Bugtraq

Date Index

[Prev Page][Next Page]

Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host, (continued)
- Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host, kev . r
[security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code, security-alert
[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information, security-alert
CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins, grajalerts . noreply
[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information, security-alert
[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information, security-alert
[security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3343-1] twig security update, Sebastien Delafond
FreeBSD Security Advisory FreeBSD-SA-15:21.amd64, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:22.openssh, FreeBSD Security Advisories
[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities, security-alert
- RE: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities, M.H.P. van Diem
[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification, security-alert
[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification, security-alert
[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5, erlijn . vangenuchten
[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5, erlijn . vangenuchten
[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5, erlijn . vangenuchten
[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5, erlijn . vangenuchten
[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5, erlijn . vangenuchten
[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5, erlijn . vangenuchten
SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5, erlijn . vangenuchten
Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation, ajs
[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials, matthias . deeg
Cross site request forgery vulnerability in Linksys WAG120N, DonVallejo .
[slackware-security] gnutls (SSA:2015-233-01), Slackware Security Team
[security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution, security-alert
- <Possible follow-ups>
- [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution, security-alert
Logstash vulnerability CVE-2015-5619, Suyog Rao
- <Possible follow-ups>
- Logstash vulnerability CVE-2015-5619, Suyog Rao
[security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
APPLE-SA-2015-08-20-1 QuickTime 7.7.8, Apple Product Security
[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege, security-alert
[SECURITY] [DSA 3342-1] vlc security update, Alessandro Ghedini
[oCERT-2015-009] VLC arbitrary pointer dereference, Andrea Barisani
UBNT Bug Bounty #3 - Persistent Filename Vulnerability, Vulnerability Lab
UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
WebSolutions India Design CMS - SQL Injection Vulnerability, Vulnerability Lab
ChiefPDF Software v2.x - Buffer Overflow Vulnerability, Vulnerability Lab
PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability, Vulnerability Lab
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064), Vulnerability Lab
[SECURITY] [DSA 3341-1] conntrack security update, Salvatore Bonaccorso
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability, Security Alert
[SECURITY] [DSA 3340-1] zendframework security update, Alessandro Ghedini
[SECURITY] [DSA 3339-1] openjdk-6 security update, Moritz Muehlenhoff
[security bulletin] HPSBUX03400 SSRT102211 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability, Christofer Dutz
Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532), andrew
[SYSS-2015-041] XSS in OpenText Secure MFT, adrian . vollmer
Trend Micro Deep Discovery XSS, apparitionsec
Trend Micro Deep Discovery Authentication Bypass, apparitionsec
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation, Gregory Pickett
FreeBSD Security Advisory FreeBSD-SA-15:20.expat, FreeBSD Security Advisories
[SECURITY] [DSA 3338-1] python-django security update, Alessandro Ghedini
[SECURITY] [DSA 3337-1] gdk-pixbuf security update, Moritz Muehlenhoff
[SECURITY] [DSA 3325-2] apache2 regression update, Stefan Fritsch
- <Possible follow-ups>
- Re: [SECURITY] [DSA 3325-2] apache2 regression update, franzskinn
Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD ā?? XXE, rahfsk
EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532), andrew
- Re: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532), andrew
[SECURITY] [DSA 3336-1] nss security update, Salvatore Bonaccorso
- <Possible follow-ups>
- Re: [SECURITY] [DSA 3336-1] nss security update, miguelmellolopes
- Re: Re: [SECURITY] [DSA 3336-1] nss security update, rahfsk
sysadmin privilege in EMC Documentum Content Server, andrew
Insufficient certificate validation in EMC Secure Remote Services Virtual Edition, Securify B.V.
Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal, Securify B.V.
[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE, ERPScan inc
[ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow, ERPScan inc
ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability, Security Alert
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities, Security Alert
ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities, Security Alert
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities, Security Alert
Oracle CSO numbers, security hygiene and fixes at the same time, Security Explorations
Poor security in SOHO routers, again. Changing configuration parameters with a click., DonVallejo .
Re: [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9, li0252130467
vBulletin x.x.x rce "0day", Joshua Rogers
[slackware-security] mozilla-firefox (SSA:2015-226-01), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-226-02), Slackware Security Team
BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities, Blue Frost Security Research Lab
Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local), Christopher Hudel
APPLE-SA-2015-08-13-4 OS X Server v4.1.5, Apple Product Security
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006, Apple Product Security
APPLE-SA-2015-08-13-3 iOS 8.4.1, Apple Product Security
APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8, Apple Product Security
[security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution, security-alert
[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information, security-alert
Update: Backdoor and RCE found in 8 TOTOLINK router models, Pierre Kim
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001), Bernhard Mueller
[SECURITY] [DSA 3335-1] request-tracker4 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3332-1] wordpress security update, Thijs Kinkhorst
[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0, Ken
PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users, apparitionsec
phpipam-1.1.010 XSS Vulnerability, apparitionsec
- <Possible follow-ups>
- phpipam-1.1.010 XSS Vulnerability, apparitionsec
BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability, Blue Frost Security Research Lab
PHPfileNavigator 2.3.3 Persistent & Reflected XSS, apparitionsec
[SECURITY] [DSA 3333-1] iceweasel security update, Moritz Muehlenhoff
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability, Vulnerability Lab
Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Kevin Beaumont
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Limanovski, Dimitri
  - Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Kevin Beaumont
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Jerome Athias
  - Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Kevin Beaumont
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Stefan Kanthak
  - Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Kevin Beaumont
  - Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, Pedro Ribeiro
- <Possible follow-ups>
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor, simon
Pdf Shaper Buffer Overflow, metacom27
[SECURITY] [DSA 3334-1] gnutls28 security update, Salvatore Bonaccorso
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values, Onapsis Research Labs
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage, Onapsis Research Labs
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery, Onapsis Research Labs
[slackware-security] mozilla-firefox (SSA:2015-219-01), Slackware Security Team
[slackware-security] mozilla-nss (SSA:2015-219-02), Slackware Security Team
[SECURITY] [DSA 3330-1] activemq security update, Moritz Muehlenhoff
QNAP crypto keys logged on unencrypted disk partition in world accessible files, Andreas Steinmetz
Device Inspector v1.5 iOS - Command Inject Vulnerabilities, Vulnerability Lab
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability, Vulnerability Lab
Thomson Reuters FATCA - Arbitrary File Upload, jakub . palaczynski
[SECURITY] [DSA 3329-1] linux security update, Salvatore Bonaccorso
FreeBSD Security Advisory FreeBSD-SA-15:19.routed, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch, FreeBSD Security Advisories
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows, Stefan Kanthak
[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information, security-alert
SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network, SEC Consult Vulnerability Lab
[SECURITY] [DSA 3328-2] wordpress regression update, Thijs Kinkhorst
Mozilla extensions: a security nightmare, Stefan Kanthak
- Message not available
  - Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
    - Re: [FD] Mozilla extensions: a security nightmare, Ansgar Wiechers
      - Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
        
        Re: [FD] Mozilla extensions: a security nightmare, Reindl Harald
        
        Re: [FD] Mozilla extensions: a security nightmare, Bruce A. Peters
        
        Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
        
        Re: [FD] Mozilla extensions: a security nightmare, Christoph Gruber
        
        Re: [FD] Mozilla extensions: a security nightmare, Reindl Harald
        
        Re: [FD] Mozilla extensions: a security nightmare, Andrew Deck
    - Message not available
      - Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
        
        Message not available
        
        Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
        
        Message not available
        
        Re: [FD] Mozilla extensions: a security nightmare, Stefan Kanthak
        
        RE: [FD] Mozilla extensions: a security nightmare, Steve Friedl
        
        RE: [FD] Mozilla extensions: a security nightmare, Frank Waarsenburg
        
        Re: [FD] Mozilla extensions: a security nightmare, Jakob Holderbaum
        
        Re: [FD] Mozilla extensions: a security nightmare, Teddy A PURWADI
        
        Re: [FD] Mozilla extensions: a security nightmare, Reindl Harald
[SECURITY] [DSA 3328-1] wordpress security update, Thijs Kinkhorst
[SECURITY] [DSA 3327-1] squid3 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3326-1] ghostscript security update, Salvatore Bonaccorso
[SECURITY] [DSA 3325-1] apache2 security update, Stefan Fritsch
[SECURITY] [DSA 3324-1] icedove security update, Alessandro Ghedini
[SECURITY] [DSA 3323-1] icu security update, Laszlo Boszormenyi
Multiple XSS vulnerabilities in FortiSandbox WebUI, hyp3rlinx
[SECURITY] [DSA 3322-1] ruby-rack security update, Salvatore Bonaccorso
phpFileManager 0.9.8 Remote Command Execution, hyp3rlinx
HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators, roberto
[SECURITY] [DSA 3321-1] xmltooling security update, Alessandro Ghedini
[SECURITY] [DSA 3320-1] openafs security update, Sebastien Delafond
Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Dell Netvault Backup Remote Denial of Service, epoide
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED], FreeBSD Security Advisories
[security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information, security-alert
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin, High-Tech Bridge Security Research
[security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information, security-alert
phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability, apparitionsec
[slackware-security] bind (SSA:2015-209-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-15:17.bind, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:15.tcp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch, FreeBSD Security Advisories
[security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3319-1] bind9 security update, Salvatore Bonaccorso
SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities, SEC Consult Vulnerability Lab
Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne, Samuel Lavitt - CVE-2015-0942
Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3318-1] expat security update, Laszlo Boszormenyi
[SECURITY] [DSA 3317-1] lxc security update, Salvatore Bonaccorso
[SECURITY] [DSA 3316-1] openjdk-7 security update, Moritz Muehlenhoff
Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class, Securify B.V.
- Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class, Securify B.V.
Hawkeye-G v3.0.1 Persistent XSS & Information Leakage, apparitionsec
Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED], apparitionsec
- <Possible follow-ups>
- Re: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED], aabbccdd05407
[SECURITY] [DSA 3315-1] chromium-browser security update, Michael Gilbert
Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878, apparitionsec
[SECURITY] [DSA 3314-1] typo3-src end of life, Moritz Muehlenhoff
Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser, Qualys Security Advisory
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3313-1] linux security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability, Cisco Systems Product Security Incident Response Team
ESA-2015-118: EMC Avamar Directory Traversal Vulnerability, Security Alert
Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02], modzero
Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin, High-Tech Bridge Security Research
SQL Injection in Count Per Day WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3312-1] cacti security update, Alessandro Ghedini
NetCracker Resource Management 8.0 - SQL Injection Vulnerability, jychia . sec
NetCracker Resource Management 8.0 - XSS Vulnerability, jychia . sec
Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities, apparitionsec
FreeBSD Security Advisory FreeBSD-SA-15:13.tcp, FreeBSD Security Advisories
Logstash vulnerability CVE-2015-5378, Kevin Kluge
WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals, Maria Lemos
CVE-2015-5379: Axigen XSS vulnerability for html attachments, Ioan Indreias
[security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3311-1] mariadb-10.0 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3310-1] freexl security update, Moritz Muehlenhoff
[SECURITY] [DSA 3309-1] tidy security update, Alessandro Ghedini
[SECURITY] [DSA 3308-1] mysql-5.5 security update, Salvatore Bonaccorso
[slackware-security] httpd (SSA:2015-198-01), Slackware Security Team
[slackware-security] php (SSA:2015-198-02), Slackware Security Team
AirDroid ID - Client Side JSONP Callback Vulnerability, Vulnerability Lab
FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
UDID+ v2.5 iOS - Mail Command Inject Vulnerability, Vulnerability Lab
Oracle E-Business Suite Servlet URL Redirection Vulnerability, owais . md . khan
Novell GroupWise 2014 WebAccess vulnerable to XSS attacks, adrian . vollmer
SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express, SEC Consult Vulnerability Lab
Elasticsearch CVE-2015-5531, Kevin Kluge
Elasticsearch CVE-2015-5377, Kevin Kluge
ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability, Security Alert
ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability, Security Alert
[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure, Cédric Champeau
Backdoor and RCE found in 8 TOTOLINK router models, Pierre Kim
Backdoor credentials found in 4 TOTOLINK router models, Pierre Kim
4 TOTOLINK router models vulnerable to CSRF and XSS attacks, Pierre Kim
15 TOTOLINK router models vulnerable to multiple RCEs, Pierre Kim
- Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs, Joshua Wright
Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5, Tim Coen
XSS vulnerability in OFBiz forms, lilian_iatco
[CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect, Pedro Ribeiro
CFP: Passwords 2015, Dec 7-9, Cambridge, UK, Per Thorsheim
CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal, Brian Cardinale
[SYSS-2015-031] sysPass - SQL Injection, disclosure
phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS, apparitionsec
[slackware-security] mozilla-thunderbird (SSA:2015-192-01), Slackware Security Team
SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8, Tim Coen
[security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information, security-alert
Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS), security-alert
ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability, Security Alert
CVE-2014-7952, Android ADB backup APK injection vulnerability, Imre RAD
NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability, VMware Security Response Center
[SECURITY] [DSA 3307-1] pdns-recursor security update, Alessandro Ghedini
[SECURITY] [DSA 3306-1] pdns security update, Alessandro Ghedini
[slackware-security] openssl (SSA:2015-190-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-15:12.openssl, FreeBSD Security Advisories
Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution, andrew
[SECURITY] [DSA 3305-1] python-django security update, Alessandro Ghedini
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection, CORE Advisories Team
[security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information, security-alert
Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution, hdau
SQL Injection in easy2map-photos wordpress plugin v1.09, Larry W. Cashdollar
Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5, Larry W. Cashdollar
Symantec EP 12.1.4013 Disabling Vulnerability, apparitionsec
[slackware-security] bind (SSA:2015-188-04), Slackware Security Team
[slackware-security] ntp (SSA:2015-188-03), Slackware Security Team
[slackware-security] cups (SSA:2015-188-01), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-188-02), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-15:11.bind, FreeBSD Security Advisories
[security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information, security-alert
RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED), Patterson, Derrick A CTR (US)
[security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3303-1] cups-filters security update, Alessandro Ghedini
[SECURITY] [DSA 3302-1] libwmf security update, Moritz Muehlenhoff
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection, CORE Advisories Team
phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities, apparitionsec
Google Chrome Address Spoofing - Google's Opinion, David Leo
[SECURITY] [DSA 3301-1] haproxy security update, Salvatore Bonaccorso
127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request, Pierre Kim
Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability, Vulnerability Lab
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled, Kevin Beaumont
Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
- Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Reindl Harald
[SECURITY] [DSA 3300-1] iceweasel security update, Moritz Muehlenhoff
WK UDID v1.0.1 iOS - Command Inject Vulnerability, Vulnerability Lab
Ruxcon 2015 Final Call For Presentations, cfp
CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0, Alessandro Zala
SQL Injection in easy2map wordpress plugin v1.24, Larry W. Cashdollar
ipTIME n104r3 vulnerable to CSRF and XSS attacks, Pierre Kim
[SECURITY] [DSA 3299-1] stunnel4 security update, Salvatore Bonaccorso
ToorCon 17 Call For Papers!, h1kari
iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\..., Stefan Kanthak
Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models), Pierre Kim
ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability, Security Alert
ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities, Security Alert
ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities, Security Alert
Path Traversal in BlackCat CMS, High-Tech Bridge Security Research
Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability, Vulnerability Lab
FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability, Vulnerability Lab
Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability, Vulnerability Lab
Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability, Vulnerability Lab
Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects, andrew
APPLE-SA-2015-06-30-6 iTunes 12.2, Apple Product Security
[SECURITY] [DSA 3298-1] jackrabbit security update, Moritz Muehlenhoff
APPLE-SA-2015-06-30-5 QuickTime 7.7.7, Apple Product Security
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001, Apple Product Security
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7, Apple Product Security
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005, Apple Product Security
APPLE-SA-2015-06-30-1 iOS 8.4, Apple Product Security
Google Chrome Address Spoofing (Request For Comment), David Leo
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP, Fernando Muñoz
[SECURITY] [DSA 3297-1] unattended-upgrades security update, Alessandro Ghedini
[SECURITY] [DSA 3296-1] libcrypto++ security update, Alessandro Ghedini
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities, apparitionsec
CollabNet Subversion Edge indes local file inclusion, Oliver-Tobias Ripka
CollabNet Subversion Edge missing single login restriction, Oliver-Tobias Ripka
CollabNet Subversion Edge weak password storage mechanism, Oliver-Tobias Ripka
CollabNet Subversion Edge missing XSRF protection, Oliver-Tobias Ripka
CollabNet Subversion Edge weak password policy, Oliver-Tobias Ripka
CollabNet Subversion Edge autocomplete on, Oliver-Tobias Ripka
CollabNet Subversion Edge missing clickjacking protection, Oliver-Tobias Ripka
CollabNet Subversion Edge missing brute force protection, Oliver-Tobias Ripka
CollabNet Subversion Edge show local file inclusion, Oliver-Tobias Ripka
CollabNet Subversion Edge insecure password change, Oliver-Tobias Ripka
CollabNet Subversion Edge tail local file inclusion, Oliver-Tobias Ripka
CollabNet Subversion Edge downloadHook local file inclusion, Oliver-Tobias Ripka
CollabNet Subversion Edge Password Hash Leak, Oliver-Tobias Ripka
CollabNet Subversion Edge Hook Script Privilege Escalation, Oliver-Tobias Ripka
CSRF Vulnerability in C2Box application CVE-2015-4460, wissam . bashour
Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10, Tim
[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege, security-alert
[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, security-alert
SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences, SEC Consult Vulnerability Lab
ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities, Security Alert
CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability, Imre RAD
Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA, Cisco Systems Product Security Incident Response Team
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability, Security Alert
Netgear Prosafe VPN Firewalls - Multiple vulnerabilities, post
[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE, Darya Maenkova
[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll, Darya Maenkova
[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS, Darya Maenkova
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check, Darya Maenkova
[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure, Darya Maenkova
[ERPSCAN-15-005] SAP Mobile Platform - XXE, Darya Maenkova
[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE, Darya Maenkova
[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE, Darya Maenkova
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS, Darya Maenkova
[SECURITY] [DSA 3295-1] cacti security update, Salvatore Bonaccorso
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders, Federick Joe P Fajardo
CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004, Marco Delai
[SECURITY] [DSA 3294-1] wireshark security update, Moritz Muehlenhoff
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability, Security Alert
- <Possible follow-ups>
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability, Security Alert
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting, Security Alert
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass), n4ser . farhadi
[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information, security-alert
The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address, Amit Klein
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability, Vulnerability Lab
[oCERT-2015-008] FreeRADIUS insufficent CRL application, Andrea Barisani
GeniXCMS XSS Vulnerabilities, apparitionsec
mysql-lite-administrator XSS vulnerabilities, apparitionsec
- <Possible follow-ups>
- mysql-lite-administrator XSS vulnerabilities, apparitionsec
[SECURITY] [DSA 3293-1] pyjwt security update, Alessandro Ghedini
[CVE-2015-3188] Apache Storm remote code execution vulnerability, P. Taylor Goetz
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability, Vulnerability Lab
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability, Vulnerability Lab
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability, Vulnerability Lab
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities, Vulnerability Lab
[SECURITY] [DSA 3292-1] cinder security update, Sebastien Delafond
DUO Security push Timing Attack, jpierini
[SECURITY] [DSA 3291-1] drupal7 security update, Sebastien Delafond
[SECURITY] [DSA 3290-1] linux security update, Ben Hutchings
[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information, security-alert
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities, VCE - PSIRT
Reflected Cross-Site Scripting (XSS) in SearchBlox, High-Tech Bridge Security Research
OS Command Injection in Vesta Control Panel, High-Tech Bridge Security Research
ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities, Security Alert
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability, Security Alert
BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability, d4rkr0id
[SECURITY] [DSA 3289-1] p7zip security update, Ben Hutchings
[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager, RedTeam Pentesting GmbH
WebdesignJiNi Cms Sql Injection Vulnerability, iedb . team
Productsurf Cms Sql Injection Vulnerability, iedb . team
[SECURITY] [DSA 3252-2] sqlite3 security update, Alessandro Ghedini
[SECURITY] [DSA 3288-1] libav security update, Moritz Muehlenhoff
[SECURITY] [DSA 3287-1] openssl security update, Alessandro Ghedini
Buffer Overflow in My Wifi Router Software, sudson08
[SECURITY] [DSA 3286-1] xen security update, Moritz Muehlenhoff
[SECURITY] [DSA 3285-1] qemu-kvm security update, Salvatore Bonaccorso
[slackware-security] openssl (SSA:2015-162-01), Slackware Security Team
FreeBSD Security Advisory FreeBSD-SA-15:10.openssl, FreeBSD Security Advisories
[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting, ludwig . stage
ZCMS SQL Injection & Persistent XSS, apparitionsec
[slackware-security] php (SSA:2015-162-02), Slackware Security Team
Nakid-CMS CSRF, Persistent XSS & LFI, apparitionsec
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability, Egidio Romano
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities, Egidio Romano
[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability, Egidio Romano
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin, Larry W. Cashdollar
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
D-Link DSP-W110 - multiple vulnerabilities, Peter Adkins
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0, Larry W. Cashdollar
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ), stasvolfus
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability, Vulnerability Lab
Use-After-Free in PHP, High-Tech Bridge Security Research
Multiple Vulnerabilities in ISPConfig, High-Tech Bridge Security Research
Arbitrary File Disclosure and Open Redirect in Bonita BPM, High-Tech Bridge Security Research
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery, RedTeam Pentesting GmbH
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID, RedTeam Pentesting GmbH
[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
Elasticsearch vulnerability CVE-2015-4165, Kevin Kluge
- <Possible follow-ups>
- Elasticsearch vulnerability CVE-2015-4165, Kevin Kluge
Kibana vulnerability CVE-2015-4093, Kevin Kluge
Logstash vulnerability CVE-2015-4152, Kevin Kluge
[SECURITY] [DSA 3283-1] cups security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution, security-alert
[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS), security-alert
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues, VMware Security Response Center
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016, icissp . secretariat
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities, apparitionsec
- <Possible follow-ups>
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities, apparitionsec
Symphony CMS XSS Vulnerability [Corrected Post], apparitionsec
[SECURITY] [DSA 3282-1] strongswan security update, Yves-Alexis Perez
Symphony CMS XSS Vulnerability, apparitionsec
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability, d4rkr0id
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice, Thijs Kinkhorst
[SECURITY] [DSA 3280-1] php5 security update, Moritz Muehlenhoff
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App, Payatu Research
[SECURITY] [DSA 3279-1] redis security update, Alessandro Ghedini
Symphony CMS 2.6.2, apparitionsec
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4, venkatesh . nitin
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS, Larry W. Cashdollar
Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure, Mike Sheward
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection], pan . vagenas
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
- <Possible follow-ups>
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
Wing FTP Server Remote Code Execution vulnerability, alex_haynes
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities, alex_haynes
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability, alex_haynes
CA20150604-01: Security Notice for CA Common Services, Kotas, Kevin J
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access, security-alert
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion], pan . vagenas
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities, jerold
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc), Pedro Ribeiro
[SECURITY] [DSA 3278-1] libapache-mod-jk security update, Markus Koschany
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability, Security Alert
Local PHP File Inclusion in ResourceSpace, High-Tech Bridge Security Research
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability, banana88
Safari Address Spoofing - Impact, Code, How It Works, History, David Leo
[SECURITY] [DSA 3249-2] jqueryui security update, Sebastien Delafond
[SECURITY] [DSA 3277-1] wireshark security update, Moritz Muehlenhoff
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability, Vulnerability Lab
vfront-0.99.2 CSRF & Persistent XSS, apparitionsec
Enhanced SQL Portal 5.0.7961 XSS Vulnerability, apparitionsec
Freebox OS Web interface 3.0.2 XSS, CSRF, huyngocbk
t2'15: Call for Papers 2015 (Helsinki / Finland), Tomi Tuominen
WebDrive Buffer OverFlow PoC, banana88
Ektron CMS 9.10 SP1 - XSS Vulnerability, jerold
Ektron CMS 9.10 SP1 - CSRF Vulnerability, jerold
[SECURITY] [DSA 3276-1] symfony security update, Moritz Muehlenhoff
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update, Salvatore Bonaccorso
[SECURITY] [DSA 3275-1] fusionforge security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information, security-alert
[security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information, security-alert
JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities, apparitionsec
[SECURITY] [DSA 3274-1] virtualbox security update, Moritz Muehlenhoff
[security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege, security-alert
Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution, mystyle_rahul
CVE-2015-1835: ..., Dirk-Willem van Gulik on behalf of Apache Cordova
[SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices, Gergely Eberhardt
- [SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast, Gergely Eberhardt
DbNinja 3.2.6 Flash XSS Vulnerabilities, apparitionsec
- <Possible follow-ups>
- DbNinja 3.2.6 Flash XSS Vulnerabilities, apparitionsec
[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement, Onapsis Research Labs
[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability, Onapsis Research Labs
Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability, David Coomber
[SECURITY] [DSA 3268-2] ntfs-3g security update, Salvatore Bonaccorso
CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS], pan . vagenas
[SECURITY] [DSA 3273-1] tiff security update, Moritz Muehlenhoff
Synology Photo Station multiple Cross-Site Scripting vulnerabilities, Securify B.V.
Reflected Cross-Site Scripting in Synology DiskStation Manager, Securify B.V.
Command injection vulnerability in Synology Photo Station, Securify B.V.
[SECURITY] [DSA 3265-2] zendframework regression update, Alessandro Ghedini
[SECURITY] [DSA 3272-1] ipsec-tools security update, Salvatore Bonaccorso
[SECURITY] [DSA 3271-1] nbd security update, Alessandro Ghedini
[security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege, security-alert
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability, CORE Advisories Team
[SECURITY] [DSA 3270-1] postgresql-9.4 security update, Christoph Berg
[SECURITY] [DSA 3268-1] ntfs-3g security update, Salvatore Bonaccorso
[SECURITY] [DSA 3267-1] chromium-browser security update, Michael Gilbert
[security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation], pan . vagenas
- <Possible follow-ups>
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation], pan . vagenas
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS], pan . vagenas
- <Possible follow-ups>
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS], pan . vagenas
[SECURITY] [DSA 3266-1] fuse security update, Salvatore Bonaccorso
Webgrind XSS vulnerability, hyp3rlinx
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability), Julian Reschke
CVE for Apple's ECDHE-ECDSA SecureTransport bug?, Jeffrey Walton
[SECURITY] [DSA 3261-2] libmodule-signature-perl regression update, Salvatore Bonaccorso
[security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities, security-alert
[security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability, Vulnerability Lab
Stored XSS in WP Photo Album Plus WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3265-1] zendframework security update, David Prévot
HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability, Vulnerability Lab
ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability, akashchavan0708
Staff FTP v3.04 Software - DLL Hijacking Vulnerability, metacom27
- <Possible follow-ups>
- Staff FTP v3.04 Software - DLL Hijacking Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3263-1] proftpd-dfsg security update, Sebastien Delafond
[SECURITY] [DSA 3264-1] icedove security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow, security-alert
APPLE-SA-2015-05-19-1 Watch OS 1.0.1, Apple Product Security
[security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access, security-alert
WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability, metacom27
- <Possible follow-ups>
- WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3175-2] kfreebsd-9 security update, Alessandro Ghedini
[SECURITY] [DSA 3262-1] xen security update, Moritz Muehlenhoff
OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities, Vulnerability Lab
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability, Vulnerability Lab
Wireless Photo Transfer v3.0 iOS - File Include Vulnerability, Vulnerability Lab
CRUCMS Crucial Networking - SQL Injection Vulnerability, Vulnerability Lab
[slackware-security] mozilla-thunderbird (SSA:2015-137-01), Slackware Security Team
ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability, Security Alert
[SECURITY] [DSA 3261-1] libmodule-signature-perl security update, Salvatore Bonaccorso
[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine, Security Explorations
phpMyAdmin 4.4.6 Man-In-the-Middle API Github, submit
[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass, Mark Thomas
SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2), SEC Consult Vulnerability Lab
Sidu 5.2 Admin XSS Vulnerability, apparitionsec
Certificate trust vulnerability in Websense Content Gateway, Steve Shockley
Server buffer overflow in Pure Faction <= 3.0c, soulsgetnothing
[SECURITY] [DSA 3260-1] iceweasel security update, Moritz Muehlenhoff
[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities, CORE Advisories Team
Web India Solutions CMS 2015 - SQL Injection Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3259-1] qemu security update, Moritz Muehlenhoff
Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250, Onur Yilmaz
Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products, Cisco Systems Product Security Incident Response Team
SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server, SEC Consult Vulnerability Lab
[slackware-security] mozilla-firefox (SSA:2015-132-04), Slackware Security Team
[SECURITY] [DSA 3258-1] quassel security update, Alessandro Ghedini
[security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information, security-alert
[slackware-security] mysql (SSA:2015-132-02), Slackware Security Team
[slackware-security] wpa_supplicant (SSA:2015-132-03), Slackware Security Team
[slackware-security] mariadb (SSA:2015-132-01), Slackware Security Team
[SECURITY] [DSA 3257-1] mercurial security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS), security-alert
[oCERT-2015-006] dcraw input sanitization errors, Andrea Barisani
[SECURITY] [DSA 3256-1] libtasn1-6 security update, Salvatore Bonaccorso
[SECURITY] [DSA 3255-1] zeromq3 security update, Alessandro Ghedini
[SECURITY] [DSA 3254-1] suricata security update, Salvatore Bonaccorso
Sqlbuddy Path Traversal Vulnerability, hyp3rlinx
Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability, apparitionsec
[security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure, security-alert
Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities, Vulnerability Lab
[ MDVSA-2015:232 ] libtasn1, security
[SECURITY] [DSA 3251-2] dnsmasq regression update, Salvatore Bonaccorso
[SECURITY] [DSA 3253-1] pound security update, Thijs Kinkhorst
CSRF/XSS In Ad_Button Wordpress, kingkaustubh
CSRF/XSS in embed-articles Wordpress Plugin, kingkaustubh
[security bulletin] HPSBUX03194 rev.1 - HP-UX running sendmail(1M), Remote Disclosure of Information, security-alert
Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability, Vulnerability Lab
Album Streamer v2.0 iOS - Directory Traversal Vulnerability, Vulnerability Lab
Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability, Vulnerability Lab
Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429, Onur Yilmaz
[ MDVSA-2015:231 ] perl-XML-LibXML, security
[SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass, matthias . deeg
[SYSS-2015-019] BullGuard Antivirus - Authentication Bypass, matthias . deeg
[SYSS-2015-017] BullGuard Internet Security - Authentication Bypass, matthias . deeg
F5 ASM JSON Profile Bypass, Peter Lapp
APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6, Apple Product Security
[SE-2014-02] Some additional GAE Java security sandbox bypasses, Security Explorations
Alienvault OSSIM/USM Multiple Vulnerabilities, Peter Lapp
[SECURITY] [DSA 3252-1] sqlite3 security update, Moritz Muehlenhoff
CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin, kingkaustubh
CSRF/XSS In ClickBank ads Wordpress Plugin, kingkaustubh
CSRF/XSS In Manage Engine Asset Explorer, kingkaustubh
CSRF/XSSIn Ad_InSerter Wordpress, kingkaustubh
CSRF/XSS In Embed ArticlesWordpress Plugin, kingkaustubh
Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Advisory: Filezilla FTP server is vulnerable to FTP PORT bounce, Amit Klein
TORNADO Computer Trading CMS - SQL Injection Vulnerability, Vulnerability Lab
PDF Converter & Editor 2.1 iOS - File Include Vulnerability, Vulnerability Lab
[ MDVSA-2015:230 ] squid, security
[ MDVSA-2015:229 ] net-snmp, security
[ MDVSA-2015:228 ] nodejs, security
Arbitrary Variable Overwrite in eShop WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] CVE-2014-0230: Apache Tomcat DoS, Mark Thomas
F5 BIG-IQ Enumeration of users and Information Disclosure, jplopezy
[SECURITY] [DSA 3251-1] dnsmasq security update, Salvatore Bonaccorso
[ MDVSA-2015:227 ] mariadb, security
Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
vPhoto-Album v4.2 iOS - File Include Web Vulnerability, Vulnerability Lab
[CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL, Pedro Ribeiro
[SECURITY] [DSA 3250-1] wordpress security update, Alessandro Ghedini
ESA-2015-084: EMC AutoStart Packet Injection Vulnerability, Security Alert
European Cyber Security Challenge 2015, Ivan Buetler
[ MDVSA-2015:226 ] fcgi, security
ESA-2015-077: EMC SourceOne Email Management Account Lockout, Security Alert
[ MDVSA-2015:225 ] cherokee, security
[ MDVSA-2015:224 ] ruby, security
[ MDVSA-2015:223 ] directfb, security
[ MDVSA-2015:222 ] ppp, security
[ MDVSA-2015:221 ] clamav, security
[SECURITY] [DSA 3249-1] jqueryui security update, Sebastien Delafond
[ MDVSA-2015:219 ] curl, security
[ MDVSA-2015:220 ] curl, security
HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability, Vulnerability Lab
Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities, Vulnerability Lab
Grindr v2.1.1 iOS - (eMail) Session Vulnerability, Vulnerability Lab
Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability, Vulnerability Lab
PhotoWebsite v3.1 iOS - File Include Web Vulnerability, Vulnerability Lab
[SECURITY] [DSA 3248-1] libphp-snoopy security update, Moritz Muehlenhoff
[SECURITY] [DSA 3247-1] ruby2.1 security update, Alessandro Ghedini
[SECURITY] [DSA 3246-1] ruby1.9.1 security update, Alessandro Ghedini
[SECURITY] [DSA 3245-1] ruby1.8 security update, Alessandro Ghedini
[SECURITY] [DSA 3244-1] owncloud security update, Salvatore Bonaccorso
Code Injection in Epicor Retail Store 3.2.03.01.008, webmaster
[SECURITY] [DSA 3243-1] libxml-libxml-perl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3242-1] chromium-browser security update, Michael Gilbert
SevDesk v1.1 iOS - Persistent Dashboard Vulnerability, Vulnerability Lab
[SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities, matthias . deeg
[ MDVSA-2015:218 ] glibc, security
[ MDVSA-2015:217 ] sqlite3, security
[SECURITY] [DSA 3241-1] elasticsearch security update, Moritz Muehlenhoff
[security bulletin] HPSBGN03324 rev.1 - HP Business Service Automation Essentials Core, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3239-1] icecast2 security update, Alessandro Ghedini
[SECURITY] [DSA 3240-1] curl security update, Alessandro Ghedini
ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability, Security Alert
[security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
[ MDVSA-2015:216 ] ntop, security
[ MDVSA-2015:214 ] libksba, security
[ MDVSA-2015:215 ] t1utils, security
[ MDVSA-2015:213 ] lftp, security
[oCERT-2015-003] MySQL SSL/TLS downgrade, Andrea Barisani
Multiple Vulnerabilities in TheCartPress WordPress plugin, High-Tech Bridge Security Research
CSRF & XSS Wing FTP Server Admin <= v4.4.5, apparitionsec
PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability, Vulnerability Lab
SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
[CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities, CORE Advisories Team
[ MDVSA-2015:212 ] java-1.7.0-openjdk, security
Open-Xchange Security Advisory 2015-04-27, Martin Heiland
[ MDVSA-2015:211 ] glusterfs, security
Elasticsearch vulnerability CVE-2015-3337, Kevin Kluge
[ MDVSA-2015:210 ] qemu, security
[ MDVSA-2015:209 ] php, security
[ MDVSA-2015:208 ] setup, security
[ MDVSA-2015:207 ] perl-Module-Signature, security
[ MDVSA-2015:206 ] asterisk, security
[ MDVSA-2015:205 ] tor, security
[ MDVSA-2015:204 ] librsync, security
[SECURITY] [DSA 3238-1] chromium-browser security update, Michael Gilbert

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]