhuntley84
Dlink DIR-601 Command injection in ping functionality, samhuntley84
Dlink DIR-645 UPNP Buffer Overflow, samhuntley84
Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality, samhuntley84
SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value, martin . sturm
Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L, samhuntley84
Dlink DIR-866L Buffer overflows in HNAP and send email functionalities, samhuntley84
CF Image Host XSS, apparitionsec
CF Image Host CSRF, apparitionsec
CF Image Host PHP Command Injection, apparitionsec
PHP Address Book SQL Injection Vulnerability, Rahul Pratap Singh
[SECURITY] [DSA 3208-2] freexl regression update, Salvatore Bonaccorso
/tmp race condition in IBM Installation Manager V1.8.1 install script, larry0
D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability, bhadresh . patel
[slackware-security] seamonkey (SSA:2015-318-01), Slackware Security Team
OpenBSD package 'net-snmp' information disclosure, Pierre Kim
[SECURITY] [DSA 3395-2] krb5 security update, Salvatore Bonaccorso
Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability, Secunia Research
[security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS), security-alert
[SECURITY] [DSA 3397-1] wpa security update, Salvatore Bonaccorso
Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099, apparitionsec
[SECURITY] [DSA 3396-1] linux security update, Salvatore Bonaccorso
[SECURITY] [DSA 3386-2] unzip regression update, Salvatore Bonaccorso
TestLink 1.9.14 CSRF Vulnerability, Aravind
TestLink 1.9.14 Persistent XSS, Aravind
[SECURITY] [DSA 3395-1] krb5 security update, Salvatore Bonaccorso
[ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities, Timothy Bish
[slackware-security] mozilla-firefox (SSA:2015-310-01), Slackware Security Team
[slackware-security] mozilla-nss (SSA:2015-310-02), Slackware Security Team
CVE-2015-5378, Suyog Rao
CVE-2015-5619, Suyog Rao
NXFilter v3.0.3 Persistent / Reflected XSS, apparitionsec
NXFilter v3.0.3 CSRF, apparitionsec
[SECURITY] [DSA 3394-1] libreoffice security update, Moritz Muehlenhoff
Elasticsearch vulnerability CVE-2015-5377, Kevin Kluge
SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products, SEC Consult Vulnerability Lab
[security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3393-1] iceweasel security update, Moritz Muehlenhoff
Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability, Egidio Romano
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability, Egidio Romano
[KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability, Egidio Romano
[KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability, Egidio Romano
[KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability, Egidio Romano
[KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability, Egidio Romano
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED], FreeBSD Security Advisories
[SECURITY] [DSA 3392-1] freeimage security update, Sebastien Delafond
[security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege, security-alert
[security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege, security-alert
[SECURITY] [DSA 3391-1] php-horde security update, Florian Weimer
[security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information, security-alert
[security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 3355-2] libvdpau regression update, Alessandro Ghedini
[security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution, security-alert
[SECURITY] [DSA 3390-1] xen security update, Salvatore Bonaccorso
CVE-2015-7326 (XXE vulnerability in Milton Webdav), 0ang3el
Accentis Content Resource Management System - XSS, GalaxyCVEcollector
Accentis Content Resource Management System - SQL, GalaxyCVEcollector
Cross-Site Scripting | Zeuscart V4, ITAS Team
[SECURITY] [DSA 3389-1] elasticsearch end-of-life, Moritz Muehlenhoff
[SECURITY] [DSA 3381-2] openjdk-7 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3388-1] ntp security update, Moritz Muehlenhoff
[SECURITY] [DSA 3387-1] openafs security update, Florian Weimer
TCPing 2.1.0 Buffer Overflow, apparitionsec
[SECURITY] [DSA 3386-1] unzip security update, Laszlo Boszormenyi (GCS)
[SECURITY] [DSA 3385-1] mariadb-10.0 security update, Salvatore Bonaccorso
[slackware-security] jasper (SSA:2015-302-02), Slackware Security Team
PHP Server Monitor 3.1.1 Privilege Escalation, apparitionsec
PHP Server Monitor 3.1.1 CSRF, apparitionsec
[slackware-security] curl (SSA:2015-302-01), Slackware Security Team
[slackware-security] ntp (SSA:2015-302-03), Slackware Security Team
[SECURITY] [DSA 3384-1] virtualbox security update, Moritz Muehlenhoff
[SECURITY] [DSA 3383-1] wordpress security update, Salvatore Bonaccorso
[SECURITY] [DSA 3332-2] wordpress regression update, Salvatore Bonaccorso
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
[ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
Cross-Site Request Forgery on Oxwall, High-Tech Bridge Security Research
CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver, Portcullis Advisories
CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver, Portcullis Advisories
[SECURITY] [DSA 3382-1] phpmyadmin security update, Thijs Kinkhorst
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE, Stefan Kanthak
[SECURITY] [DSA 3381-1] openjdk-7 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3380-1] php5 security update, Florian Weimer
[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability, ERPScan inc
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability, ERPScan inc
[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability, ERPScan inc
MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC), submit
MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow, submit
Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability, Secunia Research
Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities, Secunia Research
FreeBSD Security Advisory FreeBSD-SA-15:25.ntp, FreeBSD Security Advisories
AlienVault OSSIM 4.3 CSRF, mohammadreza . mohajerani
AlienVault OSSIM 4.3 CSRF vulnerability report, mohammadreza . mohajerani
[SECURITY] [DSA 3379-1] miniupnpc security update, Salvatore Bonaccorso
Fwd: Timing attack vulnerability in most Zeus server-sides, rotem kerner
[SECURITY] [DSA 3377-1] mysql-5.5 security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information, security-alert
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution, David Black
SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities, SEC Consult Vulnerability Lab
TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
- <Possible follow-ups>
- Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
- Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015, Cisco Systems Product Security Incident Response Team
APPLE-SA-2015-10-21-8 OS X Server 5.0.15, Apple Product Security
APPLE-SA-2015-10-21-7 Xcode 7.1, Apple Product Security
APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002, Apple Product Security
APPLE-SA-2015-10-21-5 iTunes 12.3.1, Apple Product Security
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007, Apple Product Security
APPLE-SA-2015-10-21-3 Safari 9.0.1, Apple Product Security
APPLE-SA-2015-10-21-2 watchOS 2.0.1, Apple Product Security
APPLE-SA-2015-10-21-1 iOS 9.1, Apple Product Security
Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
SiteWIX - (edit_photo2.php id) SQL Injection Exploit, ZoRLu Bugrahan
[SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42), Security Explorations
[SECURITY] [DSA 3376-1] chromium-browser security update, Michael Gilbert
[SECURITY] [DSA 3375-1] wordpress security update, Yves-Alexis Perez
[SECURITY] [DSA 3374-1] postgresql-9.4 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3373-1] owncloud security update, Salvatore Bonaccorso
ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access, ERPScan inc
Events Made Easy WordPress plugin CSRF + Persistent XSS, David Sopas
Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334), Qualys Security Advisory
[ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD, ISecAuditors Security Advisories
APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6, Apple Product Security
[security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
Freemake Video Downloader 3.7.1 - Code Execution Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability, Vulnerability Lab
Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow, apparitionsec
US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research, Nicholas Lemonias.
[CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability, Myria
[security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information, security-alert
Boolean-based SQL injection Vulnerability in K2 Platforms, wissam . bashour
[SECURITY] [DSA 3372-1] linux security update, Ben Hutchings
AdobeWorkgroupHelper Stack Based Buffer Overflow, apparitionsec
CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin, grajalerts
CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin, grajalerts
CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin, grajalerts
Multiple Remote Code Execution found in ZHONE, lyon . yang . s
[SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection, matthias . deeg
[SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials, matthias . deeg
Multiple Vulnerabilities found in ZHONE, lyon . yang . s
ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities, Security Alert
[SECURITY] [DSA 3371-1] spice security update, Salvatore Bonaccorso
FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability, Vulnerability Lab
W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability, Vulnerability Lab
PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability, Vulnerability Lab
WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability, Vulnerability Lab
Veeam Backup & Replication Local Privilege Escalation Vulnerability, ascii
[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass, RedTeam Pentesting GmbH
Potential vulnerabilites in PayPal Beacons, securityresearch
Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost, Nicholas Lemonias.
[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities, Matteo Beccati
A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE, Pierre Kim
[SECURITY] [DSA 3369-1] zendframework security update, Alessandro Ghedini
[SECURITY] [DSA 3370-1] freetype security update, Alessandro Ghedini
[CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin, ibeptaz
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), Nicholas Lemonias.
- <Possible follow-ups>
- Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), lem . nikolas
- Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), Nicholas Lemonias.
Zope Management Interface CSRF vulnerabilities, apparitionsec
TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390, Onur Yilmaz
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391, Onur Yilmaz
Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver), Ralf Spenneberg
- Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver), Ralf Spenneberg
Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img, Alexandre Herzog
- Message not available
  - RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img, Alexandre Herzog
Advisory: web-based VM detection and coarse-grained fingerprinting, Amit Klein
LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow, apparitionsec
[security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege, security-alert
[slackware-security] seamonkey (SSA:2015-274-03), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-274-01), Slackware Security Team
[slackware-security] php (SSA:2015-274-02), Slackware Security Team
[security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information, security-alert
FTGate 2009 Build 6.4.00 CSRF Vulnerabilities, apparitionsec
CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability, Specto
[SYSS-2015-039] CSRF in OpenText Secure MFT, adrian . vollmer
[ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution, Pedro Ribeiro
Qualys Security Advisory - OpenSMTPD Audit Report, Qualys Security Advisory
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED], FreeBSD Security Advisories
ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage, jerzy . patraszewski
Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting, appsec
Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting, appsec
Reflected Cross-Site Scripting (XSS) in SourceBans, High-Tech Bridge Security Research
- <Possible follow-ups>
- Reflected Cross-Site Scripting (XSS) in SourceBans, High-Tech Bridge Security Research
Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin, ibemed
Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin, ibemed
A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin, ibemed
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin, ibemed
LanSpy 2.0.0.155 Buffer Overflow, apparitionsec
[security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass, security-alert
[SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass, matthias . deeg
[SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass, matthias . deeg
[SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt, matthias . deeg
[SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt, matthias . deeg
[SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt, matthias . deeg
[SYSS-2015-005] Kaspersky Total Security - Authentication Bypass, matthias . deeg
[SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt, matthias . deeg
[SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass, matthias . deeg
[SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass, matthias . deeg
[SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt, matthias . deeg
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11, Apple Product Security
APPLE-SA-2015-09-30-2 Safari 9, Apple Product Security
[security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information, security-alert
APPLE-SA-2015-09-30-01 iOS 9.0.2, Apple Product Security
Apache James Server 2.3.2 security vulnerability fixed, Eric Charles
FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind, FreeBSD Security Advisories
CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23, Marcello Duarte
ESA-2015-151: RSA® OneStep Path Traversal Vulnerability, Security Alert
ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities, Security Alert
CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC, Ralf Spenneberg (OpenSource Security)
- Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC, Ralf Spenneberg
Remote privesc and RCE in Kaseya Virtual System Administrator, Pedro Ribeiro
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000), Benjamin Daniel Mussler
IconLover v5.4.5 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability, Vulnerability Lab
WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Vulnerability Lab
- <Possible follow-ups>
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, dev
  - RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Popovici, Alejo (LATCO - Buenos Aires)
    - Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Eugene Roshal
Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability, Vulnerability Lab
My.WiFi USB Drive v1.0 iOS - File Include Vulnerability, Vulnerability Lab
Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
Git-1.9.5 ssh-agent.exe Buffer Overflow, apparitionsec
- <Possible follow-ups>
- Git-1.9.5 ssh-agent.exe Buffer Overflow, apparitionsec
[security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege, security-alert
[SECURITY] [DSA 3368-1] cyrus-sasl2 security update, Salvatore Bonaccorso
CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine, Portcullis Advisories
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine, Portcullis Advisories
CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine, Portcullis Advisories
Insecure application-coupling in Good Authentication Delegation [MZ-15-03], modzero
FortiManager v5.2.2 Multiple XSS Vulnerabilities, apparitionsec
Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android, Shazron
[SECURITY] [DSA 3367-1] wireshark security update, Moritz Muehlenhoff
BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting, appsec
BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting, appsec
[SECURITY] [DSA 3366-1] rpcbind security update, Salvatore Bonaccorso
Cisco AnyConnect elevation of privileges via DMG install script, Securify B.V.
- Re: Cisco AnyConnect elevation of privileges via DMG install script, Securify B.V.
[SECURITY] [DSA 3365-1] iceweasel security update, Moritz Muehlenhoff
ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
UltraEdit v22.20 - Buffer Overflow Vulnerability, Vulnerability Lab
WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability, Vulnerability Lab
Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability, Vulnerability Lab
Reflected Cross-Site Scripting (XSS) in iTop, High-Tech Bridge Security Research
Open-Xchange Security Advisory 2015-09-23, Martin Heiland
[slackware-security] mozilla-firefox (SSA:2015-265-01), Slackware Security Team
Cisco AnyConnect elevation of privileges via DLL side loading, Securify B.V.
[security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS), security-alert
UDID v1.0 iOS - Persistent Mail Encode Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3364-1] linux security update, Ben Hutchings
APPLE-SA-2015-09-21-1 watchOS 2, Apple Product Security
Jasig CAS server vulnerabilities, Antoni Klajn
Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft), securityresearch
CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth, Antoine Neuenschwander
SAP Netwaver - XML External Entity Injection, Lukasz Miedzinski
[SECURITY] [DSA 3363-1] owncloud-client security update, Luciano Bello
Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ..., Stefan Kanthak
[SECURITY] [DSA 3362-1] qemu-kvm security update, Salvatore Bonaccorso
[SECURITY] [DSA 3361-1] qemu security update, Salvatore Bonaccorso
KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation, KoreLogic Disclosures
[security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information, security-alert
APPLE-SA-2015-09-16-4 OS X Server 5.0.3, Apple Product Security
Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912), Amit Klein
APPLE-SA-2015-09-16-3 iTunes 12.3, Apple Product Security
APPLE-SA-2015-09-16-2 Xcode 7.0, Apple Product Security
APPLE-SA-2015-09-16-1 iOS 9, Apple Product Security
Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution, security-alert
Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files, gregory draperi
Microsoft Exchange Information Disclosure, apparitionsec
[SECURITY] [DSA 3360-1] icu security update, GCS
[security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data, security-alert
Paypal Inc - Open Redirect Web Vulnerability, Vulnerability Lab
Openfire 3.10.2 CSRF Vulnerabilities, apparitionsec
IKEView.exe R60 Stack Buffer Overflow, apparitionsec
[security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass, security-alert
[CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting, Ahrens, Julien
[SECURITY] [DSA 3358-1] php5 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3359-1] virtualbox security update, Moritz Muehlenhoff
[SECURITY] [DSA 3357-1] vzctl security update, Moritz Muehlenhoff
[SECURITY] [DSA 3356-1] openldap security update, Salvatore Bonaccorso
IKEView.exe Fox beta 1 Stack Buffer Overflow, apparitionsec
[security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code, security-alert
[KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability, Egidio Romano
Magento Bug Bounty #19 - Persistent Filename Vulnerability, Vulnerability Lab
PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability, Vulnerability Lab
Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability, Vulnerability Lab
Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability, Vulnerability Lab
Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15, LpSolit
Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14, dkl
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584, Onur Yilmaz
[SECURITY] [DSA 3355-1] libvdpau security update, Alessandro Ghedini
Multiple Cross-Site Scripting vulnerabilities in Synology Download Station, Securify B.V.
Synology Video Station command injection and multiple SQL injection vulnerabilities, Securify B.V.
[security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information, security-alert
[security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS), security-alert
[ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials, ERPScan inc
[ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials, ERPScan inc
[ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository, ERPScan inc
ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities, Security Alert
[security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS), security-alert
Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe, Stefan Kanthak
- Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe, Stefan Kanthak
[SECURITY] [DSA 3354-1] spice security update, Salvatore Bonaccorso
[CVE-2015-3623] Qlikview blind XXE Security Vulnerability, alex_haynes
NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation., Elliott Lewis
[SECURITY] [DSA 3353-1] openslp-dfsg security update, Alessandro Ghedini
JSPMySQL Administrador CSRF & XSS Vulnerabilities, apparitionsec
Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability, David Coomber
Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability, David Coomber
Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation, Stefan Kanthak
Oracle Hyperion password disclosure..., Jeff Kayser
- <Possible follow-ups>
- Re: Oracle Hyperion password disclosure..., jeff . kayser
[SECURITY] [DSA 3352-1] screen security update, Laszlo Boszormenyi
[slackware-security] seamonkey (SSA:2015-246-01), Slackware Security Team
[SECURITY] [DSA 3351-1] chromium-browser security update, Michael Gilbert
[CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow, Julien Ahrens
ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability, Security Alert
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities, Vulnerability Lab
Checkmarx CxQL Sandbox bypass (CVE-2014-8778), hdau
[SYSS-2015-016] Avaya one-X� Agent - Hard-coded Cryptographic Key, sven . freund
[slackware-security] bind (SSA:2015-245-01), Slackware Security Team
[SECURITY] [DSA 3350-1] bind9 security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-15:23.bind, FreeBSD Security Advisories
[SECURITY] [DSA 3348-1] qemu security update, Salvatore Bonaccorso
[SECURITY] [DSA 3349-1] qemu-kvm security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3347-1] pdns security update, Sébastien Delafond
ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability, Security Alert
Cross-Site Request Forgery in Cerb, High-Tech Bridge Security Research
[slackware-security] gdk-pixbuf2 (SSA:2015-244-01), Slackware Security Team
CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection, David Black
KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation, KoreLogic Disclosures
KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation, KoreLogic Disclosures
[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities, CORE Advisories Team
[security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code, security-alert
[security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information, security-alert
[security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information, security-alert
Dogma India dogmaindia CMS - Auth Bypass Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3346-1] drupal7 security update, Alessandro Ghedini
Jenkins 1.626 - Cross Site Request Forgery / Code Execution, smash
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability, Vulnerability Lab
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability, Vulnerability Lab
[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information, security-alert
[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access, security-alert
[security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3345-1] iceweasel security update, Salvatore Bonaccorso
[slackware-security] mozilla-firefox (SSA:2015-241-01), Slackware Security Team
[SECURITY] [DSA 3344-1] php5 security update, Sebastien Delafond
[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information, security-alert
UAC Bypass Vulnerability on "Windows 7" in Windows Script Host, vozzie
- Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host, Rich Pieri

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]