Mail Index
- [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information
- [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information
- [security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code
- [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
- From: CORE Advisories Team
- KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation
- From: KoreLogic Disclosures
- KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
- From: KoreLogic Disclosures
- CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection
- [slackware-security] gdk-pixbuf2 (SSA:2015-244-01)
- From: Slackware Security Team
- Cross-Site Request Forgery in Cerb
- From: High-Tech Bridge Security Research
- ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability
- [SECURITY] [DSA 3347-1] pdns security update
- Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3349-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3348-1] qemu security update
- From: Salvatore Bonaccorso
- FreeBSD Security Advisory FreeBSD-SA-15:23.bind
- From: FreeBSD Security Advisories
- [SECURITY] [DSA 3350-1] bind9 security update
- [slackware-security] bind (SSA:2015-245-01)
- From: Slackware Security Team
- [SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key
- Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
- Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
- ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability
- [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
- [SECURITY] [DSA 3351-1] chromium-browser security update
- [slackware-security] seamonkey (SSA:2015-246-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3352-1] screen security update
- Oracle Hyperion password disclosure...
- Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation
- Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability
- Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability
- JSPMySQL Administrador CSRF & XSS Vulnerabilities
- [SECURITY] [DSA 3353-1] openslp-dfsg security update
- NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation.
- [CVE-2015-3623] Qlikview blind XXE Security Vulnerability
- Re: Oracle Hyperion password disclosure...
- [SECURITY] [DSA 3354-1] spice security update
- From: Salvatore Bonaccorso
- Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
- Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
- [security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS)
- ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability
- [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository
- [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials
- [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials
- [security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS)
- [security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information
- Synology Video Station command injection and multiple SQL injection vulnerabilities
- Multiple Cross-Site Scripting vulnerabilities in Synology Download Station
- [SECURITY] [DSA 3355-1] libvdpau security update
- DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
- Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe
- Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14
- Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15
- Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability
- Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability
- PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability
- Magento Bug Bounty #19 - Persistent Filename Vulnerability
- [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
- [security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code
- IKEView.exe Fox beta 1 Stack Buffer Overflow
- [SECURITY] [DSA 3356-1] openldap security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3357-1] vzctl security update
- [SECURITY] [DSA 3359-1] virtualbox security update
- [SECURITY] [DSA 3358-1] php5 security update
- From: Salvatore Bonaccorso
- [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
- [security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass
- IKEView.exe R60 Stack Buffer Overflow
- Openfire 3.10.2 CSRF Vulnerabilities
- Paypal Inc - Open Redirect Web Vulnerability
- [security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data
- [SECURITY] [DSA 3360-1] icu security update
- Microsoft Exchange Information Disclosure
- Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files
- [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2015-09-16-1 iOS 9
- From: Apple Product Security
- APPLE-SA-2015-09-16-2 Xcode 7.0
- From: Apple Product Security
- APPLE-SA-2015-09-16-3 iTunes 12.3
- From: Apple Product Security
- Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)
- APPLE-SA-2015-09-16-4 OS X Server 5.0.3
- From: Apple Product Security
- [security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information
- KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation
- From: KoreLogic Disclosures
- [SECURITY] [DSA 3361-1] qemu security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3362-1] qemu-kvm security update
- From: Salvatore Bonaccorso
- Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ...
- [SECURITY] [DSA 3363-1] owncloud-client security update
- SAP Netwaver - XML External Entity Injection
- CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth
- From: Antoine Neuenschwander
- Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft)
- Jasig CAS server vulnerabilities
- APPLE-SA-2015-09-21-1 watchOS 2
- From: Apple Product Security
- [SECURITY] [DSA 3364-1] linux security update
- Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability
- UDID v1.0 iOS - Persistent Mail Encode Vulnerability
- [security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
- [security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information
- Cisco AnyConnect elevation of privileges via DLL side loading
- [slackware-security] mozilla-firefox (SSA:2015-265-01)
- From: Slackware Security Team
- Open-Xchange Security Advisory 2015-09-23
- Reflected Cross-Site Scripting (XSS) in iTop
- From: High-Tech Bridge Security Research
- Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability
- WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability
- UltraEdit v22.20 - Buffer Overflow Vulnerability
- Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities
- [SECURITY] [DSA 3365-1] iceweasel security update
- Cisco AnyConnect elevation of privileges via DMG install script
- [SECURITY] [DSA 3366-1] rpcbind security update
- From: Salvatore Bonaccorso
- BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting
- BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting
- [SECURITY] [DSA 3367-1] wireshark security update
- Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android
- FortiManager v5.2.2 Multiple XSS Vulnerabilities
- Insecure application-coupling in Good Authentication Delegation [MZ-15-03]
- CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
- From: Portcullis Advisories
- CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
- From: Portcullis Advisories
- CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
- From: Portcullis Advisories
- [SECURITY] [DSA 3368-1] cyrus-sasl2 security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege
- Git-1.9.5 ssh-agent.exe Buffer Overflow
- CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin
- CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
- Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin
- Git-1.9.5 ssh-agent.exe Buffer Overflow
- My.WiFi USB Drive v1.0 iOS - File Include Vulnerability
- Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability
- WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability
- Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability
- IconLover v5.4.5 - Stack Buffer Overflow Vulnerability
- Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
- From: Benjamin Daniel Mussler
- Remote privesc and RCE in Kaseya Virtual System Administrator
- CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC
- From: Ralf Spenneberg (OpenSource Security)
- ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities
- ESA-2015-151: RSA® OneStep Path Traversal Vulnerability
- Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC
- CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23
- FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind
- From: FreeBSD Security Advisories
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- From: Popovici, Alejo (LATCO - Buenos Aires)
- Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability
- Apache James Server 2.3.2 security vulnerability fixed
Mail converted by MHonArc