Mail Thread Index

• Date Index

• [SECURITY] [DSA 3209-1] openldap security update, Yves-Alexis Perez
• [security bulletin] HPSBHF03271 rev.1 - HP PCs and Workstations Running Windows 7 with NVidia Graphics Driver, Elevation of Privileges, security-alert
• [ MDVSA-2015:185 ] dokuwiki, security
• [ MDVSA-2015:186 ] phpmyadmin, security
• [SECURITY] [DSA 3210-1] wireshark security update, Moritz Muehlenhoff
• [SECURITY ANNOUNCEMENT] CVE-2015-0225, Jake Luciani
• ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability, Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unity Connection, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Data Center Network Manager File Information Disclosure Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3211-1] iceweasel security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03304 rev.1 - HP Insight Control server deployment on Linux and Windows, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03307 rev.1 - HP Intelligent Provisioning, Disclosure of Information, security-alert
• [security bulletin] HPSBST03298 rev.2 - HP XP Service Processor Software for Windows, Multiple Vulnerabilities, security-alert
• SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User, ~~~ Elliptic TAO Team ~~~
• [ MDVSA-2015:187 ] graphviz, security
• Wordpress plugin Simple Ads Manager - SQL Injection, ITAS Team
• [ MDVSA-2015:188 ] flac, security
• Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation, Nicholas Lemonias.
  • <Possible follow-ups>
  • Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information Security Corporation, lem . nikolas
• Wordpress plugin Simple Ads Manager - Multiple SQL Injection, ITAS Team
• Wordpress plugin Simple Ads Manager - Arbitrary File Upload, ITAS Team
• Wordpress plugin Simple Ads Manager - Information Disclosure, ITAS Team
• [ MDVSA-2015:189 ] tor, security
• [ MDVSA-2015:190 ] owncloud, security
• [ MDVSA-2015:191 ] owncloud, security
• [ MDVSA-2015:161-1 ] icu, security
• Security Audit Notes - OpenSSH 6.8 - Advanced Information Security Corp, Nicholas Lemonias.
• [security bulletin] HPSBGN03302 rev.1 - HP IceWall Federation Agent, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBHF03300 rev.1 - HP Network Products running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information, security-alert
• [SECURITY] [DSA 3212-1] icedove security update, Yves-Alexis Perez
• [security bulletin] HPSBST03195 rev.1 - HP 3PAR Service Processor (SP) running OpenSSL and Bash, Remote Code Execution, Unauthorized Access, Disclosure of Information, security-alert
• NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE, VMware Security Response Center
• Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8, Larry W. Cashdollar
• Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17, Larry W. Cashdollar
• [ MDVSA-2015:192 ] subversion, security
• HotExBilling Manager Cross-site scripting (XSS) vulnerability, bhadresh . patel
• Security Audit Notes - Kerberos Security Issues (krb5-1.13 stable) - Advanced Information Security Corp., lem . nikolas
• Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp, Nicholas Lemonias.
• [SECURITY] [DSA 3213-1] arj security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3214-1] mailman security update, Thijs Kinkhorst
• [SECURITY] [DSA 3215-1] libgd2 security update, Alessandro Ghedini
• [security bulletin] HPSBMU03296 rev.1 - HP BladeSystem c-Class Onboard Administrator running OpenSSL, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 3216-1] tor security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03306 rev.1 - HP IceWall SSO MCRP, SSO Dfw, and SSO Agent running OpenSSL, Remote Denial of Service (DoS), security-alert
• [ MDVSA-2015:193 ] libtasn1, security
• [ MDVSA-2015:195 ] python-django, security
• [ MDVSA-2015:196 ] cups-filters, security
• [CVE-2015-0779]: Novell ZenWorks Configuration Management remote code execution, Pedro Ribeiro
• CVE-2015-1773 Apache Flex reflected XSS vulnerability, Tom Chiverton
• [SECURITY] [DSA 3057-2] libxml2 regression update, Salvatore Bonaccorso
• [ MDVSA-2015:198 ] java-1.8.0-openjdk, security
• SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 3217-1] dpkg security update, Salvatore Bonaccorso
• [ MDVSA-2015:199 ] less, security
• [ MDVSA-2015:200 ] mediawiki, security
• [ MDVSA-2015:202 ] ntp, security
• [ MDVSA-2015:201 ] arj, security
• SEC Consult SA-20150410-0 :: Unauthenticated Local File Disclosure in multiple TP-LINK products (CVE-2015-3035), SEC Consult Vulnerability Lab
• Hidden backdoor API to root privileges in Apple OS X, Jeffrey Walton
• [SECURITY] [DSA 3218-1] wesnoth-1.10 security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information, security-alert
• [ MDVSA-2015:203 ] batik, security
• OrangeHRM Blind SQL Injection & XSS Vulnerabilities, Rehan Ahmed
• [SECURITY] [DSA 3219-1] libdbd-firebird-perl security update, Alessandro Ghedini
• Hijacking any Weebly Website [Insecure Direct Object Reference Vulnerability], huehuehuehue10
• [SECURITY] [DSA 3220-1] libtasn1-3 security update, Salvatore Bonaccorso
• Safari iOS/OS X/Windows cookie access vulnerability, Jouko Pynnonen
• [SECURITY] [DSA 3221-1] das-watchdog security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3222-1] chrony security update, Alessandro Ghedini
• [SECURITY] [DSA 3223-1] ntp security update, Alessandro Ghedini
• [SECURITY] [DSA 3224-1] libx11 security update, Moritz Muehlenhoff
• Ruxcon 2015 Call For Presentations, cfp
• Apache HTTPD 2.4.12/ 2.2.29 Security Audit Notes - Advanced Information Security Corp, Nicholas Lemonias.
• Apache HTTPD 2.4.12, 2.2.29 Security Audit - Advanced Information Security Corp, lem . nikolas
• [security bulletin] HPSBHF03310 rev.2 - HP Thin Clients running Windows Embedded Standard 7 (WES7) or Windows Embedded Standard 2009 (WES09) with HP Easy Deploy, Remote Elevation of Privilege, Execution of Code, security-alert
• [security bulletin] HPSBOV03318 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS) and other Vulnerabilities, security-alert
• [CVE-2015-2810] Integer Overflow leading to heap corruption when assigning a long paragraph size value to a HanWord document, Daniel Regalado
• Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, Nicholas Lemonias.
  • <Possible follow-ups>
  • Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, lem . nikolas
  • Security Advisory - Apache HTTP Server 2.2.29 / 2.4.12 NULL Pointer dereference in protocol.c, Nicholas Lemonias.
• [SYSS-2015-012] Panda Internet Security 2015 - Authentication Bypass, matthias . deeg
• [SYSS-2015-013] Panda Antivirus Pro 2015 - Authentication Bypass, matthias . deeg
• [SYSS-2015-014] Panda Global Protection 2015 - Authentication Bypass, matthias . deeg
• [SYSS-2015-015] Panda Gold Protection 2015 - Authentication Bypass, matthias . deeg
• whitepaper: Identifier based XSSI attacks, Takeshi Terada
• several issues in SQLite (+ catching up on several other bugs), Michal Zalewski
• Wordpress WP Statistics persistent cross site scripting, kingkaustubh
• Secunia Research: Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption Vulnerability, Secunia Research
• [IMF2015] Call for Participation, Oliver Goebel
• [SECURITY] [DSA 3225-1] gst-plugins-bad0.10 security update, Moritz Muehlenhoff
• ESA-2015-069: EMC NetWorker Buffer Overflow Vulnerability, Security Alert
• [SECURITY] [DSA 3226-1] inspircd security update, Sebastien Delafond
• Cisco Security Advisory: Cisco IOS XR Software BVI Routed Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3227-1] movabletype-opensource security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03264 rev.1 - HP Network Automation, Multiple Remote Vulnerabilities, security-alert
• Secunia Research: Oracle Outside In ibpsd2.dll PSD File Processing Buffer Overflow Vulnerability, Secunia Research
• [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities, alex_haynes
• [SECURITY] [DSA 3228-1] ppp security update, Sebastien Delafond
• Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability, prathan . ptr
• Lychee 2.7.1 remote code execution, Filippo Cavallarin
• 112 ipTIME Routers/WiFi APs/Modems/Firewalls models vulnerable with RCE with root privileges, Pierre Kim
• CVE-2014-7954 MTP path traversal vulnerability in Android, Imre RAD
• CVE-2014-7951 adb backup archive path traversal file overwrite, Imre RAD
• CVE-2014-7953 Android backup agent code execution, Imre RAD
• [SECURITY] [DSA 3229-1] mysql-5.5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3230-1] django-markupfield security update, Alessandro Ghedini
• [security bulletin] HPSBMU03321 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability, Vulnerability Lab
• Mobile Drive HD v1.8 - File Include Web Vulnerability, Vulnerability Lab
• Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability, Vulnerability Lab
• Photo Manager Pro v4.4.0 iOS - File Include Vulnerability, Vulnerability Lab
• Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability, Vulnerability Lab
• Ebay Inc Xcom #6 - Persistent POST Inject Vulnerability, Vulnerability Lab
• Ebay Inc Xcom #7 - (Policy) Persistent Vulnerability, Vulnerability Lab
• PayPal Inc Bug Bounty #113 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities, Vulnerability Lab
• Google Analytics by Yoast stored XSS #2, Jouko Pynnonen
• GoAutoDial 3.3 multiple vulnerabilities, root
• [security bulletin] HPSBGN03305 rev.1 - HP Business Service Management (BSM) products running SSLv3, Remote Disclosure of Information, security-alert
• Linux ASLR mmap weakness: Reducing entropy by half, Hector Marco-Gisbert
• AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%, Hector Marco-Gisbert
• [SECURITY] [DSA 3231-1] subversion security update, Salvatore Bonaccorso
• Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin, kumarrohit2255
• Reflected XSS Vulnerability In Manage Engine Firewall Analyzer, kkulkarni
• Reflected XSS Vulnerability In Manage Engine Event Log Analyzer, kkulkarni
• Apple iOS 8.0 - 8.0.2 - Controls Re Auth Bypass Vulnerability, Vulnerability Lab
• iPassword Manager v2.6 iOS - Persistent Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 3232-1] curl security update, Alessandro Ghedini
• Netgear WNR2000v4 Multiple Vulnerabilities, endeavor
• Multiple Cross-Site Scripting (XSS) in FreePBX, High-Tech Bridge Security Research
• [security bulletin] HPSBGN03308 rev.1 - HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS), Remote Code Execution, security-alert
• [slackware-security] mozilla-firefox (SSA:2015-111-05), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2015-111-06), Slackware Security Team
• [slackware-security] qt (SSA:2015-111-13), Slackware Security Team
• [slackware-security] libssh (SSA:2015-111-04), Slackware Security Team
• [slackware-security] mutt (SSA:2015-111-07), Slackware Security Team
• [slackware-security] php (SSA:2015-111-10), Slackware Security Team
• [slackware-security] ppp (SSA:2015-111-11), Slackware Security Team
• [slackware-security] seamonkey (SSA:2015-111-14), Slackware Security Team
• [slackware-security] proftpd (SSA:2015-111-12), Slackware Security Team
• [slackware-security] gnupg (SSA:2015-111-02), Slackware Security Team
• [slackware-security] ntp (SSA:2015-111-08), Slackware Security Team
• [slackware-security] httpd (SSA:2015-111-03), Slackware Security Team
• [slackware-security] bind (SSA:2015-111-01), Slackware Security Team
• [slackware-security] openssl (SSA:2015-111-09), Slackware Security Team
• [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow, 朱东海
  • <Possible follow-ups>
  • [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow, xing_fang
• Dnsmasq 2.72 Unchecked returned value, Nick Sampanis
• Socrata Bug Bounty #1 - Persistent Encoding Vulnerability, Vulnerability Lab
• Pligg CMS 2.0.2 - Stored XSS, joelvarghese7
• Avsarsoft Matbaa Script - Multiple Vulnerabilities, ZoRLu Bugrahan
• 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes, Nicholas Lemonias.
• Zeppelin - SSH script - Advanced Information Security Corporation, lem . nikolas
• SSH Network Security Assessment utility - Zeppelin - -=[Advanced Information Security Corp]=-, lem . nikolas
• Incorrect handling of self signed certificates in OpenFire XMPP Server, Simon Waters
• Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit, ZoRLu Bugrahan
• 4k ULTRA HIGH DEFINITION Satellite Security Research - DVB-S2X Security Evaluation Draft Notes - Advanced Information Security Corporation, Nicholas Lemonias.
• [SECURITY] [DSA 3233-1] wpa security update, Salvatore Bonaccorso
• [security bulletin] HPSBPI03315 rev.1 - HP Capture and Route Software, Remote Information Disclosure, security-alert
• [security bulletin] HPSBHF03272 rev.1 - HP Servers with NVidia GPU Computing Driver running Windows Server 2008, Elevation of Privilege, security-alert
• [SECURITY] [DSA 3234-1] openjdk-6 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3235-1] openjdk-7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3236-1] libreoffice security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3237-1] linux security update, Ben Hutchings
• WordPress 4.2 stored XSS, Jouko Pynnonen
• [SECURITY] [DSA 3238-1] chromium-browser security update, Michael Gilbert
• [ MDVSA-2015:204 ] librsync, security
• [ MDVSA-2015:205 ] tor, security
• [ MDVSA-2015:206 ] asterisk, security
• [ MDVSA-2015:207 ] perl-Module-Signature, security
• [ MDVSA-2015:208 ] setup, security
• [ MDVSA-2015:209 ] php, security
• [ MDVSA-2015:210 ] qemu, security
• Elasticsearch vulnerability CVE-2015-3337, Kevin Kluge
• [ MDVSA-2015:211 ] glusterfs, security
• Open-Xchange Security Advisory 2015-04-27, Martin Heiland
• [ MDVSA-2015:212 ] java-1.7.0-openjdk, security
• [CORE-2015-0008] - InFocus IN3128HD Projector Multiple Vulnerabilities, CORE Advisories Team
• SonicWall SonicOS 7.5.0.12 & 6.x - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• PayPal Inc Bug Bounty #114 - JDWP Remote Code Execution Vulnerability, Vulnerability Lab
• CSRF & XSS Wing FTP Server Admin <= v4.4.5, apparitionsec
• Multiple Vulnerabilities in TheCartPress WordPress plugin, High-Tech Bridge Security Research
• [oCERT-2015-003] MySQL SSL/TLS downgrade, Andrea Barisani
• [ MDVSA-2015:213 ] lftp, security
• [ MDVSA-2015:215 ] t1utils, security
• [ MDVSA-2015:214 ] libksba, security
• [ MDVSA-2015:216 ] ntop, security
• [security bulletin] HPSBUX03320 SSRT101952 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, security-alert
• [security bulletin] HPSBMU03241 rev.1 - HP Network Automation running SSLv3, Remote Disclosure of Information, security-alert
• ESA-2015-078: RSA® Identity Management and Governance (IMG) Insecure Password Reset Vulnerability, Security Alert
• [SECURITY] [DSA 3240-1] curl security update, Alessandro Ghedini
• [SECURITY] [DSA 3239-1] icecast2 security update, Alessandro Ghedini
• [security bulletin] HPSBGN03323 rev.1 - HP Business Service Automation Essentials Core with JBOSS, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03324 rev.1 - HP Business Service Automation Essentials Core, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3241-1] elasticsearch security update, Moritz Muehlenhoff
• [ MDVSA-2015:217 ] sqlite3, security
• [ MDVSA-2015:218 ] glibc, security
• [SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities, matthias . deeg
• SevDesk v1.1 iOS - Persistent Dashboard Vulnerability, Vulnerability Lab