Mail Index
- Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you
- Major Internet Explorer Vulnerability - NOT Patched
- [SECURITY] [DSA 3148-1] chromium-browser end of life
- Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384
- Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities
- Microweber 0.95 - SQL Injection Vulnerability
- Fork CMS 3.8.3 - XSS Vulnerability
- [security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution
- [SECURITY] [DSA 3150-1] vlc security update
- [security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information
- [SECURITY] [DSA 3149-1] condor security update
- [security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code
- [security bulletin] HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege
- [CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory
- Re: [SECURITY] [DSA 3149-1] condor security update
- articleFR CMS 3.0.5 - XSS vulnerability
- articleFR CMS 3.0.5 - SQL injection vulnerability
- articleFR CMS 3.0.5 - Arbitrary File Upload
- [SECURITY] [DSA 3151-1] python-django security update
- From: Salvatore Bonaccorso
- CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability
- [SECURITY] [DSA 3152-1] unzip security update
- From: Salvatore Bonaccorso
- CVE-2015-1437 XSS In ASUS Router.
- MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
- [SECURITY] [DSA 3153-1] krb5 security update
- [CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5
- Re: CVE-2015-1437 XSS In ASUS Router.
- Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- Re: CVE-2015-1437 XSS In ASUS Router.
- ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability
- ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities
- Bitdefender Internet Security -
- Re: CVE-2015-1437 XSS In ASUS Router.
- Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Re: Re: CVE-2015-1437 XSS In ASUS Router.
- Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched"
- RE: [FD] Major Internet Explorer Vulnerability - NOT Patched
- CVE-2015-1172 Wordpress-theme remote arbitrary code
- [ MDVSA-2015:030 ] bugzilla
- [ MDVSA-2015:029 ] binutils
- [oCERT-2015-002] e2fsprogs input sanitization errors
- ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability
- [ MDVSA-2015:032 ] php
- [ MDVSA-2015:031 ] busybox
- [SECURITY] [DSA 3154-1] ntp security update
- From: Salvatore Bonaccorso
- Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- LG On Screen Phone authentication bypass (CVE-2014-8757)
- [ MDVSA-2015:033 ] java-1.7.0-openjdk
- [ MDVSA-2015:034 ] jasper
- [ MDVSA-2015:036 ] python-django
- [ MDVSA-2015:035 ] libvirt
- BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS)
- [ MDVSA-2015:037 ] vorbis-tools
- [SECURITY] [DSA 3155-1] postgresql-9.1 security update
- [SECURITY] [DSA 2978-2] libxml2 security update
- [security bulletin] HPSBUX03166 SSRT101489 rev.2 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
- [security bulletin] HPSBUX03235 SSRT101750 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [security bulletin] HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBMU03224 rev.1 - HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows, Remote Elevation of Privilege
- [security bulletin] HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information
- [security bulletin] HPSBMU03216 rev.2 - HP Service Manager running SSLv3, Multiple Remote Vulnerabilities
- [SECURITY] [DSA 3154-2] ntp security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3156-1] liblivemedia security update
- Radexscript CMS 2.2.0 - SQL Injection vulnerability
- Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)
- [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling
- Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- [SECURITY] [DSA 3157-1] ruby1.9.1 security update
- [security bulletin] HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information
- [SECURITY] [DSA 3158-1] unrtf security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03251 rev.1 - HP Storage Essentials running SSLv3, Remote Disclosure of Information
- Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC
- Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- [ MDVSA-2015:039 ] glibc
- [RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page
- From: RedTeam Pentesting GmbH
- [security bulletin] HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
- [security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
- [security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
- Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched
- [ MDVSA-2015:040 ] zarafa
- [ MDVSA-2015:041 ] cabextract
- [ MDVSA-2015:042 ] clamav
- [ MDVSA-2015:043 ] otrs
- [SECURITY] [DSA 3159-1] ruby1.8 security update
- Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin
- From: High-Tech Bridge Security Research
- Multiple Vulnerabilities in my little forum
- From: High-Tech Bridge Security Research
- Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability
- BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability
- Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability
- T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll)
- [ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft)
- Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Elasticsearch vulnerability CVE-2015-1427
- [SECURITY] [DSA 3160-1] xorg-server security update
- Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability
- [SECURITY] [DSA 3161-1] dbus security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
- From: Cisco Systems Product Security Incident Response Team
- Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii)
- Open-Xchange Security Advisory 2015-02-12
- [ MDVSA-2015:044 ] perl-Gtk2
- [ MDVSA-2015:045 ] e2fsprogs
- [ MDVSA-2015:046 ] ntp
- [ MDVSA-2015:048 ] postgresql
- [ MDVSA-2015:047 ] elfutils
- Re: Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii)
- CVE-2015-1574 - Google Email App 4.2.2 remote denial of service
- [security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution
- UNIT4 Prosoft HRMS XSS Vulnerability
- CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak
- CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
- [CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5
- Cosmoshop - XSS on Admin-Login Mask
- Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher
- Reflected File Download in AOL Search Website
- From: Ricardo Iramar dos Santos
- Re: Reflected File Download in AOL Search Website
- [slackware-security] seamonkey (SSA:2015-047-02)
- From: Slackware Security Team
- [slackware-security] patch (SSA:2015-047-01)
- From: Slackware Security Team
- [slackware-security] sudo (SSA:2015-047-03)
- From: Slackware Security Team
- CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher
- Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability
- NetGear WNDR Authentication Bypass / Information Disclosure
- Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities
- [RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite
- From: RedTeam Pentesting GmbH
- [CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3
- PHP Code Execution in jui_filter_rules Parsing Library
- [SECURITY] [DSA 3162-1] bind9 security update
- [SECURITY] [DSA 3163-1] libreoffice security update
- Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames)
- iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
- [security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS)
- Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties
- Stored XSS Vulnerability in ADPlugg Wordpress Plugin
- Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation
- [SECURITY] [DSA 3164-1] typo3-src security update
- [SECURITY] [DSA 3165-1] xdg-utils security update
- [SECURITY] [DSA 3166-1] e2fsprogs security update
- [SECURITY] [DSA 3167-1] sudo security update
- From: Salvatore Bonaccorso
- CVE-2014-8487: Kony EMM insecurity Direct Object Reference
- From: michael . hendrickx
- [SECURITY] [DSA 3168-1] ruby-redcloth security update
- [SECURITY] [DSA 3169-1] eglibc security update
- [SECURITY] [DSA 3171-1] samba security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3170-1] linux security update
- N.E.T. E-Commerce Group Cross Site Scripting Vulnerability
- FreeBSD Security Advisory FreeBSD-SA-15:04.igmp
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:05.bind
- From: FreeBSD Security Advisories
- [Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA
- From: Onapsis Research Labs
- [security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information
- TangoBB 1.5.0-A3 XSS Vulnerability
- EnanoCMS 1.1.8pl1 XSS Vulnerability
- GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server
- [SECURITY] [DSA 3172-1] cups security update
- [SECURITY] [DSA 3173-1] libgtk2-perl security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3174-1] iceweasel security update
- [security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
- [SECURITY] [DSA 3175-1] kfreebsd-9 security update
- [security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
- [security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
- [slackware-security] mozilla-thunderbird (SSA:2015-056-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-056-01)
- From: Slackware Security Team
- D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities
- DSS TFTP 1.0 Server - Path Traversal Vulnerability
- Data Source: Scopus CMS - SQL Injection Web Vulnerability
- Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities
- [SECURITY] [DSA 3176-1] request-tracker4 security update
- From: Salvatore Bonaccorso
- Cross-Site-Scripting (XSS) in tcllib's html::textarea
- HelpDezk 1.0.1 Multiple Vulnerabilities
- [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
- Wordpress Media Cleaner Plugin - XSS Vulnerability
- SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home
- From: SEC Consult Vulnerability Lab
Mail converted by MHonArc