Mail Index

• Thread Index

• APPLE-SA-2015-06-30-1 iOS 8.4
  • From: Apple Product Security
• APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005
  • From: Apple Product Security
• APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7
  • From: Apple Product Security
• APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001
  • From: Apple Product Security
• APPLE-SA-2015-06-30-5 QuickTime 7.7.7
  • From: Apple Product Security
• [SECURITY] [DSA 3298-1] jackrabbit security update
  • From: Moritz Muehlenhoff
• APPLE-SA-2015-06-30-6 iTunes 12.2
  • From: Apple Product Security
• Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects
  • From: andrew
• Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability
  • From: Vulnerability Lab
• Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability
  • From: Vulnerability Lab
• FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability
  • From: Vulnerability Lab
• Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• Path Traversal in BlackCat CMS
  • From: High-Tech Bridge Security Research
• ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities
  • From: Security Alert
• ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities
  • From: Security Alert
• ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability
  • From: Security Alert
• Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)
  • From: Pierre Kim
• iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
  • From: Stefan Kanthak
• ToorCon 17 Call For Papers!
  • From: h1kari
• [SECURITY] [DSA 3299-1] stunnel4 security update
  • From: Salvatore Bonaccorso
• ipTIME n104r3 vulnerable to CSRF and XSS attacks
  • From: Pierre Kim
• SQL Injection in easy2map wordpress plugin v1.24
  • From: Larry W. Cashdollar
• CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0
  • From: Alessandro Zala
• Ruxcon 2015 Final Call For Presentations
  • From: cfp
• WK UDID v1.0.1 iOS - Command Inject Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3300-1] iceweasel security update
  • From: Moritz Muehlenhoff
• Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled
  • From: Kevin Beaumont
• Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
  • From: Federico Fazzi
• Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability
  • From: Vulnerability Lab
• 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request
  • From: Pierre Kim
• [SECURITY] [DSA 3301-1] haproxy security update
  • From: Salvatore Bonaccorso
• Google Chrome Address Spoofing - Google's Opinion
  • From: David Leo
• phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities
  • From: apparitionsec
• Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability
  • From: Reindl Harald
• [CORE-2015-0012] - AirLive Multiple Products OS Command Injection
  • From: CORE Advisories Team
• [SECURITY] [DSA 3302-1] libwmf security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3303-1] cups-filters security update
  • From: Alessandro Ghedini
• [security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information
  • From: security-alert
• RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED)
  • From: Patterson, Derrick A CTR (US)
• [security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:11.bind
  • From: FreeBSD Security Advisories
• [slackware-security] mozilla-firefox (SSA:2015-188-02)
  • From: Slackware Security Team
• [slackware-security] cups (SSA:2015-188-01)
  • From: Slackware Security Team
• [slackware-security] ntp (SSA:2015-188-03)
  • From: Slackware Security Team
• [slackware-security] bind (SSA:2015-188-04)
  • From: Slackware Security Team
• Symantec EP 12.1.4013 Disabling Vulnerability
  • From: apparitionsec
• Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5
  • From: Larry W. Cashdollar
• SQL Injection in easy2map-photos wordpress plugin v1.09
  • From: Larry W. Cashdollar
• Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution
  • From: hdau
• [security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection
  • From: CORE Advisories Team
• [SECURITY] [DSA 3305-1] python-django security update
  • From: Alessandro Ghedini
• Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution
  • From: andrew
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
  • From: Cisco Systems Product Security Incident Response Team
• FreeBSD Security Advisory FreeBSD-SA-15:12.openssl
  • From: FreeBSD Security Advisories
• [slackware-security] openssl (SSA:2015-190-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3306-1] pdns security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3307-1] pdns-recursor security update
  • From: Alessandro Ghedini
• NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
  • From: VMware Security Response Center
• CVE-2014-7952, Android ADB backup APK injection vulnerability
  • From: Imre RAD
• ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability
  • From: Security Alert
• [security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information
  • From: security-alert
• Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information
  • From: security-alert
• SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8
  • From: Tim Coen
• [slackware-security] mozilla-thunderbird (SSA:2015-192-01)
  • From: Slackware Security Team
• phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS
  • From: apparitionsec
• [SYSS-2015-031] sysPass - SQL Injection
  • From: disclosure
• CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal
  • From: Brian Cardinale
• CFP: Passwords 2015, Dec 7-9, Cambridge, UK
  • From: Per Thorsheim
• [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect
  • From: Pedro Ribeiro
• XSS vulnerability in OFBiz forms
  • From: lilian_iatco
• XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5
  • From: Tim Coen
• Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• 15 TOTOLINK router models vulnerable to multiple RCEs
  • From: Pierre Kim
• 4 TOTOLINK router models vulnerable to CSRF and XSS attacks
  • From: Pierre Kim
• Backdoor credentials found in 4 TOTOLINK router models
  • From: Pierre Kim
• Backdoor and RCE found in 8 TOTOLINK router models
  • From: Pierre Kim
• [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure
  • From: Cédric Champeau
• Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs
  • From: Joshua Wright
• ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability
  • From: Security Alert
• ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability
  • From: Security Alert
• Elasticsearch CVE-2015-5377
  • From: Kevin Kluge
• Elasticsearch CVE-2015-5531
  • From: Kevin Kluge
• SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express
  • From: SEC Consult Vulnerability Lab
• Novell GroupWise 2014 WebAccess vulnerable to XSS attacks
  • From: adrian . vollmer
• Oracle E-Business Suite Servlet URL Redirection Vulnerability
  • From: owais . md . khan
• UDID+ v2.5 iOS - Mail Command Inject Vulnerability
  • From: Vulnerability Lab
• FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• AirDroid ID - Client Side JSONP Callback Vulnerability
  • From: Vulnerability Lab
• [slackware-security] php (SSA:2015-198-02)
  • From: Slackware Security Team
• [slackware-security] httpd (SSA:2015-198-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3308-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3309-1] tidy security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3310-1] freexl security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3311-1] mariadb-10.0 security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
  • From: security-alert
• CVE-2015-5379: Axigen XSS vulnerability for html attachments
  • From: Ioan Indreias
• WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals
  • From: Maria Lemos
• Logstash vulnerability CVE-2015-5378
  • From: Kevin Kluge
• FreeBSD Security Advisory FreeBSD-SA-15:13.tcp
  • From: FreeBSD Security Advisories
• Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities
  • From: apparitionsec
• NetCracker Resource Management 8.0 - XSS Vulnerability
  • From: jychia . sec
• NetCracker Resource Management 8.0 - SQL Injection Vulnerability
  • From: jychia . sec
• [SECURITY] [DSA 3312-1] cacti security update
  • From: Alessandro Ghedini
• SQL Injection in Count Per Day WordPress Plugin
  • From: High-Tech Bridge Security Research
• Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin
  • From: High-Tech Bridge Security Research
• Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02]
  • From: modzero
• ESA-2015-118: EMC Avamar Directory Traversal Vulnerability
  • From: Security Alert
• Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3313-1] linux security update
  • From: Salvatore Bonaccorso
• ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser
  • From: Qualys Security Advisory
• [SECURITY] [DSA 3314-1] typo3-src end of life
  • From: Moritz Muehlenhoff
• Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878
  • From: apparitionsec
• [SECURITY] [DSA 3315-1] chromium-browser security update
  • From: Michael Gilbert
• Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
  • From: apparitionsec
• Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
  • From: Securify B.V.
• Hawkeye-G v3.0.1 Persistent XSS & Information Leakage
  • From: apparitionsec
• [SECURITY] [DSA 3318-1] expat security update
  • From: Laszlo Boszormenyi
• [SECURITY] [DSA 3316-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3317-1] lxc security update
  • From: Salvatore Bonaccorso
• Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability
  • From: Vulnerability Lab
• Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne
  • From: Samuel Lavitt - CVE-2015-0942
• SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities
  • From: SEC Consult Vulnerability Lab
• Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability
  • From: Federico Fazzi
• [SECURITY] [DSA 3319-1] bind9 security update
  • From: Salvatore Bonaccorso
• phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability
  • From: apparitionsec
• Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:17.bind
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:16.openssh
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:15.tcp
  • From: FreeBSD Security Advisories
• [slackware-security] bind (SSA:2015-209-01)
  • From: Slackware Security Team
• [security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
  • From: FreeBSD Security Advisories
• Dell Netvault Backup Remote Denial of Service
  • From: epoide
• Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3320-1] openafs security update
  • From: Sebastien Delafond
• viagra generic singapore
  • From: info
• [SECURITY] [DSA 3321-1] xmltooling security update
  • From: Alessandro Ghedini
• HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators
  • From: roberto