Mail Thread Index

• Date Index

• [SECURITY] [DSA 3242-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 3243-1] libxml-libxml-perl security update, Salvatore Bonaccorso
• Code Injection in Epicor Retail Store 3.2.03.01.008, webmaster
• [SECURITY] [DSA 3244-1] owncloud security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3245-1] ruby1.8 security update, Alessandro Ghedini
• [SECURITY] [DSA 3246-1] ruby1.9.1 security update, Alessandro Ghedini
• [SECURITY] [DSA 3247-1] ruby2.1 security update, Alessandro Ghedini
• [SECURITY] [DSA 3248-1] libphp-snoopy security update, Moritz Muehlenhoff
• PhotoWebsite v3.1 iOS - File Include Web Vulnerability, Vulnerability Lab
• Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability, Vulnerability Lab
• Grindr v2.1.1 iOS - (eMail) Session Vulnerability, Vulnerability Lab
• Grindr v2.1.1 iOS Bounty #1 - (Session) Auth Bypass Vulnerabilities, Vulnerability Lab
• Cisco (Newsroom) - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation Vulnerability, Vulnerability Lab
• [ MDVSA-2015:220 ] curl, security
• [ MDVSA-2015:219 ] curl, security
• [SECURITY] [DSA 3249-1] jqueryui security update, Sebastien Delafond
• [ MDVSA-2015:221 ] clamav, security
• [ MDVSA-2015:222 ] ppp, security
• [ MDVSA-2015:223 ] directfb, security
• [ MDVSA-2015:224 ] ruby, security
• [ MDVSA-2015:225 ] cherokee, security
• ESA-2015-077: EMC SourceOne Email Management Account Lockout, Security Alert
• [ MDVSA-2015:226 ] fcgi, security
• European Cyber Security Challenge 2015, Ivan Buetler
• ESA-2015-084: EMC AutoStart Packet Injection Vulnerability, Security Alert
• [SECURITY] [DSA 3250-1] wordpress security update, Alessandro Ghedini
• [CVE-2014-8146/8147] - ICU heap and integer overflows / I-C-U-FAIL, Pedro Ribeiro
• vPhoto-Album v4.2 iOS - File Include Web Vulnerability, Vulnerability Lab
• Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [ MDVSA-2015:227 ] mariadb, security
• [SECURITY] [DSA 3251-1] dnsmasq security update, Salvatore Bonaccorso
• F5 BIG-IQ Enumeration of users and Information Disclosure, jplopezy
• [SECURITY] CVE-2014-0230: Apache Tomcat DoS, Mark Thomas
• Arbitrary Variable Overwrite in eShop WordPress Plugin, High-Tech Bridge Security Research
• [ MDVSA-2015:228 ] nodejs, security
• [ MDVSA-2015:229 ] net-snmp, security
• [ MDVSA-2015:230 ] squid, security
• PDF Converter & Editor 2.1 iOS - File Include Vulnerability, Vulnerability Lab
• TORNADO Computer Trading CMS - SQL Injection Vulnerability, Vulnerability Lab
• Advisory: Filezilla FTP server is vulnerable to FTP PORT bounce, Amit Klein
• Cisco Security Advisory: Cisco UCS Central Software Arbitrary Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• CSRF/XSS In Embed ArticlesWordpress Plugin, kingkaustubh
• CSRF/XSSIn Ad_InSerter Wordpress, kingkaustubh
• CSRF/XSS In Manage Engine Asset Explorer, kingkaustubh
• CSRF/XSS In ClickBank ads Wordpress Plugin, kingkaustubh
• CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin, kingkaustubh
• [SECURITY] [DSA 3252-1] sqlite3 security update, Moritz Muehlenhoff
• Alienvault OSSIM/USM Multiple Vulnerabilities, Peter Lapp
• [SE-2014-02] Some additional GAE Java security sandbox bypasses, Security Explorations
• APPLE-SA-2015-05-06-1 Safari 8.0.6, Safari 7.1.6, and Safari 6.2.6, Apple Product Security
• F5 ASM JSON Profile Bypass, Peter Lapp
• [SYSS-2015-017] BullGuard Internet Security - Authentication Bypass, matthias . deeg
• [SYSS-2015-019] BullGuard Antivirus - Authentication Bypass, matthias . deeg
• [SYSS-2015-018] BullGuard Premium Protection - Authentication Bypass, matthias . deeg
• [ MDVSA-2015:231 ] perl-XML-LibXML, security
• Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429, Onur Yilmaz
• Yahoo eMarketing Bug Bounty #31 - Cross Site Scripting Vulnerability, Vulnerability Lab
• Album Streamer v2.0 iOS - Directory Traversal Vulnerability, Vulnerability Lab
• Grindr v2.1.1 iOS & Account System - Breach Attack Vulnerability, Vulnerability Lab
• [security bulletin] HPSBUX03194 rev.1 - HP-UX running sendmail(1M), Remote Disclosure of Information, security-alert
• CSRF/XSS in embed-articles Wordpress Plugin, kingkaustubh
• CSRF/XSS In Ad_Button Wordpress, kingkaustubh
• [SECURITY] [DSA 3253-1] pound security update, Thijs Kinkhorst
• [SECURITY] [DSA 3251-2] dnsmasq regression update, Salvatore Bonaccorso
• [ MDVSA-2015:232 ] libtasn1, security
• Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBGN03328 rev.1 - Network Virtualization for HP LoadRunner and Performance Center, Remote Information Disclosure, security-alert
• Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability, apparitionsec
• Sqlbuddy Path Traversal Vulnerability, hyp3rlinx
• [SECURITY] [DSA 3254-1] suricata security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3255-1] zeromq3 security update, Alessandro Ghedini
• [SECURITY] [DSA 3256-1] libtasn1-6 security update, Salvatore Bonaccorso
• [oCERT-2015-006] dcraw input sanitization errors, Andrea Barisani
• [security bulletin] HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS), security-alert
• [SECURITY] [DSA 3257-1] mercurial security update, Salvatore Bonaccorso
• [slackware-security] mariadb (SSA:2015-132-01), Slackware Security Team
• [slackware-security] wpa_supplicant (SSA:2015-132-03), Slackware Security Team
• [slackware-security] mysql (SSA:2015-132-02), Slackware Security Team
• [security bulletin] HPSBMU03330 rev.1 - HP Matrix Operating Environment (MOE) running glibc on Linux, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3258-1] quassel security update, Alessandro Ghedini
• [slackware-security] mozilla-firefox (SSA:2015-132-04), Slackware Security Team
• SEC Consult SA-20150513-0 :: Multiple critical vulnerabilities in WSO2 Identity Server, SEC Consult Vulnerability Lab
• Cisco Security Advisory: Command Injection Vulnerability in Multiple Cisco TelePresence Products, Cisco Systems Product Security Incident Response Team
• Concrete5 Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-2250, Onur Yilmaz
• [SECURITY] [DSA 3259-1] qemu security update, Moritz Muehlenhoff
• Web India Solutions CMS 2015 - SQL Injection Vulnerability, Vulnerability Lab
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software, Cisco Systems Product Security Incident Response Team
• [CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities, CORE Advisories Team
• [SECURITY] [DSA 3260-1] iceweasel security update, Moritz Muehlenhoff
• Server buffer overflow in Pure Faction <= 3.0c, soulsgetnothing
• Certificate trust vulnerability in Websense Content Gateway, Steve Shockley
• Sidu 5.2 Admin XSS Vulnerability, apparitionsec
• SEC Consult SA-20150514-0 :: Multiple vulnerabilities in Loxone Smart Home (part 2), SEC Consult Vulnerability Lab
• [SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass, Mark Thomas
• phpMyAdmin 4.4.6 Man-In-the-Middle API Github, submit
• [SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine, Security Explorations
• [SECURITY] [DSA 3261-1] libmodule-signature-perl security update, Salvatore Bonaccorso
• ESA-2015-087 EMC Document Sciences xPression SQL Injection Vulnerability, Security Alert
• [slackware-security] mozilla-thunderbird (SSA:2015-137-01), Slackware Security Team
• CRUCMS Crucial Networking - SQL Injection Vulnerability, Vulnerability Lab
• Wireless Photo Transfer v3.0 iOS - File Include Vulnerability, Vulnerability Lab
• iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability, Vulnerability Lab
• OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 3262-1] xen security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3175-2] kfreebsd-9 security update, Alessandro Ghedini
• WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability, metacom27
  • <Possible follow-ups>
  • WISE-FTP Software v8.0.2 - DLL Hijacking Vulnerability, Vulnerability Lab
• [security bulletin] HPSBPI03322 rev.1 - HP Access Control Software, Local Unauthorized Access, security-alert
• APPLE-SA-2015-05-19-1 Watch OS 1.0.1, Apple Product Security
• [security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow, security-alert
• [SECURITY] [DSA 3264-1] icedove security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3263-1] proftpd-dfsg security update, Sebastien Delafond
• Staff FTP v3.04 Software - DLL Hijacking Vulnerability, metacom27
  • <Possible follow-ups>
  • Staff FTP v3.04 Software - DLL Hijacking Vulnerability, Vulnerability Lab
• ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability, akashchavan0708
• HiDisk 2.4 iOS - (currentFolderPath) Persistent Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3265-1] zendframework security update, David Prévot
• Stored XSS in WP Photo Album Plus WordPress Plugin, High-Tech Bridge Security Research
• Eisbär SCADA (All Versions - iOS, Android & W8) - Persistent UI Vulnerability, Vulnerability Lab
• [security bulletin] HPSBUX03334 SSRT102000 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
• [security bulletin] HPSBUX03333 SSRT102029 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS), or Other Vulnerabilities, security-alert
• CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability), Julian Reschke
• [SECURITY] [DSA 3261-2] libmodule-signature-perl regression update, Salvatore Bonaccorso
• CVE for Apple's ECDHE-ECDSA SecureTransport bug?, Jeffrey Walton
• Webgrind XSS vulnerability, hyp3rlinx
• [SECURITY] [DSA 3266-1] fuse security update, Salvatore Bonaccorso
• CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS], pan . vagenas
• CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation], pan . vagenas
• [security bulletin] HPSBMU03336 rev.1- HP Helion OpenStack affected by VENOM, Denial of Service (DoS), Execution of Arbitrary Code, security-alert
• [SECURITY] [DSA 3267-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 3268-1] ntfs-3g security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3270-1] postgresql-9.4 security update, Christoph Berg
• [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability, CORE Advisories Team
• [security bulletin] HPSBGN03325 rev.1 - HP SiteScope, Remote Elevation of Privilege, security-alert
• [SECURITY] [DSA 3271-1] nbd security update, Alessandro Ghedini
• [SECURITY] [DSA 3272-1] ipsec-tools security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3265-2] zendframework regression update, Alessandro Ghedini
• Command injection vulnerability in Synology Photo Station, Securify B.V.
• Reflected Cross-Site Scripting in Synology DiskStation Manager, Securify B.V.
• Synology Photo Station multiple Cross-Site Scripting vulnerabilities, Securify B.V.
• [SECURITY] [DSA 3273-1] tiff security update, Moritz Muehlenhoff
• CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS], pan . vagenas
• [SECURITY] [DSA 3268-2] ntfs-3g security update, Salvatore Bonaccorso
• Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability, David Coomber
• [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability, Onapsis Research Labs
• [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement, Onapsis Research Labs
• DbNinja 3.2.6 Flash XSS Vulnerabilities, apparitionsec
  • <Possible follow-ups>
  • DbNinja 3.2.6 Flash XSS Vulnerabilities, apparitionsec
• [SEARCH-LAB advisory] More than fifty vulnerabilities in D-Link NAS and NVR devices, Gergely Eberhardt
• CVE-2015-1835: ..., Dirk-Willem van Gulik on behalf of Apache Cordova
• Audacity 2.0.5 contains Arbitrary DLL Injection Code Execution, mystyle_rahul
• [security bulletin] HPSBHF03340 rev.1 - HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard, Local Unauthorized Access, Elevation of Privilege, security-alert
• [SECURITY] [DSA 3274-1] virtualbox security update, Moritz Muehlenhoff
• JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities, apparitionsec
• [security bulletin] HPSBGN03332 rev.1 - HP Operations Analytics running SSLv3, Remote Denial of Service (DoS), Disclosure of Information, security-alert
• [security bulletin] HPSBMU03263 rev.3 - HP Insight Control running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03267 rev.2 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03261 rev.2 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03223 rev.1 - HP Insight Control server provisioning running SSLv3, Remote Denial of Service (DoS), Disclosure of Information, security-alert