Mail Thread Index

• Date Index

• [SECURITY] [DSA 3275-1] fusionforge security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3269-2] postgresql-9.1 regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 3276-1] symfony security update, Moritz Muehlenhoff
• Ektron CMS 9.10 SP1 - CSRF Vulnerability, jerold
• Ektron CMS 9.10 SP1 - XSS Vulnerability, jerold
• WebDrive Buffer OverFlow PoC, banana88
• CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation], pan . vagenas
• CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS], pan . vagenas
• t2'15: Call for Papers 2015 (Helsinki / Finland), Tomi Tuominen
• Freebox OS Web interface 3.0.2 XSS, CSRF, huyngocbk
• Enhanced SQL Portal 5.0.7961 XSS Vulnerability, apparitionsec
• vfront-0.99.2 CSRF & Persistent XSS, apparitionsec
• WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3277-1] wireshark security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3249-2] jqueryui security update, Sebastien Delafond
• Safari Address Spoofing - Impact, Code, How It Works, History, David Leo
• Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability, banana88
• Local PHP File Inclusion in ResourceSpace, High-Tech Bridge Security Research
• ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability, Security Alert
• [SECURITY] [DSA 3278-1] libapache-mod-jk security update, Markus Koschany
• [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc), Pedro Ribeiro
• IBM Watson (Cognea) - XSS and Redirect Vulnerabilities, jerold
• CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion], pan . vagenas
• [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access, security-alert
• CA20150604-01: Security Notice for CA Common Services, Kotas, Kevin J
• [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability, alex_haynes
• [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities, alex_haynes
• Wing FTP Server Remote Code Execution vulnerability, alex_haynes
• 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
  • <Possible follow-ups>
  • 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
• 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow, Vulnerability Lab
• CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection], pan . vagenas
• Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure, Mike Sheward
• Xloner v3.1.2 wordpress plugin authenticated command execution and XSS, Larry W. Cashdollar
• CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4, venkatesh . nitin
• Symphony CMS 2.6.2, apparitionsec
• [SECURITY] [DSA 3279-1] redis security update, Alessandro Ghedini
• Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App, Payatu Research
• [SECURITY] [DSA 3280-1] php5 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice, Thijs Kinkhorst
• AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability, d4rkr0id
• Symphony CMS XSS Vulnerability, apparitionsec
• [SECURITY] [DSA 3282-1] strongswan security update, Yves-Alexis Perez
• Symphony CMS XSS Vulnerability [Corrected Post], apparitionsec
• SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities, apparitionsec
  • <Possible follow-ups>
  • SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities, apparitionsec
• CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016, icissp . secretariat
• NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues, VMware Security Response Center
• [security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution, security-alert
• [SECURITY] [DSA 3283-1] cups security update, Salvatore Bonaccorso
• Logstash vulnerability CVE-2015-4152, Kevin Kluge
• Kibana vulnerability CVE-2015-4093, Kevin Kluge
• Elasticsearch vulnerability CVE-2015-4165, Kevin Kluge
• [security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
• [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID, RedTeam Pentesting GmbH
• [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery, RedTeam Pentesting GmbH
• Arbitrary File Disclosure and Open Redirect in Bonita BPM, High-Tech Bridge Security Research
• Multiple Vulnerabilities in ISPConfig, High-Tech Bridge Security Research
• Use-After-Free in PHP, High-Tech Bridge Security Research
• Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability, Vulnerability Lab
• XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ), stasvolfus
• Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0, Larry W. Cashdollar
• [security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
• D-Link DSP-W110 - multiple vulnerabilities, Peter Adkins
• Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin, Larry W. Cashdollar
• [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability, Egidio Romano
• [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities, Egidio Romano
• [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability, Egidio Romano
• Nakid-CMS CSRF, Persistent XSS & LFI, apparitionsec
• [slackware-security] php (SSA:2015-162-02), Slackware Security Team
• ZCMS SQL Injection & Persistent XSS, apparitionsec
• [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting, ludwig . stage
• FreeBSD Security Advisory FreeBSD-SA-15:10.openssl, FreeBSD Security Advisories
• [slackware-security] openssl (SSA:2015-162-01), Slackware Security Team
• [SECURITY] [DSA 3285-1] qemu-kvm security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3286-1] xen security update, Moritz Muehlenhoff
• Buffer Overflow in My Wifi Router Software, sudson08
• [SECURITY] [DSA 3287-1] openssl security update, Alessandro Ghedini
• [SECURITY] [DSA 3288-1] libav security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3252-2] sqlite3 security update, Alessandro Ghedini
• Productsurf Cms Sql Injection Vulnerability, iedb . team
• WebdesignJiNi Cms Sql Injection Vulnerability, iedb . team
• [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager, RedTeam Pentesting GmbH
• [SECURITY] [DSA 3289-1] p7zip security update, Ben Hutchings
• BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability, d4rkr0id
• ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability, Security Alert
• ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities, Security Alert
• OS Command Injection in Vesta Control Panel, High-Tech Bridge Security Research
• Reflected Cross-Site Scripting (XSS) in SearchBlox, High-Tech Bridge Security Research
• VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities, VCE - PSIRT
• [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3290-1] linux security update, Ben Hutchings
• [SECURITY] [DSA 3291-1] drupal7 security update, Sebastien Delafond
• DUO Security push Timing Attack, jpierini
• [SECURITY] [DSA 3292-1] cinder security update, Sebastien Delafond
• ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities, Vulnerability Lab
• ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability, Vulnerability Lab
• Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability, Vulnerability Lab
• Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability, Vulnerability Lab
• [CVE-2015-3188] Apache Storm remote code execution vulnerability, P. Taylor Goetz
• [SECURITY] [DSA 3293-1] pyjwt security update, Alessandro Ghedini
• mysql-lite-administrator XSS vulnerabilities, apparitionsec
  • <Possible follow-ups>
  • mysql-lite-administrator XSS vulnerabilities, apparitionsec
• GeniXCMS XSS Vulnerabilities, apparitionsec
• [oCERT-2015-008] FreeRADIUS insufficent CRL application, Andrea Barisani
• ManageEngine Asset Explorer v6.1 - Persistent Vulnerability, Vulnerability Lab
• The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address, Amit Klein
• [security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information, security-alert
• KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass), n4ser . farhadi
• ESA-2015-109: EMC Documentum D2 Cross-Site Scripting, Security Alert
• ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability, Security Alert
• [SECURITY] [DSA 3294-1] wireshark security update, Moritz Muehlenhoff
• CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004, Marco Delai
• CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders, Federick Joe P Fajardo
• [SECURITY] [DSA 3295-1] cacti security update, Salvatore Bonaccorso
• [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS, Darya Maenkova
• [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE, Darya Maenkova
• [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE, Darya Maenkova
• [ERPSCAN-15-005] SAP Mobile Platform - XXE, Darya Maenkova
• [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure, Darya Maenkova
• [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check, Darya Maenkova
• [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS, Darya Maenkova
• [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll, Darya Maenkova
• [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE, Darya Maenkova
• Netgear Prosafe VPN Firewalls - Multiple vulnerabilities, post
• ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability, Security Alert
• Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA, Cisco Systems Product Security Incident Response Team
• CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability, Imre RAD
• ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities, Security Alert
• SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences, SEC Consult Vulnerability Lab
• [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege, security-alert
• [security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information, security-alert
• Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10, Tim
• CSRF Vulnerability in C2Box application CVE-2015-4460, wissam . bashour
• CollabNet Subversion Edge Hook Script Privilege Escalation, Oliver-Tobias Ripka
• CollabNet Subversion Edge Password Hash Leak, Oliver-Tobias Ripka
• CollabNet Subversion Edge downloadHook local file inclusion, Oliver-Tobias Ripka
• CollabNet Subversion Edge tail local file inclusion, Oliver-Tobias Ripka
• CollabNet Subversion Edge insecure password change, Oliver-Tobias Ripka
• CollabNet Subversion Edge show local file inclusion, Oliver-Tobias Ripka
• CollabNet Subversion Edge missing brute force protection, Oliver-Tobias Ripka
• CollabNet Subversion Edge missing clickjacking protection, Oliver-Tobias Ripka
• CollabNet Subversion Edge autocomplete on, Oliver-Tobias Ripka
• CollabNet Subversion Edge weak password policy, Oliver-Tobias Ripka
• CollabNet Subversion Edge missing XSRF protection, Oliver-Tobias Ripka
• CollabNet Subversion Edge weak password storage mechanism, Oliver-Tobias Ripka
• CollabNet Subversion Edge missing single login restriction, Oliver-Tobias Ripka
• CollabNet Subversion Edge indes local file inclusion, Oliver-Tobias Ripka
• novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities, apparitionsec
• [SECURITY] [DSA 3296-1] libcrypto++ security update, Alessandro Ghedini
• [SECURITY] [DSA 3297-1] unattended-upgrades security update, Alessandro Ghedini
• CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP, Fernando Muñoz
• Google Chrome Address Spoofing (Request For Comment), David Leo