Mail Index
- [SECURITY] [DSA 3209-1] openldap security update
- [security bulletin] HPSBHF03271 rev.1 - HP PCs and Workstations Running Windows 7 with NVidia Graphics Driver, Elevation of Privileges
- [ MDVSA-2015:185 ] dokuwiki
- [ MDVSA-2015:186 ] phpmyadmin
- [SECURITY] [DSA 3210-1] wireshark security update
- [SECURITY ANNOUNCEMENT] CVE-2015-0225
- ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3211-1] iceweasel security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information
- [security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information
- [security bulletin] HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities
- SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User
- From: ~~~ Elliptic TAO Team ~~~
- [ MDVSA-2015:187 ] graphviz
- Wordpress plugin Simple Ads Manager - SQL Injection
- [ MDVSA-2015:188 ] flac
- Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation
- Wordpress plugin Simple Ads Manager - Multiple SQL Injection
- Wordpress plugin Simple Ads Manager - Arbitrary File Upload
- Wordpress plugin Simple Ads Manager - Information Disclosure
- [ MDVSA-2015:189 ] tor
- [ MDVSA-2015:190 ] owncloud
- [ MDVSA-2015:191 ] owncloud
- [ MDVSA-2015:161-1 ] icu
- Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp
- [security bulletin] HPSBGN03302 rev.1 - HP IceWall Federation Agent, Remote Denial of Service (DoS)
- [security bulletin] HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information
- [SECURITY] [DSA 3212-1] icedove security update
- [security bulletin] HPSBST03195 rev.1 - HP 3PAR Service Processor (SP) running OpenSSL and Bash, Remote Code Execution, Unauthorized Access, Disclosure of Information
- NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
- From: VMware Security Response Center
- Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8
- From: Larry W. Cashdollar
- Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17
- From: Larry W. Cashdollar
- [ MDVSA-2015:192 ] subversion
- HotExBilling Manager Cross-site scripting (XSS) vulnerability
- Security Audit Notes - Kerberos Security Issues (krb5-1.13 stable) - Advanced Information Security Corp.
- Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp
- [SECURITY] [DSA 3213-1] arj security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3214-1] mailman security update
- [SECURITY] [DSA 3215-1] libgd2 security update
- [security bulletin] HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3216-1] tor security update
- [security bulletin] HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS)
- [ MDVSA-2015:193 ] libtasn1
- [ MDVSA-2015:195 ] python-django
- [ MDVSA-2015:196 ] cups-filters
- [CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution
- CVE-2015-1773 Apache Flex reflected XSS vulnerability
- [SECURITY] [DSA 3057-2] libxml2 regression update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:198 ] java-1.8.0-openjdk
- SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows
- From: SEC Consult Vulnerability Lab
- [SECURITY] [DSA 3217-1] dpkg security update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:199 ] less
- [ MDVSA-2015:200 ] mediawiki
- [ MDVSA-2015:202 ] ntp
- [ MDVSA-2015:201 ] arj
- SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035)
- From: SEC Consult Vulnerability Lab
- Hidden backdoor API to root privileges in Apple OS X
- [SECURITY] [DSA 3218-1] wesnoth-1.10 security update
- [security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information
- [ MDVSA-2015:203 ] batik
- OrangeHRM Blind SQL Injection & XSS Vulnerabilities
- [SECURITY] [DSA 3219-1] libdbd-firebird-perl security update
- Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability]
- [SECURITY] [DSA 3220-1] libtasn1-3 security update
- From: Salvatore Bonaccorso
- Safari iOS/OS X/Windows cookie access vulnerability
- [SECURITY] [DSA 3221-1] das-watchdog security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3222-1] chrony security update
- [SECURITY] [DSA 3223-1] ntp security update
- [SECURITY] [DSA 3224-1] libx11 security update
- Ruxcon 2015 Call For Presentations
- Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp
- Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp
- [security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code
- [security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities
- [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document
- Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c
- Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c
- [SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass
- [SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass
- [SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass
- [SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass
- whitepaper: Identifier based XSSI attacks
- several issues in SQLite (+ catching up on several other bugs)
- Wordpress WP Statistics persistent cross site scripting
- Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability
- Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c
- [IMF2015] Call for Participation
- [SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update
- ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability
- [SECURITY] [DSA 3226-1] inspircd security update
- Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3227-1] movabletype-opensource security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities
- Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability
- [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities
- [SECURITY] [DSA 3228-1] ppp security update
- Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability
- Lychee 2.7.1 remote code execution
- 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges
- CVE-2014-7954 MTP path traversal vulnerability in Android
- CVE-2014-7951 adb backup archive path traversal file overwrite
- CVE-2014-7953 Android backup agent code execution
- Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation
- [SECURITY] [DSA 3229-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3230-1] django-markupfield security update
- [security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
- Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability
- Mobile Drive HD v1.8 - File Include Web Vulnerability
- Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability
- Photo Manager Pro v4.4.0 iOS - File Include Vulnerability
- Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability
- Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability
- Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability
- PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability
- SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
- Google Analytics by Yoast stored XSS #2
- GoAutoDial 3.3 multiple vulnerabilities
- [security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information
- Linux ASLR mmap weakness: Reducing entropy by half
- From: Hector Marco-Gisbert
- AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%
- From: Hector Marco-Gisbert
- [SECURITY] [DSA 3231-1] subversion security update
- From: Salvatore Bonaccorso
- Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin
- Reflected XSS Vulnerability In Manage Engine Firewall Analyzer
- Reflected XSS Vulnerability In Manage Engine Event Log Analyzer
- Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability
- iPassword Manager v2.6 iOS - Persistent Vulnerabilities
- [SECURITY] [DSA 3232-1] curl security update
- Netgear WNR2000v4 Multiple Vulnerabilities
- Multiple Cross-Site Scripting (XSS) in FreePBX
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution
- [slackware-security] mozilla-firefox (SSA:2015-111-05)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2015-111-06)
- From: Slackware Security Team
- [slackware-security] qt (SSA:2015-111-13)
- From: Slackware Security Team
- [slackware-security] libssh (SSA:2015-111-04)
- From: Slackware Security Team
- [slackware-security] mutt (SSA:2015-111-07)
- From: Slackware Security Team
- [slackware-security] php (SSA:2015-111-10)
- From: Slackware Security Team
- [slackware-security] ppp (SSA:2015-111-11)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2015-111-14)
- From: Slackware Security Team
- [slackware-security] proftpd (SSA:2015-111-12)
- From: Slackware Security Team
- [slackware-security] gnupg (SSA:2015-111-02)
- From: Slackware Security Team
- [slackware-security] ntp (SSA:2015-111-08)
- From: Slackware Security Team
- [slackware-security] httpd (SSA:2015-111-03)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2015-111-01)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2015-111-09)
- From: Slackware Security Team
- [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow
- Dnsmasq 2.72 Unchecked returned value
- Socrata Bug Bounty #1 - Persistent Encoding Vulnerability
- [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow
- Pligg CMS 2.0.2 - Stored XSS
- Avsarsoft Matbaa Script - Multiple Vulnerabilities
- 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes
- Zeppelin - SSH script - Advanced Information Security Corporation
- SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=-
- Incorrect handling of self signed certificates in OpenFire XMPP Server
- Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit
- 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes - Advanced Information Security Corporation
- [SECURITY] [DSA 3233-1] wpa security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure
- [security bulletin] HPSBHF03272 rev.1 - HP Servers with NVidia GPU Computing Driver running Windows Server 2008, Elevation of Privilege
- [SECURITY] [DSA 3234-1] openjdk-6 security update
- [SECURITY] [DSA 3235-1] openjdk-7 security update
- [SECURITY] [DSA 3236-1] libreoffice security update
- [SECURITY] [DSA 3237-1] linux security update
- WordPress 4.2 stored XSS
- [SECURITY] [DSA 3238-1] chromium-browser security update
- [ MDVSA-2015:204 ] librsync
- [ MDVSA-2015:205 ] tor
- [ MDVSA-2015:206 ] asterisk
- [ MDVSA-2015:207 ] perl-Module-Signature
- [ MDVSA-2015:208 ] setup
- [ MDVSA-2015:209 ] php
- [ MDVSA-2015:210 ] qemu
- Elasticsearch vulnerability CVE-2015-3337
- [ MDVSA-2015:211 ] glusterfs
- Open-Xchange Security Advisory 2015-04-27
- [ MDVSA-2015:212 ] java-1.7.0-openjdk
- [CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities
- From: CORE Advisories Team
- SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability
- PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability
- CSRF & XSS Wing FTP Server Admin <= v4.4.5
- Multiple Vulnerabilities in TheCartPress WordPress plugin
- From: High-Tech Bridge Security Research
- [oCERT-2015-003] MySQL SSL/TLS downgrade
- [ MDVSA-2015:213 ] lftp
- [ MDVSA-2015:215 ] t1utils
- [ MDVSA-2015:214 ] libksba
- [ MDVSA-2015:216 ] ntop
- [security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
- [security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information
- ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability
- [SECURITY] [DSA 3240-1] curl security update
- [SECURITY] [DSA 3239-1] icecast2 security update
- [security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information
- [security bulletin] HPSBGN03324 rev.1 - HP Business Service Automation Essentials Core, Remote Disclosure of Information
- [SECURITY] [DSA 3241-1] elasticsearch security update
- [ MDVSA-2015:217 ] sqlite3
- [ MDVSA-2015:218 ] glibc
- [SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities
- SevDesk v1.1 iOS - Persistent Dashboard Vulnerability
Mail converted by MHonArc