Mail Index
- [SECURITY] [DSA 3275-1] fusionforge security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3269-2] postgresql-9.1 regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3276-1] symfony security update
- Ektron CMS 9.10 SP1 - CSRF Vulnerability
- Ektron CMS 9.10 SP1 - XSS Vulnerability
- WebDrive Buffer OverFlow PoC
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
- t2'15: Call for Papers 2015 (Helsinki / Finland)
- Freebox OS Web interface 3.0.2 XSS, CSRF
- Enhanced SQL Portal 5.0.7961 XSS Vulnerability
- vfront-0.99.2 CSRF & Persistent XSS
- WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability
- [SECURITY] [DSA 3277-1] wireshark security update
- [SECURITY] [DSA 3249-2] jqueryui security update
- Safari Address Spoofing - Impact, Code, How It Works, History
- Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability
- Local PHP File Inclusion in ResourceSpace
- From: High-Tech Bridge Security Research
- ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability
- [SECURITY] [DSA 3278-1] libapache-mod-jk security update
- [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
- IBM Watson (Cognea) - XSS and Redirect Vulnerabilities
- CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion]
- [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access
- CA20150604-01: Security Notice for CA Common Services
- [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability
- [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities
- Wing FTP Server Remote Code Execution vulnerability
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
- 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow
- CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
- Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure
- Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
- From: Larry W. Cashdollar
- CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4
- Symphony CMS 2.6.2
- [SECURITY] [DSA 3279-1] redis security update
- Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App
- [SECURITY] [DSA 3280-1] php5 security update
- [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice
- AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
- Symphony CMS XSS Vulnerability
- [SECURITY] [DSA 3282-1] strongswan security update
- Symphony CMS XSS Vulnerability [Corrected Post]
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities
- CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016
- From: icissp . secretariat
- NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues
- From: VMware Security Response Center
- [security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS)
- [security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution
- [SECURITY] [DSA 3283-1] cups security update
- From: Salvatore Bonaccorso
- Logstash vulnerability CVE-2015-4152
- Kibana vulnerability CVE-2015-4093
- Elasticsearch vulnerability CVE-2015-4165
- [security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities
- [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
- From: RedTeam Pentesting GmbH
- [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
- From: RedTeam Pentesting GmbH
- Arbitrary File Disclosure and Open Redirect in Bonita BPM
- From: High-Tech Bridge Security Research
- Multiple Vulnerabilities in ISPConfig
- From: High-Tech Bridge Security Research
- Use-After-Free in PHP
- From: High-Tech Bridge Security Research
- Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability
- XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
- Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0
- From: Larry W. Cashdollar
- [security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities
- D-Link DSP-W110 - multiple vulnerabilities
- Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin
- From: Larry W. Cashdollar
- [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability
- [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
- [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
- Nakid-CMS CSRF, Persistent XSS & LFI
- [slackware-security] php (SSA:2015-162-02)
- From: Slackware Security Team
- ZCMS SQL Injection & Persistent XSS
- [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting
- FreeBSD Security Advisory FreeBSD-SA-15:10.openssl
- From: FreeBSD Security Advisories
- [slackware-security] openssl (SSA:2015-162-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3285-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3286-1] xen security update
- Buffer Overflow in My Wifi Router Software
- [SECURITY] [DSA 3287-1] openssl security update
- [SECURITY] [DSA 3288-1] libav security update
- [SECURITY] [DSA 3252-2] sqlite3 security update
- Productsurf Cms Sql Injection Vulnerability
- WebdesignJiNi Cms Sql Injection Vulnerability
- [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager
- From: RedTeam Pentesting GmbH
- [SECURITY] [DSA 3289-1] p7zip security update
- BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability
- ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability
- ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities
- OS Command Injection in Vesta Control Panel
- From: High-Tech Bridge Security Research
- Reflected Cross-Site Scripting (XSS) in SearchBlox
- From: High-Tech Bridge Security Research
- VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities
- [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information
- [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information
- [SECURITY] [DSA 3290-1] linux security update
- [SECURITY] [DSA 3291-1] drupal7 security update
- DUO Security push Timing Attack
- [SECURITY] [DSA 3292-1] cinder security update
- ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
- ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability
- Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability
- Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability
- Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability
- [CVE-2015-3188] Apache Storm remote code execution vulnerability
- [SECURITY] [DSA 3293-1] pyjwt security update
- mysql-lite-administrator XSS vulnerabilities
- mysql-lite-administrator XSS vulnerabilities
- GeniXCMS XSS Vulnerabilities
- [oCERT-2015-008] FreeRADIUS insufficent CRL application
- ManageEngine Asset Explorer v6.1 - Persistent Vulnerability
- The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address
- [security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information
- KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass)
- ESA-2015-109: EMC Documentum D2 Cross-Site Scripting
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability
- [SECURITY] [DSA 3294-1] wireshark security update
- CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004
- CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders
- From: Federick Joe P Fajardo
- [SECURITY] [DSA 3295-1] cacti security update
- From: Salvatore Bonaccorso
- [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS
- [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE
- [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE
- [ERPSCAN-15-005] SAP Mobile Platform - XXE
- [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure
- [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
- [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS
- [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll
- [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE
- Netgear Prosafe VPN Firewalls - Multiple vulnerabilities
- ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability
- Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
- From: Cisco Systems Product Security Incident Response Team
- CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability
- ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
- SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege
- [security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information
- [security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
- [security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
- Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10
- CSRF Vulnerability in C2Box application CVE-2015-4460
- CollabNet Subversion Edge Hook Script Privilege Escalation
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge Password Hash Leak
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge downloadHook local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge tail local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge insecure password change
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge show local file inclusion
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing brute force protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing clickjacking protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge autocomplete on
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge weak password policy
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing XSRF protection
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge weak password storage mechanism
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge missing single login restriction
- From: Oliver-Tobias Ripka
- CollabNet Subversion Edge indes local file inclusion
- From: Oliver-Tobias Ripka
- novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities
- [SECURITY] [DSA 3296-1] libcrypto++ security update
- [SECURITY] [DSA 3297-1] unattended-upgrades security update
- CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP
- Google Chrome Address Spoofing (Request For Comment)
Mail converted by MHonArc