Mail Thread Index
- phpFileManager 0.9.8 Remote Command Execution,
hyp3rlinx
- [SECURITY] [DSA 3322-1] ruby-rack security update,
Salvatore Bonaccorso
- Multiple XSS vulnerabilities in FortiSandbox WebUI,
hyp3rlinx
- [SECURITY] [DSA 3323-1] icu security update,
Laszlo Boszormenyi
- [SECURITY] [DSA 3324-1] icedove security update,
Alessandro Ghedini
- [SECURITY] [DSA 3325-1] apache2 security update,
Stefan Fritsch
- [SECURITY] [DSA 3326-1] ghostscript security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3327-1] squid3 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3328-1] wordpress security update,
Thijs Kinkhorst
- Mozilla extensions: a security nightmare,
Stefan Kanthak
[SECURITY] [DSA 3328-2] wordpress regression update,
Thijs Kinkhorst
SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network,
SEC Consult Vulnerability Lab
[security bulletin] HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information,
security-alert
Vulnerable MSVC++ runtime distributed with LibreOffice 5.0.0 for Windows,
Stefan Kanthak
FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:19.routed,
FreeBSD Security Advisories
[SECURITY] [DSA 3329-1] linux security update,
Salvatore Bonaccorso
Thomson Reuters FATCA - Arbitrary File Upload,
jakub . palaczynski
Ferrari - PHP CGI Argument Injection (RCE) Vulnerability,
Vulnerability Lab
Device Inspector v1.5 iOS - Command Inject Vulnerabilities,
Vulnerability Lab
QNAP crypto keys logged on unencrypted disk partition in world accessible files,
Andreas Steinmetz
[SECURITY] [DSA 3330-1] activemq security update,
Moritz Muehlenhoff
[slackware-security] mozilla-nss (SSA:2015-219-02),
Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-219-01),
Slackware Security Team
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery,
Onapsis Research Labs
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage,
Onapsis Research Labs
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values,
Onapsis Research Labs
[SECURITY] [DSA 3334-1] gnutls28 security update,
Salvatore Bonaccorso
Pdf Shaper Buffer Overflow,
metacom27
Windows Platform Binary Table (WPBT) - BIOS PE backdoor,
Kevin Beaumont
bizidea Design CMS 2015Q3 - SQL Injection Vulnerability,
Vulnerability Lab
[SECURITY] [DSA 3333-1] iceweasel security update,
Moritz Muehlenhoff
PHPfileNavigator 2.3.3 Persistent & Reflected XSS,
apparitionsec
BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability,
Blue Frost Security Research Lab
phpipam-1.1.010 XSS Vulnerability,
apparitionsec
PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users,
apparitionsec
[CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0,
Ken
[SECURITY] [DSA 3332-1] wordpress security update,
Thijs Kinkhorst
[SECURITY] [DSA 3335-1] request-tracker4 security update,
Salvatore Bonaccorso
Cisco Unified Communications Manager Multiple Vulnerabilities (VP2015-001),
Bernhard Mueller
Update: Backdoor and RCE found in 8 TOTOLINK router models,
Pierre Kim
[security bulletin] HPSBGN03386 rev.1 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information,
security-alert
[security bulletin] HPSBGN03393 rev.1 - HP Operations Manager i, Remote Code Execution,
security-alert
APPLE-SA-2015-08-13-1 Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8,
Apple Product Security
APPLE-SA-2015-08-13-3 iOS 8.4.1,
Apple Product Security
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006,
Apple Product Security
APPLE-SA-2015-08-13-4 OS X Server v4.1.5,
Apple Product Security
Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local),
Christopher Hudel
BFS-SA-2015-002: OpenSSH PAM Privilege Separation Vulnerabilities,
Blue Frost Security Research Lab
[slackware-security] mozilla-thunderbird (SSA:2015-226-02),
Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-226-01),
Slackware Security Team
vBulletin x.x.x rce "0day",
Joshua Rogers
Re: PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability,
ahmadshafique
Re: [MORNINGSTAR-2009-01] Multiple security issues in Open Auto Classifieds version <= 1.5.9,
li0252130467
Re: NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE,
13669185678
Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,,
arash . yazdanfare
Poor security in SOHO routers, again. Changing configuration parameters with a click.,
DonVallejo .
Oracle CSO numbers, security hygiene and fixes at the same time,
Security Explorations
ESA-2015-081: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Multiple Vulnerabilities,
Security Alert
ESA-2015-094: RSA Archer® GRC Multiple Cross-Site Request Forgery Vulnerabilities,
Security Alert
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities,
Security Alert
ESA-2015-130: EMC Documentum WebTop and WebTop Clients Cross-Site Request Forgery Vulnerability,
Security Alert
[ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow,
ERPScan inc
[ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD – XXE,
ERPScan inc
Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal,
Securify B.V.
Insufficient certificate validation in EMC Secure Remote Services Virtual Edition,
Securify B.V.
sysadmin privilege in EMC Documentum Content Server,
andrew
[SECURITY] [DSA 3336-1] nss security update,
Salvatore Bonaccorso
EMC Documentum Content Server: arbitrary code execution (incomplete fix in CVE-2015-4532),
andrew
Re: [ERPSCAN-15-013] SAP NetWeaver AS Java CIM UPLOAD â?? XXE,
rahfsk
[SECURITY] [DSA 3325-2] apache2 regression update,
Stefan Fritsch
[SECURITY] [DSA 3337-1] gdk-pixbuf security update,
Moritz Muehlenhoff
[SECURITY] [DSA 3338-1] python-django security update,
Alessandro Ghedini
FreeBSD Security Advisory FreeBSD-SA-15:20.expat,
FreeBSD Security Advisories
CVE-2015-5699 - Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, Vulnerable to Local Privilege Escalation,
Gregory Pickett
Re: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED],
aabbccdd05407
Trend Micro Deep Discovery Authentication Bypass,
apparitionsec
Trend Micro Deep Discovery XSS,
apparitionsec
[SYSS-2015-041] XSS in OpenText Secure MFT,
adrian . vollmer
Re: CORE-2009-01515 - WordPress Privileges Unchecked in admin.php and Multiple Information,
Asher995
Privilege escalation through RPC commands in EMC Documentum Content Server (incomplete fix in CVE-2015-4532),
andrew
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability,
Christofer Dutz
[security bulletin] HPSBUX03400 SSRT102211 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
[SECURITY] [DSA 3339-1] openjdk-6 security update,
Moritz Muehlenhoff
[SECURITY] [DSA 3340-1] zendframework security update,
Alessandro Ghedini
ESA-2015-132: EMC Documentum D2 Fail Open Vulnerability,
Security Alert
[SECURITY] [DSA 3341-1] conntrack security update,
Salvatore Bonaccorso
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064),
Vulnerability Lab
PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability,
Vulnerability Lab
ChiefPDF Software v2.x - Buffer Overflow Vulnerability,
Vulnerability Lab
WebSolutions India Design CMS - SQL Injection Vulnerability,
Vulnerability Lab
UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability,
Vulnerability Lab
UBNT Bug Bounty #3 - Persistent Filename Vulnerability,
Vulnerability Lab
[oCERT-2015-009] VLC arbitrary pointer dereference,
Andrea Barisani
[SECURITY] [DSA 3342-1] vlc security update,
Alessandro Ghedini
[security bulletin] HPSBUX03369 SSRT102037 rev.1 - HP-UX execve(2), Local Elevation of Privilege,
security-alert
Re: Micro Login System v1.0 (userpwd.txt) Password Disclosure Vulnerability,
anonymous
APPLE-SA-2015-08-20-1 QuickTime 7.7.8,
Apple Product Security
[security bulletin] HPSBUX03410 SSRT102175 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS),
security-alert
Logstash vulnerability CVE-2015-5619,
Suyog Rao
[security bulletin] HPSBGN03395 rev.1 - HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX, Remote Code Execution,
security-alert
[slackware-security] gnutls (SSA:2015-233-01),
Slackware Security Team
Cross site request forgery vulnerability in Linksys WAG120N,
DonVallejo .
[SYSS-2015-025] Netop Remote Control - Insufficiently Protected Credentials,
matthias . deeg
Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation,
ajs
SYSS-2015-033: Missing Function Level Access Control (CWE-935) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-030] Improper Handling of Insufficient Privileges (CWE-274) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-032] Broken Authentication and Session Management (CWE-930) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-029] Insecure Direct Object Reference (CWE-932) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-028] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-027] Cross-Site Scripting (CWE-79) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[SYSS-2015-026] Denial of Service (CWE-730) and Overly Restrictive Account Lockout Mechanism (CWE-645) in Page2Flip Premium App 2.5,
erlijn . vangenuchten
[security bulletin] HPSBMU03345 rev.1 - HP Network Node Manager i (NNMi) and Smart Plugins (iSPIs) for HP-UX, Linux, Solaris, and Windows, Remote Disclosure of Information, Unauthorized Modification,
security-alert
[security bulletin] HPSBGN03404 rev.1 - HP Service Health Reporter, Remote Unauthorized Modification,
security-alert
[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities,
security-alert
[security bulletin] HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and Linux, Multiple Vulnerabilities,
security-alert
[security bulletin] HPSBMU03413 rev.1 - HP Virtual Connect Enterprise Manager SDK, Multiple Vulnerabilities,
security-alert
[security bulletin] HPSBMU03397 rev.1 - HP Version Control Agent (VCA) on Windows and Linux, Multiple Vulnerabilities,
security-alert
FreeBSD Security Advisory FreeBSD-SA-15:22.openssh,
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:21.amd64,
FreeBSD Security Advisories
[SECURITY] [DSA 3343-1] twig security update,
Sebastien Delafond
[security bulletin] HPSBGN03414 rev.1 - HP Operations Agent, Remote Disclosure of Information,
security-alert
[security bulletin] HPSBGN03415 rev.1 - HP Operations Agent Virtual Appliance, Remote Disclosure of Information,
security-alert
[security bulletin] HPSBGN03399 rev.1 - HP BSM Connector (BSMC), Remote Unauthorized Modification, Disclosure of Information,
security-alert
[security bulletin] HPSBGN03405 rev.1 - HP Integration Adaptor, Remote Unauthorized Modification, Disclosure of Information,
security-alert
CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins,
grajalerts . noreply
[security bulletin] HPSBGN03411 rev.1 - HP Operations Agent Virtual Appliance, Remote Unauthorized Disclosure of Information,
security-alert
[security bulletin] HPSBHF03408 rev.1 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code,
security-alert
UAC Bypass Vulnerability on "Windows 7" in Windows Script Host,
vozzie
[security bulletin] HPSBGN03402 rev.2 - HP Performance Manager, Remote Disclosure of Information,
security-alert
[SECURITY] [DSA 3344-1] php5 security update,
Sebastien Delafond
[slackware-security] mozilla-firefox (SSA:2015-241-01),
Slackware Security Team
[SECURITY] [DSA 3345-1] iceweasel security update,
Salvatore Bonaccorso
[security bulletin] HPSBMU03416 rev.1 - HP Data Protector, Remote Disclosure of Information,
security-alert
[security bulletin] HPSBGN03387 rev.1 - HP Intelligent Provisioning, Remote Code Execution, Unauthorized Access,
security-alert
[security bulletin] HPSBGN03407 rev.1 - HP Operations Manager for Windows, Remote Unauthorized Modification, Disclosure of Information,
security-alert
PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability,
Vulnerability Lab
LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability,
Vulnerability Lab
Jenkins 1.626 - Cross Site Request Forgery / Code Execution,
smash
[SECURITY] [DSA 3346-1] drupal7 security update,
Alessandro Ghedini
Dogma India dogmaindia CMS - Auth Bypass Vulnerability,
Vulnerability Lab
Mail converted by MHonArc