Bugtraq

Date Index

[Prev Page][Next Page]

WordPress 4.2 stored XSS, Jouko Pynnonen
[SECURITY] [DSA 3237-1] linux security update, Ben Hutchings
[SECURITY] [DSA 3236-1] libreoffice security update, Moritz Muehlenhoff
[SECURITY] [DSA 3235-1] openjdk-7 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3234-1] openjdk-6 security update, Moritz Muehlenhoff
[security bulletin] HPSBHF03272 rev.1 - HP Servers with NVidia GPU Computing Driver running Windows Server 2008, Elevation of Privilege, security-alert
[security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure, security-alert
[SECURITY] [DSA 3233-1] wpa security update, Salvatore Bonaccorso
4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes - Advanced Information Security Corporation, Nicholas Lemonias.
Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit, ZoRLu Bugrahan
Incorrect handling of self signed certificates in OpenFire XMPP Server, Simon Waters
SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=-, lem . nikolas
Zeppelin - SSH script - Advanced Information Security Corporation, lem . nikolas
4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes, Nicholas Lemonias.
Avsarsoft Matbaa Script - Multiple Vulnerabilities, ZoRLu Bugrahan
Pligg CMS 2.0.2 - Stored XSS, joelvarghese7
Socrata Bug Bounty #1 - Persistent Encoding Vulnerability, Vulnerability Lab
Dnsmasq 2.72 Unchecked returned value, Nick Sampanis
[ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow, 朱东海
- <Possible follow-ups>
- [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow, xing_fang
[slackware-security] openssl (SSA:2015-111-09), Slackware Security Team
[slackware-security] bind (SSA:2015-111-01), Slackware Security Team
[slackware-security] httpd (SSA:2015-111-03), Slackware Security Team
[slackware-security] ntp (SSA:2015-111-08), Slackware Security Team
[slackware-security] gnupg (SSA:2015-111-02), Slackware Security Team
[slackware-security] proftpd (SSA:2015-111-12), Slackware Security Team
[slackware-security] seamonkey (SSA:2015-111-14), Slackware Security Team
[slackware-security] ppp (SSA:2015-111-11), Slackware Security Team
[slackware-security] php (SSA:2015-111-10), Slackware Security Team
[slackware-security] mutt (SSA:2015-111-07), Slackware Security Team
[slackware-security] libssh (SSA:2015-111-04), Slackware Security Team
[slackware-security] qt (SSA:2015-111-13), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-111-06), Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-111-05), Slackware Security Team
[security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution, security-alert
Multiple Cross-Site Scripting (XSS) in FreePBX, High-Tech Bridge Security Research
Netgear WNR2000v4 Multiple Vulnerabilities, endeavor
[SECURITY] [DSA 3232-1] curl security update, Alessandro Ghedini
iPassword Manager v2.6 iOS - Persistent Vulnerabilities, Vulnerability Lab
Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability, Vulnerability Lab
Reflected XSS Vulnerability In Manage Engine Event Log Analyzer, kkulkarni
Reflected XSS Vulnerability In Manage Engine Firewall Analyzer, kkulkarni
Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin, kumarrohit2255
[SECURITY] [DSA 3231-1] subversion security update, Salvatore Bonaccorso
AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%, Hector Marco-Gisbert
Linux ASLR mmap weakness: Reducing entropy by half, Hector Marco-Gisbert
[security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information, security-alert
GoAutoDial 3.3 multiple vulnerabilities, root
Google Analytics by Yoast stored XSS #2, Jouko Pynnonen
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities, Vulnerability Lab
PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability, Vulnerability Lab
Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability, Vulnerability Lab
Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability, Vulnerability Lab
Photo Manager Pro v4.4.0 iOS - File Include Vulnerability, Vulnerability Lab
Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability, Vulnerability Lab
Mobile Drive HD v1.8 - File Include Web Vulnerability, Vulnerability Lab
Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability, Vulnerability Lab
[security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[SECURITY] [DSA 3230-1] django-markupfield security update, Alessandro Ghedini
[SECURITY] [DSA 3229-1] mysql-5.5 security update, Salvatore Bonaccorso
CVE-2014-7953 Android backup agent code execution, Imre RAD
CVE-2014-7951 adb backup archive path traversal file overwrite, Imre RAD
CVE-2014-7954 MTP path traversal vulnerability in Android, Imre RAD
112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges, Pierre Kim
Lychee 2.7.1 remote code execution, Filippo Cavallarin
Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability, prathan . ptr
[SECURITY] [DSA 3228-1] ppp security update, Sebastien Delafond
[CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities, alex_haynes
Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability, Secunia Research
[security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3227-1] movabletype-opensource security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[SECURITY] [DSA 3226-1] inspircd security update, Sebastien Delafond
ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability, Security Alert
[SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update, Moritz Muehlenhoff
[IMF2015] Call for Participation, Oliver Goebel
Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability, Secunia Research
Wordpress WP Statistics persistent cross site scripting, kingkaustubh
several issues in SQLite (+ catching up on several other bugs), Michal Zalewski
whitepaper: Identifier based XSSI attacks, Takeshi Terada
[SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass, matthias . deeg
[SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass, matthias . deeg
[SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass, matthias . deeg
[SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass, matthias . deeg
Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, Nicholas Lemonias.
- <Possible follow-ups>
- Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, lem . nikolas
- Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, Nicholas Lemonias.
[CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document, Daniel Regalado
[security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities, security-alert
[security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code, security-alert
Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp, lem . nikolas
Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp, Nicholas Lemonias.
Ruxcon 2015 Call For Presentations, cfp
[SECURITY] [DSA 3224-1] libx11 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3223-1] ntp security update, Alessandro Ghedini
[SECURITY] [DSA 3222-1] chrony security update, Alessandro Ghedini
[SECURITY] [DSA 3221-1] das-watchdog security update, Salvatore Bonaccorso
Safari iOS/OS X/Windows cookie access vulnerability, Jouko Pynnonen
[SECURITY] [DSA 3220-1] libtasn1-3 security update, Salvatore Bonaccorso
Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability], huehuehuehue10
[SECURITY] [DSA 3219-1] libdbd-firebird-perl security update, Alessandro Ghedini
OrangeHRM Blind SQL Injection & XSS Vulnerabilities, Rehan Ahmed
[ MDVSA-2015:203 ] batik, security
[security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information, security-alert
[SECURITY] [DSA 3218-1] wesnoth-1.10 security update, Moritz Muehlenhoff
Hidden backdoor API to root privileges in Apple OS X, Jeffrey Walton
SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035), SEC Consult Vulnerability Lab
[ MDVSA-2015:201 ] arj, security
[ MDVSA-2015:202 ] ntp, security
[ MDVSA-2015:200 ] mediawiki, security
[ MDVSA-2015:199 ] less, security
[SECURITY] [DSA 3217-1] dpkg security update, Salvatore Bonaccorso
SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows, SEC Consult Vulnerability Lab
[ MDVSA-2015:198 ] java-1.8.0-openjdk, security
APPLE-SA-2015-04-08-5 Xcode 6.3, Apple Product Security
AST-2015-003: TLS Certificate Common name NULL byte exploit, Asterisk Security Team
[security bulletin] HPSBUX03240 SSRT101872 rev.2 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilities, security-alert
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004, Apple Product Security
APPLE-SA-2015-04-08-3 iOS 8.3, Apple Product Security
APPLE-SA-2015-04-08-4 Apple TV 7.2, Apple Product Security
APPLE-SA-2015-04-08-1 Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5, Apple Product Security
Cisco Security Advisory: Cisco ASA FirePOWER Services and Cisco ASA CX Services Crafted Packets Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
[HITB-Announce] HITB GSEC 2015 Singapore - Call for Papers, Hafez Kamal
[CVE-2015-2926] XSS vuln in phpTrafficA, Daniël Geerts
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp [REVISED], FreeBSD Security Advisories
[security bulletin] HPSBHF03310 rev.1 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code, security-alert
FreeBSD 10.x ZFS encryption.key disclosure (CVE-2015-1415), Pierre Kim
FreeBSD Security Advisory FreeBSD-SA-15:07.ntp, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:09.ipv6, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:08.bsdinstall, FreeBSD Security Advisories
CA20150407-01: Security Notice for CA Spectrum, Kotas, Kevin J
Reflected Cross-Site Scripting vulnerability in asdoc generated documentation, Securify B.V.
[SECURITY] [DSA 3057-2] libxml2 regression update, Salvatore Bonaccorso
CVE-2015-1773 Apache Flex reflected XSS vulnerability, Tom Chiverton
[CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution, Pedro Ribeiro
[ MDVSA-2015:196 ] cups-filters, security
[ MDVSA-2015:195 ] python-django, security
[ MDVSA-2015:193 ] libtasn1, security
[security bulletin] HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3216-1] tor security update, Moritz Muehlenhoff
[security bulletin] HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS), security-alert
[SECURITY] [DSA 3215-1] libgd2 security update, Alessandro Ghedini
[SECURITY] [DSA 3214-1] mailman security update, Thijs Kinkhorst
[SECURITY] [DSA 3213-1] arj security update, Salvatore Bonaccorso
Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp, Nicholas Lemonias.
Security Audit Notes - Kerberos Security Issues (krb5-1.13 stable) - Advanced Information Security Corp., lem . nikolas
HotExBilling Manager Cross-site scripting (XSS) vulnerability, bhadresh . patel
[ MDVSA-2015:192 ] subversion, security
Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17, Larry W. Cashdollar
Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8, Larry W. Cashdollar
NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE, VMware Security Response Center
- <Possible follow-ups>
- Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE, 13669185678
[security bulletin] HPSBST03195 rev.1 - HP 3PAR Service Processor (SP) running OpenSSL and Bash, Remote Code Execution, Unauthorized Access, Disclosure of Information, security-alert
[SECURITY] [DSA 3212-1] icedove security update, Yves-Alexis Perez
[security bulletin] HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
[security bulletin] HPSBGN03302 rev.1 - HP IceWall Federation Agent, Remote Denial of Service (DoS), security-alert
Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp, Nicholas Lemonias.
[ MDVSA-2015:161-1 ] icu, security
[ MDVSA-2015:191 ] owncloud, security
[ MDVSA-2015:190 ] owncloud, security
[ MDVSA-2015:189 ] tor, security
Wordpress plugin Simple Ads Manager - Information Disclosure, ITAS Team
Wordpress plugin Simple Ads Manager - Arbitrary File Upload, ITAS Team
Wordpress plugin Simple Ads Manager - Multiple SQL Injection, ITAS Team
Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation, Nicholas Lemonias.
- <Possible follow-ups>
- Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation, lem . nikolas
[ MDVSA-2015:188 ] flac, security
Wordpress plugin Simple Ads Manager - SQL Injection, ITAS Team
[ MDVSA-2015:187 ] graphviz, security
SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User, ~~~ Elliptic TAO Team ~~~
[security bulletin] HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information, security-alert
[security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3211-1] iceweasel security update, Salvatore Bonaccorso
Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability, Cisco Systems Product Security Incident Response Team
ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability, Security Alert
[SECURITY ANNOUNCEMENT] CVE-2015-0225, Jake Luciani
[SECURITY] [DSA 3210-1] wireshark security update, Moritz Muehlenhoff
[ MDVSA-2015:186 ] phpmyadmin, security
[ MDVSA-2015:185 ] dokuwiki, security
[security bulletin] HPSBHF03271 rev.1 - HP PCs and Workstations Running Windows 7 with NVidia Graphics Driver, Elevation of Privileges, security-alert
[SECURITY] [DSA 3209-1] openldap security update, Yves-Alexis Perez
[security bulletin] HPSBGN03270 rev.1 - HP Operations Analytics, Remote Execution of Code, security-alert
[ MDVSA-2015:182 ] tcpdump, security
[ MDVSA-2015:184 ] setup, security
[ MDVSA-2015:183 ] wireshark, security
[CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow, CORE Advisories Team
[ MDVSA-2015:145-1 ] libxfont, security
[ MDVSA-2015:147-1 ] libtiff, security
[ MDVSA-2015:181 ] drupal, security
[ MDVSA-2015:178 ] ctags, security
[ MDVSA-2015:179 ] coreutils, security
[ MDVSA-2015:180 ] apache-mod_wsgi, security
[ MDVSA-2015:029-1 ] binutils, security
[ MDVSA-2015:177 ] ctdb, security
[ MDVSA-2015:176 ] dbus, security
[ MDVSA-2015:175 ] ejabberd, security
[ MDVSA-2015:174 ] erlang, security
[ MDVSA-2015:173 ] ffmpeg, security
[ MDVSA-2015:172 ] firebird, security
[ MDVSA-2015:171 ] freerdp, security
[ MDVSA-2015:168 ] glibc, security
[ MDVSA-2015:170 ] gcc, security
[ MDVSA-2015:169 ] git, security
[ MDVSA-2015:167 ] glpi, security
[ MDVSA-2015:166 ] clamav, security
[ MDVSA-2015:165 ] bind, security
[ MDVSA-2015:161 ] icu, security
[ MDVSA-2015:163 ] grub2, security
[ MDVSA-2015:162 ] gtk+3.0, security
[ MDVSA-2015:160 ] ipython, security
[ MDVSA-2015:159 ] jasper, security
[SECURITY] [DSA 3208-1] freexl security update, Moritz Muehlenhoff
[ MDVSA-2015:148 ] libssh2, security
[ MDVSA-2015:158 ] jython, security
[ MDVSA-2015:157 ] libarchive, security
CVE-2015-2223: Palo Alto Traps Server Stored XSS, michael . hendrickx
[ MDVSA-2015:156 ] libcap-ng, security
[ MDVSA-2015:017-1 ] libevent, security
[ MDVSA-2015:155 ] gnupg, security
[ MDVSA-2015:146 ] libvncserver, security
[ MDVSA-2015:148-1 ] libssh2, security
[ MDVSA-2015:153 ] libgd, security
[ MDVSA-2015:154 ] gnupg, security
[ MDVSA-2015:152 ] libjpeg, security
[ MDVSA-2015:147 ] libtiff, security
[ MDVSA-2015:149 ] libsndfile, security
[ MDVSA-2015:151 ] libksba, security
[ MDVSA-2015:150 ] liblzo, security
[ MDVSA-2015:145 ] libxfont, security
[ MDVSA-2015:144 ] lua, security
[ MDVSA-2015:143 ] mpfr, security
[ MDVSA-2015:142 ] nodejs, security
[ MDVSA-2015:141 ] not-yet-commons-ssl, security
[ MDVSA-2015:138 ] patch, security
[ MDVSA-2015:140 ] ntp, security
[ MDVSA-2015:139 ] openvpn, security
[ MDVSA-2015:137 ] pcre, security
[ MDVSA-2015:136 ] perl, security
[ MDVSA-2015:135 ] ppp, security
[ MDVSA-2015:134 ] pulseaudio, security
[ MDVSA-2015:133 ] python-requests, security
[ MDVSA-2015:131 ] rsync, security
[ MDVSA-2015:132 ] readline, security
[ MDVSA-2015:130 ] rsyslog, security
[ MDVSA-2015:129 ] ruby, security
[ MDVSA-2015:128 ] sendmail, security
[ MDVSA-2015:127 ] serf, security
[ MDVSA-2015:126 ] sudo, security
[ MDVSA-2015:125 ] tcpdump, security
[ MDVSA-2015:124 ] torque, security
[ MDVSA-2015:122 ] util-linux, security
[ MDVSA-2015:120 ] wpa_supplicant, security
[ MDVSA-2015:123 ] unzip, security
[ MDVSA-2015:121 ] wget, security
[ MDVSA-2015:118 ] xlockmore, security
[ MDVSA-2015:105 ] imagemagick, security
[ MDVSA-2015:119 ] x11-server, security
[ MDVSA-2015:117 ] emacs, security
[ MDVSA-2015:116 ] libtasn1, security
[ MDVSA-2015:115 ] libvirt, security
[ MDVSA-2015:114 ] cifs-utils, security
[ MDVSA-2015:112 ] python-lxml, security
[ MDVSA-2015:113 ] dovecot, security
[ MDVSA-2015:110 ] postgresql, security
[ MDVSA-2015:111 ] libxml2, security
[ MDVSA-2015:109 ] python-django, security
[ MDVSA-2015:108 ] cups, security
[ MDVSA-2015:107 ] lcms2, security
[ MDVSA-2015:106 ] apache-mod_security, security
[ MDVSA-2015:103 ] squid, security
[ MDVSA-2015:104 ] elfutils, security
[ MDVSA-2015:097 ] php-ZendFramework, security
[ MDVSA-2015:102 ] json-c, security
[ MDVSA-2015:101 ] jbigkit, security
[ MDVSA-2015:100 ] cups-filters, security
[SECURITY] [DSA 3198-2] php5 regression update, Salvatore Bonaccorso
[SECURITY] [DSA 3207-1] shibboleth-sp2 security update, Yves-Alexis Perez
[SECURITY] [DSA 3206-1] dulwich security update, Salvatore Bonaccorso
[ MDVSA-2015:098 ] curl, security
[ MDVSA-2015:096 ] stunnel, security
[ MDVSA-2015:095 ] openssh, security
[ MDVSA-2015:099 ] python-pillow, security
[ MDVSA-2015:090 ] libpng, security
[ MDVSA-2015:094 ] nginx, security
[ MDVSA-2015:093 ] apache, security
[ MDVSA-2015:092 ] net-snmp, security
[ MDVSA-2015:089 ] freetype2, security
[ MDVSA-2015:087 ] egroupware, security
[ MDVSA-2015:085 ] subversion, security
[ MDVSA-2015:088 ] udisks2, security
[ MDVSA-2015:086 ] libssh, security
[ MDVSA-2015:084 ] tomcat, security
[ MDVSA-2015:082 ] samba, security
[ MDVSA-2015:083 ] samba4, security
[ MDVSA-2015:081 ] samba, security
[ MDVSA-2015:080 ] php, security
[ MDVSA-2015:079 ] php, security
[ MDVSA-2015:078 ] mutt, security
Advisory: CVE-2014-9708: Appweb Web Server, Matthew Daley
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1, Matthew Daley
CVE-2015-2755 WordPress AB Google Map Travel CSRF / XSS, kingkaustubh
[ MDVSA-2015:077 ] python-numpy, security
[ MDVSA-2015:076 ] python3, security
[ MDVSA-2015:075 ] python, security
[ MDVSA-2015:074 ] openldap, security
[ MDVSA-2015:073 ] openldap, security
[ MDVSA-2015:072 ] gnutls, security
[ MDVSA-2015:071 ] libpng12, security
[ MDVSA-2015:070 ] libvirt, security
[ MDVSA-2015:068 ] e2fsprogs, security
[ MDVSA-2015:067 ] e2fsprogs, security
[ MDVSA-2015:066 ] cpio, security
[ MDVSA-2015:065 ] cpio, security
[ MDVSA-2015:064 ] cabextract, security
[ MDVSA-2015:063 ] openssl, security
[ MDVSA-2015:062 ] openssl, security
[SECURITY] [DSA 3205-1] batik security update, Sebastien Delafond
Manage Engine Desktop Central 9 - CVE-2015-2560 - Unauthorised administrative password reset, root
[security bulletin] HPSBMU03294 rev.1 - HP Process Automation running OpenSSL, Remote Disclosure of Information, security-alert
Insecure file upload in Berta CMS, Simon Waters
ESA-2015-049: EMC Isilon OneFS Privilege Escalation Vulnerability, Security Alert
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability, Cisco Systems Product Security Incident Response Team
WSO2 Identity Server multiple vulnerabilities, Bartlomiej Balcerek
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense, High-Tech Bridge Security Research
[SECURITY] [DSA 3197-2] openssl regression update, Salvatore Bonaccorso
[security bulletin] HPSBGN03288 rev.1 - HP Server Automation, Remote Arbitrary Code Execution, security-alert
[security bulletin] HPSBGN03282 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03285 rev.1 - HP Business Service Manager Virtual Appliance, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBMU03263 rev.1 - HP Insight Control running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03291 rev.1 - HP Operations Orchestration running Powershell Operations, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03292 rev.1 - HP Operations Orchestration Authentication Bypass, security-alert
[security bulletin] HPSBMU03262 rev.2 - HP Version Control Agent running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
[security bulletin] HPSBHF03276 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Unauthorized Access, Denial of Service (Dos), security-alert
[security bulletin] HPSBHF03275 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03301 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBHF03151 rev.1 - HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4), Chassis Management (iLO CM), Remote Denial of Service, Remote Execution of Code, Elevation of Privilege, security-alert
[security bulletin] HPSBGN03249 rev.2 - HP ArcSight Enterprise Security Manager and Logger, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBMU03220 rev.1 - HP Shunra Network Appliance / HP Shunra Wildcat Appliance, Remote Execution of Code, security-alert
[security bulletin] HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code Execution, Denial of Service, Disclosure of information, security-alert
[security bulletin] HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code, security-alert
[security bulletin] HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, Unauthorized Access, security-alert
Hacky Easter 2015, Ivan Buetler
[security bulletin] HPSBST03196 rev.1- HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Code Execution, security-alert
ESA-2015-044: EMC Documentum xMS Sensitive Information Disclosure Vulnerability, Security Alert
DokuWiki persistent Cross Site Scripting, Filippo Cavallarin
[SECURITY] [DSA 3203-1] tor security update, Sebastien Delafond
[SECURITY] [DSA 3202-1] mono security update, Sebastien Delafond
[SECURITY] [DSA 3201-1] iceweasel security update, Salvatore Bonaccorso
Stored XSS Vulnerability In Manage Engine Device Expert, kingkaustubh
CSRF to add admin user Vulnerability In Manage Engine Device Expert, kingkaustubh
Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration, kingkaustubh
Reflected XSS Vulnerability in XSS In Manage Engine Device Expert, kingkaustubh
CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin, kingkaustubh
[SECURITY] [DSA 3200-1] drupal7 security update, Moritz Muehlenhoff
Viber for Android exposes insecure Javascript interface, Securify B.V.
[SECURITY] [DSA 3199-1] xerces-c security update, Salvatore Bonaccorso
[SECURITY] [DSA 3198-1] php5 security update, Moritz Muehlenhoff
FreeBSD Security Advisory FreeBSD-SA-15:06.openssl [REVISED], FreeBSD Security Advisories
APPLE-SA-2015-03-19-1 Security Update 2015-003, Apple Product Security
Xerces-C Security Advisory [CVE-2015-0252], Cantor, Scott
cve-assign delays, Steven M. Christey
FreeBSD Security Advisory FreeBSD-SA-15:06.openssl, FreeBSD Security Advisories
Google Analytics by Yoast stored XSS, Jouko Pynnonen
Command injection vulnerability in Citrix NITRO SDK xen_hotfix page, Securify B.V.
Citrix NITRO SDK xen_hotfix page is vulnerable to Cross-Site Scripting, Securify B.V.
Citrix NetScaler VPX help pages are vulnerable to Cross-Site Scripting, Securify B.V.
Advent JMX Servlet of Citrx Command Center is accessible to unauthenticated users, Securify B.V.
[SECURITY] [DSA 3197-1] openssl security update, Moritz Muehlenhoff
EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection, Securify B.V.
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser, Securify B.V.
Command injection vulnerability in EMC Secure Remote Services Virtual Edition, Securify B.V.
Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery, Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Centralized Management Console, Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Alerting Frontend, Securify B.V.
Cross-Site Scripting vulnerability in EMC M&R (Watch4net) Web Portal Report Favorites, Securify B.V.
EMC M&R (Watch4net) data storage collector credentials are not properly protected, Securify B.V.
[SECURITY] [DSA 3196-1] file security update, Moritz Muehlenhoff
[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow, CORE Advisories Team
Cross-Site Scripting vulnerability in Websense Explorer report scheduler, Securify B.V.
Multiple Cross-Site Scripting vulnerabilities in Websense Reporting, Securify B.V.
Error messages of Websense Content Gateway are vulnerable to Cross-Site Scripting, Securify B.V.
Missing access control on Websense Explorer web folder, Securify B.V.
Cross-Site Scripting vulnerability in Websense Data Security block page, Securify B.V.
Source code disclosure of Websense Triton JSP files via double quote character, Securify B.V.
Command injection vulnerability in network diagnostics tool of Websense Appliance Manager, Securify B.V.
Websense Email Security vulnerable to persistent Cross-Site Scripting in audit log details view, Securify B.V.
Websense Data Security DLP incident Forensics Preview is vulnerable to Cross-Site Scripting, Securify B.V.
[SECURITY] [DSA 3195-1] php5 security update, Moritz Muehlenhoff
Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security, Nicholas Lemonias.
- Re: Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security, Jann Horn
APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4, Apple Product Security
[SECURITY] [DSA 3194-1] libxfont security update, Moritz Muehlenhoff
[SECURITY] [DSA 3193-1] tcpdump security update, Salvatore Bonaccorso
[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information, security-alert
[SECURITY] [DSA 3192-1] checkpw security update, Salvatore Bonaccorso
[security bulletin] HPSBST03298 rev.1 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities, security-alert
[SECURITY] [DSA 3191-1] gnutls26 security update, Salvatore Bonaccorso
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting, Stefan Kanthak
[SECURITY] [DSA 3189-1] libav security update, Moritz Muehlenhoff
[SE-2014-02] Google App Engine Java security sandbox bypasses (details), Security Explorations
[SECURITY] [DSA 3190-1] putty security update, Moritz Muehlenhoff
Defense in depth -- the Microsoft way (part 30): on exploitable Win32 functions, Stefan Kanthak
[SECURITY] [DSA 3188-1] freetype security update, Moritz Muehlenhoff
Defense in depth -- the Mozilla way: return and exit codes are dispensable, Stefan Kanthak
[SECURITY] [DSA 3187-1] icu security update, Michael Gilbert
[ MDVSA-2015:061 ] qemu, security
[ MDVSA-2015:060 ] yaml, security
[ MDVSA-2015:059 ] nss, security
Serendipity CMS - XSS Vulnerability in Version 2.0, edric
[ MDVSA-2015:058 ] kernel, security
Jolla Phone tel URI Spoofing, NSO Research
[SECURITY] [DSA 3186-1] nss security update, Salvatore Bonaccorso
Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities, Rehan Ahmed
[security bulletin] HPSBMU03267 rev.1 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03262 rev.1 - HP Version Control Agent running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
[security bulletin] HPSBMU03283 rev.1 - HP Virtual Connect Enterprise Manager SDK running OpenSSL on Windows, Remote Disclosure of Information, Denial of Service (DoS), security-alert
[security bulletin] HPSBMU03259 rev.1 - HP Version Control Repository Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
WPML WordPress plug-in SQL injection etc., Jouko Pynnonen
MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation, Advisories
- MSA-2016-01: PowerFolder Remote Code Execution Vulnerability, Advisories Advisories
[SECURITY] [DSA 3185-1] libgcrypt11 security update, Thijs Kinkhorst
[SECURITY] [DSA 3184-1] gnupg security update, Thijs Kinkhorst
[security bulletin] HPSBMU02895 SSRT101253 rev.5 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
[security bulletin] HPSBGN03249 rev.1 - HP ArcSight Enterprise Security Manager and Logger, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3183-1] movabletype-opensource security update, Salvatore Bonaccorso
SQL Injection in Huge IT Slider WordPress Plugin, High-Tech Bridge Security Research
Microsoft Office Compatibility Pack tries to execute path without quotes, j . v . vallejo
Cisco Security Advisory: Cisco Intrusion Prevention System MainApp Secure Socket Layer Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor, Cisco Systems Product Security Incident Response Team
OpenSSL v1.0.2 for Linux affected by CVE-2015-0235, Nicholas Lemonias.
ESA-2015-014: RSA® Digital Certificate Solution Multiple Vulnerabilities, Security Alert
Vulnerability in the Dropbox SDK for Android (CVE-2014-8889), Roee Hay
[SECURITY] [DSA 3182-1] libssh2 security update, Salvatore Bonaccorso
Community Gallery - Srored Corss-Site Scripting vulnerability, ITAS Team
[SECURITY] [DSA 3177-1] mod-gnutls security update, Sebastien Delafond
[SECURITY] [DSA 3181-1] xen security update, Moritz Muehlenhoff
[security bulletin] HPSBUX03281 SSRT101968 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities, Security Alert
Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Product, Cisco Systems Product Security Incident Response Team
[ MDVSA-2015:057 ] kernel, security
Reflected cross-site scripting(XSS) Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel(Build 6270), harish . ramadoss
ProjectSend r561 - SQL injection vulnerability, ITAS Team
Cisco Security Advisory: Row Hammer Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
Multiple Vulnerabilities with Kguard Digital Video Recorders, Federick Joe P Fajardo
tcpdump 4.7.2 remote crashes, Michael Richardson
APPLE-SA-2015-03-09-4 Xcode 6.2, Apple Product Security
APPLE-SA-2015-03-09-3 Security Update 2015-002, Apple Product Security
APPLE-SA-2015-03-09-2 AppleTV 7.1, Apple Product Security
APPLE-SA-2015-03-09-1 iOS 8.2, Apple Product Security
[ MDVSA-2015:056 ] rpm, security
[security bulletin] HPSBPI03107 rev.2 - Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access, security-alert
ocPortal 9.0.16 Multiply XSS Vulnerabilities, dennis . veninga
[security bulletin] HPSBGN03277 rev.1 - HP Virtualization Performance Viewer, Remote Execution of Code, Denial of Service (DoS) and Other Vulnerabilities, security-alert
MongoDB BSON Handling Remote Denial of Service Vulnerability, noreply-secresearch
[security bulletin] HPSBUX03235 SSRT101750 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
H2HC 12th Edition - Call for Papers, Rodrigo Rubira Branco (BSDaemon)
Betster (PHP Betoffice) Authentication Bypass and SQL Injection, prathan . ptr
[security bulletin] HPSBHF03279 rev.1 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code, security-alert
[slackware-security] samba (SSA:2015-064-01), Slackware Security Team
[SECURITY] [DSA 3180-1] libarchive security update, Alessandro Ghedini
Stored XSS Vulnerability in Google Analytics by Yoast Wordpress Plugin, kingkaustubh
Last Call - Workhsops of CISTI'2015: 10th Iberian Conference on Information Systems and Technologies, ML
Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability, prathan . ptr
[ MDVSA-2015:054 ] bind, security
[ MDVSA-2015:055 ] freetype2, security
WeBid 1.1.1 Unrestricted File Upload Exploit, prathan . ptr
[CVE-2015-2102] Clipbucket 2.7 RC3 0.9 - Blind SQL Injection, prathan . ptr
[SECURITY] [DSA 3179-1] icedove security update, Moritz Muehlenhoff
[security bulletin] HPSBST03265 rev.1 - HP VMA SAN Gateway running Bash Shell and OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, and Disclosure of Information, security-alert
[ MDVSA-2015:052 ] tomcat, security
[ MDVSA-2015:053 ] tomcat6, security
[ MDVSA-2015:051 ] sympa, security
[SECURITY] [DSA 3178-1] unace security update, Salvatore Bonaccorso
[ MDVSA-2015:050 ] patch, security
[security bulletin] HPSBST03274 rev.1 - HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux, Remote Cross-site Scripting (XSS), security-alert
[ MDVSA-2015:049 ] cups, security
[CVE-2015-1583] ATutor LCMS - CSRF Vulnerability in Version 2.2, edricteo
BEdita CMS - XSS & CSRF Vulnerability in Version 3.5.0, edricteo
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home, SEC Consult Vulnerability Lab
Cross-Site-Scripting (XSS) in tcllib's html::textarea, Ben Fuhrmannek
Wordpress Media Cleaner Plugin - XSS Vulnerability, iletisim
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags, Jeremy Boynes
HelpDezk 1.0.1 Multiple Vulnerabilities, dennis . veninga
[SECURITY] [DSA 3176-1] request-tracker4 security update, Salvatore Bonaccorso
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities, Vulnerability Lab
Data Source: Scopus CMS - SQL Injection Web Vulnerability, Vulnerability Lab
DSS TFTP 1.0 Server - Path Traversal Vulnerability, Vulnerability Lab
D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities, Peter Adkins
[slackware-security] mozilla-firefox (SSA:2015-056-01), Slackware Security Team
[slackware-security] mozilla-thunderbird (SSA:2015-056-02), Slackware Security Team
[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities, security-alert
[security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites, security-alert
[SECURITY] [DSA 3175-1] kfreebsd-9 security update, Moritz Muehlenhoff
[security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites, security-alert
[SECURITY] [DSA 3174-1] iceweasel security update, Moritz Muehlenhoff
[SECURITY] [DSA 3173-1] libgtk2-perl security update, Salvatore Bonaccorso
[SECURITY] [DSA 3172-1] cups security update, Sebastien Delafond
GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server, rgutierrez
EnanoCMS 1.1.8pl1 XSS Vulnerability, dennis . veninga
TangoBB 1.5.0-A3 XSS Vulnerability, dennis . veninga
[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA, Onapsis Research Labs
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA, Onapsis Research Labs
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA, Onapsis Research Labs
[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA, Onapsis Research Labs
[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench, Onapsis Research Labs
FreeBSD Security Advisory FreeBSD-SA-15:05.bind, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp, FreeBSD Security Advisories
N.E.T. E-Commerce Group Cross Site Scripting Vulnerability, iedb . team
[SECURITY] [DSA 3170-1] linux security update, Moritz Muehlenhoff
[SECURITY] [DSA 3171-1] samba security update, Salvatore Bonaccorso
[SECURITY] [DSA 3169-1] eglibc security update, Aurelien Jarno
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation, Stefan Kanthak
[SECURITY] [DSA 3168-1] ruby-redcloth security update, Sebastien Delafond
CVE-2014-8487: Kony EMM insecurity Direct Object Reference, michael . hendrickx
[SECURITY] [DSA 3167-1] sudo security update, Salvatore Bonaccorso
[SECURITY] [DSA 3166-1] e2fsprogs security update, Michael Gilbert
[SECURITY] [DSA 3165-1] xdg-utils security update, Michael Gilbert
[SECURITY] [DSA 3164-1] typo3-src security update, Moritz Muehlenhoff
Stored XSS Vulnerability in ADPlugg Wordpress Plugin, kingkaustubh
[security bulletin] HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties, security-alert
[security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS), security-alert
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\..., Stefan Kanthak
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames), Stefan Kanthak
[SECURITY] [DSA 3163-1] libreoffice security update, Alessandro Ghedini
[SECURITY] [DSA 3162-1] bind9 security update, Florian Weimer
PHP Code Execution in jui_filter_rules Parsing Library, Timo Schmid
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3, sven
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite, RedTeam Pentesting GmbH
Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities‏, Rehan Ahmed
NetGear WNDR Authentication Bypass / Information Disclosure, Peter Adkins
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability, Vulnerability Lab
CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher, kingkaustubh
[slackware-security] sudo (SSA:2015-047-03), Slackware Security Team
[slackware-security] patch (SSA:2015-047-01), Slackware Security Team
[slackware-security] seamonkey (SSA:2015-047-02), Slackware Security Team
Reflected File Download in AOL Search Website, Ricardo Iramar dos Santos
- Re: Reflected File Download in AOL Search Website, Mike Antcliffe
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher, kingkaustubh
Cosmoshop - XSS on Admin-Login Mask, innate
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5, sven
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four, Hector Marco
CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak, jullrich
UNIT4 Prosoft HRMS XSS Vulnerability, jerold
[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution, security-alert
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service, Hector Marco
[ MDVSA-2015:047 ] elfutils, security
[ MDVSA-2015:048 ] postgresql, security
[ MDVSA-2015:046 ] ntp, security
[ MDVSA-2015:045 ] e2fsprogs, security
[ MDVSA-2015:044 ] perl-Gtk2, security
[SECURITY] [DSA 3161-1] dbus security update, Salvatore Bonaccorso
Open-Xchange Security Advisory 2015-02-12, Martin Heiland
Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii), Jonathan Brossard
- Re: Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii), Jonathan Brossard
Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability, sn
[SECURITY] [DSA 3160-1] xorg-server security update, Moritz Muehlenhoff
Elasticsearch vulnerability CVE-2015-1427, Kevin Kluge
Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability, Cisco Systems Product Security Incident Response Team
- <Possible follow-ups>
- Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability, Cisco Systems Product Security Incident Response Team
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft), Stefan Kanthak
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll), Vulnerability Lab
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability, Vulnerability Lab
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability, Vulnerability Lab
Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability, Vulnerability Lab
Multiple Vulnerabilities in my little forum, High-Tech Bridge Security Research
Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin, High-Tech Bridge Security Research
[SECURITY] [DSA 3159-1] ruby1.8 security update, Alessandro Ghedini
[ MDVSA-2015:043 ] otrs, security
[ MDVSA-2015:042 ] clamav, security
[ MDVSA-2015:041 ] cabextract, security
[ MDVSA-2015:040 ] zarafa, security
[security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities, security-alert
[security bulletin] HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information, security-alert
[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page, RedTeam Pentesting GmbH
[ MDVSA-2015:039 ] glibc, security
Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC, saman . j . l33t
[SECURITY] [DSA 3158-1] unrtf security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03251 rev.1 - HP Storage Essentials running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3157-1] ruby1.9.1 security update, Alessandro Ghedini
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling, Mark Thomas
Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072), bhdresh
Radexscript CMS 2.2.0 - SQL Injection vulnerability, ITAS Team
[SECURITY] [DSA 3156-1] liblivemedia security update, Alessandro Ghedini
[SECURITY] [DSA 3154-2] ntp security update, Salvatore Bonaccorso
[security bulletin] HPSBMU03216 rev.2 - HP Service Manager running SSLv3, Multiple Remote Vulnerabilities, security-alert
[security bulletin] HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBMU03224 rev.1 - HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows, Remote Elevation of Privilege, security-alert
[security bulletin] HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information, security-alert
[security bulletin] HPSBUX03235 SSRT101750 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
[security bulletin] HPSBUX03166 SSRT101489 rev.2 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass, security-alert
[SECURITY] [DSA 2978-2] libxml2 security update, Alessandro Ghedini
[SECURITY] [DSA 3155-1] postgresql-9.1 security update, Luciano Bello
[ MDVSA-2015:037 ] vorbis-tools, security
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS), ayman . abdelaziz
[ MDVSA-2015:035 ] libvirt, security
[ MDVSA-2015:036 ] python-django, security
[ MDVSA-2015:034 ] jasper, security
[ MDVSA-2015:033 ] java-1.7.0-openjdk, security
LG On Screen Phone authentication bypass (CVE-2014-8757), Imre Rad
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, David Leo
[SECURITY] [DSA 3154-1] ntp security update, Salvatore Bonaccorso
[ MDVSA-2015:031 ] busybox, security
[ MDVSA-2015:032 ] php, security
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability, Security Alert
[oCERT-2015-002] e2fsprogs input sanitization errors, Andrea Barisani
[ MDVSA-2015:029 ] binutils, security
[ MDVSA-2015:030 ] bugzilla, security
CVE-2015-1172 Wordpress-theme remote arbitrary code, borg
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched", David Leo
Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability, Security Alert
Bitdefender Internet Security -, jerold
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities, Security Alert
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5, sven
[SECURITY] [DSA 3153-1] krb5 security update, Moritz Muehlenhoff
MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token, Greg Hudson
CVE-2015-1437 XSS In ASUS Router., kingkaustubh
- Re: CVE-2015-1437 XSS In ASUS Router., Henri Salo
- Re: CVE-2015-1437 XSS In ASUS Router., Michael Meyer
  - Re: CVE-2015-1437 XSS In ASUS Router., Darko Vršič
- <Possible follow-ups>
- Re: Re: CVE-2015-1437 XSS In ASUS Router., kingkaustubh
[SECURITY] [DSA 3152-1] unzip security update, Salvatore Bonaccorso
[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code, security-alert
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability, alex_haynes
[SECURITY] [DSA 3151-1] python-django security update, Salvatore Bonaccorso
articleFR CMS 3.0.5 - Arbitrary File Upload, Tien Tran Dinh
articleFR CMS 3.0.5 - SQL injection vulnerability, Tien Tran Dinh
articleFR CMS 3.0.5 - XSS vulnerability, Tien Tran Dinh
[CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory, mohamed . idris
[security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege, security-alert
[security bulletin] HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3149-1] condor security update, Sebastien Delafond
- <Possible follow-ups>
- Re: [SECURITY] [DSA 3149-1] condor security update, xfrendnugroho
[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information, security-alert
[SECURITY] [DSA 3150-1] vlc security update, Alessandro Ghedini
[security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution, security-alert
Fork CMS 3.8.3 - XSS Vulnerability, ITAS Team
Microweber 0.95 - SQL Injection Vulnerability, ITAS Team
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities, ITAS Team
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384, Onur Yilmaz
[SECURITY] [DSA 3148-1] chromium-browser end of life, Michael Gilbert
Major Internet Explorer Vulnerability - NOT Patched, David Leo
- Message not available
  - Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, David Leo
- Message not available
  - Message not available
    - Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, David Leo
      - Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, Shawn Hsiao
        
        Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, Christoph Gruber
        
        Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched, Joshua Rogers
- Message not available
  - Message not available
    - RE: [FD] Major Internet Explorer Vulnerability - NOT Patched, Dimitris Strevinas
Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you, Stefan Kanthak
[security bulletin] HPSBOV03226 rev.2 - HP TCP/IP Services for OpenVMS, BIND 9 Server Resolver, Multiple Remote Vulnerabilities, security-alert
[SECURITY] [DSA 3147-1] openjdk-6 security update, Moritz Muehlenhoff
[SECURITY] [DSA 3146-1] requests security update, Sebastien Delafond
ESA-2015-006: EMC Avamar Missing Certificate Validation Vulnerability, Security Alert
[SECURITY] [DSA 3145-1] privoxy security update, Salvatore Bonaccorso
[SECURITY] [DSA 3144-1] openjdk-7 security update, Moritz Muehlenhoff

[Index of Archives] [Netfilter] [Security] [PHP] [Linux Kernel]