Mail Index
- phpFileManager 0.9.8 Remote Command Execution
- [SECURITY] [DSA 3322-1] ruby-rack security update
- From: Salvatore Bonaccorso
- Multiple XSS vulnerabilities in FortiSandbox WebUI
- [SECURITY] [DSA 3323-1] icu security update
- [SECURITY] [DSA 3324-1] icedove security update
- [SECURITY] [DSA 3325-1] apache2 security update
- [SECURITY] [DSA 3326-1] ghostscript security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3327-1] squid3 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3328-1] wordpress security update
- Mozilla extensions: a security nightmare
- [SECURITY] [DSA 3328-2] wordpress regression update
- SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network
- From: SEC Consult Vulnerability Lab
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- [security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information
- Re: [FD] Mozilla extensions: a security nightmare
- Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows
- FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:19.routed
- From: FreeBSD Security Advisories
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- RE: [FD] Mozilla extensions: a security nightmare
- RE: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- Re: [FD] Mozilla extensions: a security nightmare
- [SECURITY] [DSA 3329-1] linux security update
- From: Salvatore Bonaccorso
- Re: [FD] Mozilla extensions: a security nightmare
- Thomson Reuters FATCA - Arbitrary File Upload
- From: jakub . palaczynski
- Ferrari - PHP CGI Argument Injection (RCE) Vulnerability
- Device Inspector v1.5 iOS - Command Inject Vulnerabilities
- QNAP crypto keys logged on unencrypted disk partition in world accessible files
- [SECURITY] [DSA 3330-1] activemq security update
- [slackware-security] mozilla-nss (SSA:2015-219-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-219-01)
- From: Slackware Security Team
- [Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
- From: Onapsis Research Labs
- [Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values
- From: Onapsis Research Labs
- [SECURITY] [DSA 3334-1] gnutls28 security update
- From: Salvatore Bonaccorso
- Pdf Shaper Buffer Overflow
- Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- bizidea Design CMS 2015Q3 - SQL Injection Vulnerability
- [SECURITY] [DSA 3333-1] iceweasel security update
- PHPfileNavigator 2.3.3 Persistent & Reflected XSS
- BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
- From: Blue Frost Security Research Lab
- phpipam-1.1.010 XSS Vulnerability
- PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users
- phpipam-1.1.010 XSS Vulnerability
- [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0
- [SECURITY] [DSA 3332-1] wordpress security update
- [SECURITY] [DSA 3335-1] request-tracker4 security update
- From: Salvatore Bonaccorso
- RE: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- From: Limanovski, Dimitri
- Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Update: Backdoor and RCE found in 8 TOTOLINK router models
- [security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information
- [security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8
- From: Apple Product Security
- APPLE-SA-2015-08-13-3 iOS 8.4.1
- From: Apple Product Security
- APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
- From: Apple Product Security
- APPLE-SA-2015-08-13-4 OS X Server v4.1.5
- From: Apple Product Security
- Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local)
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities
- From: Blue Frost Security Research Lab
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- [slackware-security] mozilla-thunderbird (SSA:2015-226-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-226-01)
- From: Slackware Security Team
- vBulletin x.x.x rce "0day"
- Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability
- Re: [FD] Mozilla extensions: a security nightmare
- Re: Windows Platform Binary Table (WPBT) - BIOS PE backdoor
- Re: [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9
- Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
- Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,
- Poor security in SOHO routers, again. Changing configuration parameters with a click.
- Oracle CSO numbers, security hygiene and fixes at the same time
- From: Security Explorations
- ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities
- ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities
- ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
- ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability
- [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow
- [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE
- Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal
- Insufficient certificate validation in EMC Secure Remote Services Virtual Edition
- sysadmin privilege in EMC Documentum Content Server
- [SECURITY] [DSA 3336-1] nss security update
- From: Salvatore Bonaccorso
- EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
- Re: [SECURITY] [DSA 3336-1] nss security update
- Re: Re: [SECURITY] [DSA 3336-1] nss security update
- Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE
- [SECURITY] [DSA 3325-2] apache2 regression update
- [SECURITY] [DSA 3337-1] gdk-pixbuf security update
- [SECURITY] [DSA 3338-1] python-django security update
- FreeBSD Security Advisory FreeBSD-SA-15:20.expat
- From: FreeBSD Security Advisories
- CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation
- Re: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
- Trend Micro Deep Discovery Authentication Bypass
- Trend Micro Deep Discovery XSS
- [SYSS-2015-041] XSS in OpenText Secure MFT
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- RE: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- From: Chillman, Paul, Vodafone UK
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- Re: EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532)
- Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532)
- CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
- [security bulletin] HPSBUX03400 SSRT102211 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3339-1] openjdk-6 security update
- [SECURITY] [DSA 3340-1] zendframework security update
- Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information
- ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability
- [SECURITY] [DSA 3341-1] conntrack security update
- From: Salvatore Bonaccorso
- Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
- PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability
- ChiefPDF Software v2.x - Buffer Overflow Vulnerability
- WebSolutions India Design CMS - SQL Injection Vulnerability
- UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability
- UBNT Bug Bounty #3 - Persistent Filename Vulnerability
- [oCERT-2015-009] VLC arbitrary pointer dereference
- [SECURITY] [DSA 3342-1] vlc security update
- [security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege
- Re: Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability
- APPLE-SA-2015-08-20-1 QuickTime 7.7.8
- From: Apple Product Security
- Re: [SECURITY] [DSA 3325-2] apache2 regression update
- [security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
- Logstash vulnerability CVE-2015-5619
- [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution
- [slackware-security] gnutls (SSA:2015-233-01)
- From: Slackware Security Team
- Logstash vulnerability CVE-2015-5619
- [security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution
- Cross site request forgery vulnerability in Linksys WAG120N
- [SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials
- Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation
- SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5
- From: erlijn . vangenuchten
- [security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification
- [security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification
- [security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
- [security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities
- [security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities
- [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities
- FreeBSD Security Advisory FreeBSD-SA-15:22.openssh
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-15:21.amd64
- From: FreeBSD Security Advisories
- RE: [security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities
- [SECURITY] [DSA 3343-1] twig security update
- [security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information
- [security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information
- [security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information
- [security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information
- CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins
- From: grajalerts . noreply
- [security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information
- [security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
- UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- [security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information
- [SECURITY] [DSA 3344-1] php5 security update
- Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- Re: Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host
- [slackware-security] mozilla-firefox (SSA:2015-241-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3345-1] iceweasel security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information
- [security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access
- [security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information
- PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability
- LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability
- Jenkins 1.626 - Cross Site Request Forgery / Code Execution
- [SECURITY] [DSA 3346-1] drupal7 security update
- Dogma India dogmaindia CMS - Auth Bypass Vulnerability
Mail converted by MHonArc