Mail Index
- [SECURITY] [DSA 3242-1] chromium-browser security update
- [SECURITY] [DSA 3243-1] libxml-libxml-perl security update
- From: Salvatore Bonaccorso
- Code Injection in Epicor Retail Store 3.2.03.01.008
- [SECURITY] [DSA 3244-1] owncloud security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3245-1] ruby1.8 security update
- [SECURITY] [DSA 3246-1] ruby1.9.1 security update
- [SECURITY] [DSA 3247-1] ruby2.1 security update
- [SECURITY] [DSA 3248-1] libphp-snoopy security update
- PhotoWebsite v3.1 iOS - File Include Web Vulnerability
- Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability
- Grindr v2.1.1 iOS - (eMail) Session Vulnerability
- Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities
- Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability
- HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability
- [ MDVSA-2015:220 ] curl
- [ MDVSA-2015:219 ] curl
- [SECURITY] [DSA 3249-1] jqueryui security update
- [ MDVSA-2015:221 ] clamav
- [ MDVSA-2015:222 ] ppp
- [ MDVSA-2015:223 ] directfb
- [ MDVSA-2015:224 ] ruby
- [ MDVSA-2015:225 ] cherokee
- ESA-2015-077: EMC SourceOne Email Management Account Lockout
- [ MDVSA-2015:226 ] fcgi
- European Cyber Security Challenge 2015
- ESA-2015-084: EMC AutoStart Packet Injection Vulnerability
- [SECURITY] [DSA 3250-1] wordpress security update
- [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL
- vPhoto-Album v4.2 iOS - File Include Web Vulnerability
- Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability
- [ MDVSA-2015:227 ] mariadb
- [SECURITY] [DSA 3251-1] dnsmasq security update
- From: Salvatore Bonaccorso
- F5 BIG-IQ Enumeration of users and Information Disclosure
- [SECURITY] CVE-2014-0230: Apache Tomcat DoS
- Arbitrary Variable Overwrite in eShop WordPress Plugin
- From: High-Tech Bridge Security Research
- [ MDVSA-2015:228 ] nodejs
- [ MDVSA-2015:229 ] net-snmp
- [ MDVSA-2015:230 ] squid
- PDF Converter & Editor 2.1 iOS - File Include Vulnerability
- TORNADO Computer Trading CMS - SQL Injection Vulnerability
- Advisory: Filezilla FTP server is vulnerable to FTP PORT bounce
- Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- CSRF/XSS In Embed ArticlesWordpress Plugin
- CSRF/XSSIn Ad_InSerter Wordpress
- CSRF/XSS In Manage Engine Asset Explorer
- CSRF/XSS In ClickBank ads Wordpress Plugin
- CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin
- [SECURITY] [DSA 3252-1] sqlite3 security update
- Alienvault OSSIM/USM Multiple Vulnerabilities
- [SE-2014-02] Some additional GAE Java security sandbox bypasses
- From: Security Explorations
- APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6
- From: Apple Product Security
- F5 ASM JSON Profile Bypass
- [SYSS-2015-017] BullGuard Internet Security - Authentication Bypass
- [SYSS-2015-019] BullGuard Antivirus - Authentication Bypass
- [SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass
- [ MDVSA-2015:231 ] perl-XML-LibXML
- Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429
- Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability
- Album Streamer v2.0 iOS - Directory Traversal Vulnerability
- Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability
- [security bulletin] HPSBUX03194 rev.1 - HP-UX running sendmail(1M), Remote Disclosure of Information
- CSRF/XSS in embed-articles Wordpress Plugin
- CSRF/XSS In Ad_Button Wordpress
- [SECURITY] [DSA 3253-1] pound security update
- [SECURITY] [DSA 3251-2] dnsmasq regression update
- From: Salvatore Bonaccorso
- [ MDVSA-2015:232 ] libtasn1
- Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities
- [security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure
- Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability
- Sqlbuddy Path Traversal Vulnerability
- [SECURITY] [DSA 3254-1] suricata security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3255-1] zeromq3 security update
- [SECURITY] [DSA 3256-1] libtasn1-6 security update
- From: Salvatore Bonaccorso
- [oCERT-2015-006] dcraw input sanitization errors
- [security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
- [SECURITY] [DSA 3257-1] mercurial security update
- From: Salvatore Bonaccorso
- [slackware-security] mariadb (SSA:2015-132-01)
- From: Slackware Security Team
- [slackware-security] wpa_supplicant (SSA:2015-132-03)
- From: Slackware Security Team
- [slackware-security] mysql (SSA:2015-132-02)
- From: Slackware Security Team
- [security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information
- [SECURITY] [DSA 3258-1] quassel security update
- [slackware-security] mozilla-firefox (SSA:2015-132-04)
- From: Slackware Security Team
- SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server
- From: SEC Consult Vulnerability Lab
- Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products
- From: Cisco Systems Product Security Incident Response Team
- Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250
- [SECURITY] [DSA 3259-1] qemu security update
- Web India Solutions CMS 2015 - SQL Injection Vulnerability
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
- From: Cisco Systems Product Security Incident Response Team
- [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities
- From: CORE Advisories Team
- [SECURITY] [DSA 3260-1] iceweasel security update
- Server buffer overflow in Pure Faction <= 3.0c
- Certificate trust vulnerability in Websense Content Gateway
- Sidu 5.2 Admin XSS Vulnerability
- SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2)
- From: SEC Consult Vulnerability Lab
- [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass
- phpMyAdmin 4.4.6 Man-In-the-Middle API Github
- [SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine
- From: Security Explorations
- [SECURITY] [DSA 3261-1] libmodule-signature-perl security update
- From: Salvatore Bonaccorso
- ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability
- [slackware-security] mozilla-thunderbird (SSA:2015-137-01)
- From: Slackware Security Team
- CRUCMS Crucial Networking - SQL Injection Vulnerability
- Wireless Photo Transfer v3.0 iOS - File Include Vulnerability
- iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability
- OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities
- [SECURITY] [DSA 3262-1] xen security update
- [SECURITY] [DSA 3175-2] kfreebsd-9 security update
- WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability
- [security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access
- APPLE-SA-2015-05-19-1 Watch OS 1.0.1
- From: Apple Product Security
- [security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
- [SECURITY] [DSA 3264-1] icedove security update
- [SECURITY] [DSA 3263-1] proftpd-dfsg security update
- Staff FTP v3.04 Software - DLL Hijacking Vulnerability
- ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability
- HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability
- Staff FTP v3.04 Software - DLL Hijacking Vulnerability
- [SECURITY] [DSA 3265-1] zendframework security update
- WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability
- Stored XSS in WP Photo Album Plus WordPress Plugin
- From: High-Tech Bridge Security Research
- Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability
- [security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities
- [security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities
- CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
- [SECURITY] [DSA 3261-2] libmodule-signature-perl regression update
- From: Salvatore Bonaccorso
- CVE for Apple's ECDHE-ECDSA SecureTransport bug?
- Webgrind XSS vulnerability
- [SECURITY] [DSA 3266-1] fuse security update
- From: Salvatore Bonaccorso
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
- [security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code
- [SECURITY] [DSA 3267-1] chromium-browser security update
- [SECURITY] [DSA 3268-1] ntfs-3g security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3270-1] postgresql-9.4 security update
- [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
- From: CORE Advisories Team
- [security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege
- [SECURITY] [DSA 3271-1] nbd security update
- [SECURITY] [DSA 3272-1] ipsec-tools security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3265-2] zendframework regression update
- Command injection vulnerability in Synology Photo Station
- Reflected Cross-Site Scripting in Synology DiskStation Manager
- Synology Photo Station multiple Cross-Site Scripting vulnerabilities
- [SECURITY] [DSA 3273-1] tiff security update
- CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]
- [SECURITY] [DSA 3268-2] ntfs-3g security update
- From: Salvatore Bonaccorso
- Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability
- [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement
- From: Onapsis Research Labs
- DbNinja 3.2.6 Flash XSS Vulnerabilities
- DbNinja 3.2.6 Flash XSS Vulnerabilities
- [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices
- CVE-2015-1835: ...
- From: Dirk-Willem van Gulik on behalf of Apache Cordova
- Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution
- [security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege
- [SECURITY] [DSA 3274-1] virtualbox security update
- JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities
- [security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
- [security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
- [security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information
Mail converted by MHonArc