Mail Thread Index

• Date Index

• APPLE-SA-2015-06-30-1 iOS 8.4, Apple Product Security
• APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005, Apple Product Security
• APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7, Apple Product Security
• APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001, Apple Product Security
• APPLE-SA-2015-06-30-5 QuickTime 7.7.7, Apple Product Security
• [SECURITY] [DSA 3298-1] jackrabbit security update, Moritz Muehlenhoff
• APPLE-SA-2015-06-30-6 iTunes 12.2, Apple Product Security
• Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects, andrew
• Pinterest Bug Bounty #1 - Persistent contact_name Vulnerability, Vulnerability Lab
• Ebay Magento Bug Bounty #14 - Persistent Description Vulnerability, Vulnerability Lab
• FCS Scanner v1.0 & v1.4 - Command Inject Vulnerability, Vulnerability Lab
• Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability, Vulnerability Lab
• Path Traversal in BlackCat CMS, High-Tech Bridge Security Research
• ESA-2015-111: EMC Documentum WebTop Client Products Multiple Vulnerabilities, Security Alert
• ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities, Security Alert
• ESA-2015-112: EMC Isilon OneFS Command Injection Vulnerability, Security Alert
• Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models), Pierre Kim
• iTunes 12.2 and QuickTime 7.7.7 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\..., Stefan Kanthak
• ToorCon 17 Call For Papers!, h1kari
• [SECURITY] [DSA 3299-1] stunnel4 security update, Salvatore Bonaccorso
• ipTIME n104r3 vulnerable to CSRF and XSS attacks, Pierre Kim
• SQL Injection in easy2map wordpress plugin v1.24, Larry W. Cashdollar
• CVE-2015-3442 Authentication Bypass in Xpert.Line Version 3.0, Alessandro Zala
• Ruxcon 2015 Final Call For Presentations, cfp
• WK UDID v1.0.1 iOS - Command Inject Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3300-1] iceweasel security update, Moritz Muehlenhoff
• Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
  • Re: Google HTTP Live Headers v1.0.6 - Client Side Cross Site Scripting Web Vulnerability, Reindl Harald
• Microsoft Office - OLE Packager allows code execution in all versions, with macros disabled, Kevin Beaumont
• Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
• Ebay Inc Magento Bug Bounty #16 - CSRF Web Vulnerability, Vulnerability Lab
• 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request, Pierre Kim
• [SECURITY] [DSA 3301-1] haproxy security update, Salvatore Bonaccorso
• Google Chrome Address Spoofing - Google's Opinion, David Leo
• phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities, apparitionsec
• [CORE-2015-0012] - AirLive Multiple Products OS Command Injection, CORE Advisories Team
• [SECURITY] [DSA 3302-1] libwmf security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3303-1] cups-filters security update, Alessandro Ghedini
• [security bulletin] HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03361 rev.1 - HP UCMDB, HP UCMDB Configuration Manager, HP UCMDB Browser, and HP Universal Discovery running TLS, Remote Disclosure of Information, security-alert
• RE: [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information (UNCLASSIFIED), Patterson, Derrick A CTR (US)
• [security bulletin] HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:11.bind, FreeBSD Security Advisories
• [slackware-security] mozilla-firefox (SSA:2015-188-02), Slackware Security Team
• [slackware-security] cups (SSA:2015-188-01), Slackware Security Team
• [slackware-security] ntp (SSA:2015-188-03), Slackware Security Team
• [slackware-security] bind (SSA:2015-188-04), Slackware Security Team
• Symantec EP 12.1.4013 Disabling Vulnerability, apparitionsec
• Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5, Larry W. Cashdollar
• SQL Injection in easy2map-photos wordpress plugin v1.09, Larry W. Cashdollar
• Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution, hdau
• [security bulletin] HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information, security-alert
• [CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection, CORE Advisories Team
• [SECURITY] [DSA 3305-1] python-django security update, Alessandro Ghedini
• Extra information for CVE-2014-2513 - EMC Documentum Content Server: arbitrary code execution, andrew
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software, Cisco Systems Product Security Incident Response Team
• FreeBSD Security Advisory FreeBSD-SA-15:12.openssl, FreeBSD Security Advisories
• [slackware-security] openssl (SSA:2015-190-01), Slackware Security Team
• [SECURITY] [DSA 3306-1] pdns security update, Alessandro Ghedini
• [SECURITY] [DSA 3307-1] pdns-recursor security update, Alessandro Ghedini
• NEW VMSA-2015-0005 : VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability, VMware Security Response Center
• CVE-2014-7952, Android ADB backup APK injection vulnerability, Imre RAD
• ESA-2015-115: EMC RecoverPoint for Virtual Machines (VMs) Restriction Bypass Vulnerability, Security Alert
• [security bulletin] HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBGN03351 rev.2 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information, security-alert
• Cisco Security Advisory: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03373 rev.1 - HP Release Control running TLS, Remote Disclosure of Information, security-alert
• SQL Injection, Reflected XSS, Path Traversal, Function Execution in ZenPhoto 1.4.8, Tim Coen
• [slackware-security] mozilla-thunderbird (SSA:2015-192-01), Slackware Security Team
• phpSQLiteCMS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS CSRF, Unrestricted File Type Upload, Privilege Escalation & XSS, apparitionsec
• [SYSS-2015-031] sysPass - SQL Injection, disclosure
• CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal, Brian Cardinale
• CFP: Passwords 2015, Dec 7-9, Cambridge, UK, Per Thorsheim
• [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect, Pedro Ribeiro
• XSS vulnerability in OFBiz forms, lilian_iatco
• XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5, Tim Coen
• Cisco Security Advisory: Cisco Videoscape Delivery System Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• 15 TOTOLINK router models vulnerable to multiple RCEs, Pierre Kim
  • Re: [FD] 15 TOTOLINK router models vulnerable to multiple RCEs, Joshua Wright
• 4 TOTOLINK router models vulnerable to CSRF and XSS attacks, Pierre Kim
• Backdoor credentials found in 4 TOTOLINK router models, Pierre Kim
• Backdoor and RCE found in 8 TOTOLINK router models, Pierre Kim
• [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure, Cédric Champeau
• ESA-2015-122: EMC Documentum CenterStage Cross-site Scripting Vulnerability, Security Alert
• ESA-2015-123: EMC Documentum WebTop Open Redirect Vulnerability, Security Alert
• Elasticsearch CVE-2015-5377, Kevin Kluge
• Elasticsearch CVE-2015-5531, Kevin Kluge
• SEC Consult SA-20150716-0 :: Permanent Cross-Site Scripting in Oracle Application Express, SEC Consult Vulnerability Lab
• Novell GroupWise 2014 WebAccess vulnerable to XSS attacks, adrian . vollmer
• Oracle E-Business Suite Servlet URL Redirection Vulnerability, owais . md . khan
• UDID+ v2.5 iOS - Mail Command Inject Vulnerability, Vulnerability Lab
• FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• AirDroid ID - Client Side JSONP Callback Vulnerability, Vulnerability Lab
• [slackware-security] php (SSA:2015-198-02), Slackware Security Team
• [slackware-security] httpd (SSA:2015-198-01), Slackware Security Team
• [SECURITY] [DSA 3308-1] mysql-5.5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3309-1] tidy security update, Alessandro Ghedini
• [SECURITY] [DSA 3310-1] freexl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3311-1] mariadb-10.0 security update, Salvatore Bonaccorso
• [security bulletin] HPSBUX03379 SSRT101976 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU03377 rev.1 - HP Release Control running RC4, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities, security-alert
• CVE-2015-5379: Axigen XSS vulnerability for html attachments, Ioan Indreias
• WorldCIST'2016 - Brazil: Call for Workshops Proposals - Best Papers published by ISI/SCI Journals, Maria Lemos
• Logstash vulnerability CVE-2015-5378, Kevin Kluge
• FreeBSD Security Advisory FreeBSD-SA-15:13.tcp, FreeBSD Security Advisories
• Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities, apparitionsec
• NetCracker Resource Management 8.0 - XSS Vulnerability, jychia . sec
• NetCracker Resource Management 8.0 - SQL Injection Vulnerability, jychia . sec
• [SECURITY] [DSA 3312-1] cacti security update, Alessandro Ghedini
• SQL Injection in Count Per Day WordPress Plugin, High-Tech Bridge Security Research
• Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin, High-Tech Bridge Security Research
• Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02], modzero
• ESA-2015-118: EMC Avamar Directory Traversal Vulnerability, Security Alert
• Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software TFTP Server Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3313-1] linux security update, Salvatore Bonaccorso
• ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability, Vulnerability Lab
• Qualys Security Advisory - CVE-2015-3245 userhelper - CVE-2015-3246 libuser, Qualys Security Advisory
• [SECURITY] [DSA 3314-1] typo3-src end of life, Moritz Muehlenhoff
• Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878, apparitionsec
• [SECURITY] [DSA 3315-1] chromium-browser security update, Michael Gilbert
• Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED], apparitionsec
• Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class, Securify B.V.
• Hawkeye-G v3.0.1 Persistent XSS & Information Leakage, apparitionsec
• [SECURITY] [DSA 3318-1] expat security update, Laszlo Boszormenyi
• [SECURITY] [DSA 3316-1] openjdk-7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3317-1] lxc security update, Salvatore Bonaccorso
• Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability, Vulnerability Lab
• Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne, Samuel Lavitt - CVE-2015-0942
• SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities, SEC Consult Vulnerability Lab
• Another Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability, Federico Fazzi
• [SECURITY] [DSA 3319-1] bind9 security update, Salvatore Bonaccorso
• phpFileManager 0.9.8 CSRF Backdoor Shell Vulnerability, apparitionsec
• Cross-Site Scripting (XSS) in qTranslate WordPress Plugin, High-Tech Bridge Security Research
• [security bulletin] HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information, security-alert
• [security bulletin] HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:17.bind, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:16.openssh, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:15.tcp, FreeBSD Security Advisories
• [slackware-security] bind (SSA:2015-209-01), Slackware Security Team
• [security bulletin] HPSBGN03366 rev.1 - HP Business Process Insight with RC4 Stream Cipher, Remote Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED], FreeBSD Security Advisories
• Dell Netvault Backup Remote Denial of Service, epoide
• Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3320-1] openafs security update, Sebastien Delafond
• viagra generic singapore, info
• [SECURITY] [DSA 3321-1] xmltooling security update, Alessandro Ghedini
• HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators, roberto