Mail Thread Index

• Date Index

• [security bulletin] HPSBMU03401 rev.1 - HP Operations Manager for UNIX and Linux, Remote Unauthorized Modification, Disclosure of Information, security-alert
• [security bulletin] HPSBGN03403 rev.1 - HP Virtualization Performance Viewer, Remote Unauthorized Disclosure of Information, security-alert
• [security bulletin] HPSBMU03339 rev.1 - HP LoadRunner Controller, Local Execution of Arbitrary Code, security-alert
• [CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities, CORE Advisories Team
• KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation, KoreLogic Disclosures
• KL-001-2015-004 : XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection, David Black
• [slackware-security] gdk-pixbuf2 (SSA:2015-244-01), Slackware Security Team
• Cross-Site Request Forgery in Cerb, High-Tech Bridge Security Research
• ESA-2015-137: EMC Atmos XML External Entity Injection Vulnerability, Security Alert
• [SECURITY] [DSA 3347-1] pdns security update, Sébastien Delafond
• Cisco Security Advisory: Cisco Integrated Management Controller Supervisor and Cisco UCS Director Remote File Overwrite Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3349-1] qemu-kvm security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3348-1] qemu security update, Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-15:23.bind, FreeBSD Security Advisories
• [SECURITY] [DSA 3350-1] bind9 security update, Moritz Muehlenhoff
• [slackware-security] bind (SSA:2015-245-01), Slackware Security Team
• [SYSS-2015-016] Avaya one-X® Agent - Hard-coded Cryptographic Key, sven . freund
• Checkmarx CxQL Sandbox bypass (CVE-2014-8778), hdau
• Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities, Vulnerability Lab
• ESA-2015-144: EMC Documentum Content Server Privilege Escalation Vulnerability, Security Alert
• [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow, Julien Ahrens
• [SECURITY] [DSA 3351-1] chromium-browser security update, Michael Gilbert
• [slackware-security] seamonkey (SSA:2015-246-01), Slackware Security Team
• [SECURITY] [DSA 3352-1] screen security update, Laszlo Boszormenyi
• Oracle Hyperion password disclosure..., Jeff Kayser
  • <Possible follow-ups>
  • Re: Oracle Hyperion password disclosure..., jeff . kayser
• Defense in depth -- the Microsoft way (part 32): yet another (trivial) UAC bypass resp. privilege escalation, Stefan Kanthak
• Avira Mobile Security iOS Application - Cleartext Credentials Vulnerability, David Coomber
• Webroot SecureAnywhere Mobile Protection - MITM SSL Certificate Vulnerability, David Coomber
• JSPMySQL Administrador CSRF & XSS Vulnerabilities, apparitionsec
• [SECURITY] [DSA 3353-1] openslp-dfsg security update, Alessandro Ghedini
• NETGEAR Wireless Management System - Authentication Bypass and Privilege Escalation., Elliott Lewis
• [CVE-2015-3623] Qlikview blind XXE Security Vulnerability, alex_haynes
• [SECURITY] [DSA 3354-1] spice security update, Salvatore Bonaccorso
• Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe, Stefan Kanthak
  • Re: Defense in depth -- the Microsoft way (part 33): arbitrary code execution (and UAC bypass) via RegEdit.exe, Stefan Kanthak
• Re: Integer overflow in .NET Framework System.DirectoryServices.Protocols.Utility class, Securify B.V.
• [security bulletin] HPSBOV03506 rev.1 - TCP/IP Services for OpenVMS running BIND, Remote Denial of Service (DoS), security-alert
• ESA-2015-140: RSA® Identity Management & Governance Multiple Cross-Site Scripting Vulnerabilities, Security Alert
• ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability, Security Alert
• [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository, ERPScan inc
• [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials, ERPScan inc
• [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials, ERPScan inc
• [security bulletin] HPSBOV03505 rev.1 - TCP/IP Services for OpenVMS running NTP, Remote Code Execution, Denial of Service (DoS), security-alert
• [security bulletin] HPSBGN03504 rev.1 - HP UCMDB, Local Disclosure of Sensitive Information, security-alert
• Synology Video Station command injection and multiple SQL injection vulnerabilities, Securify B.V.
• Multiple Cross-Site Scripting vulnerabilities in Synology Download Station, Securify B.V.
• [SECURITY] [DSA 3355-1] libvdpau security update, Alessandro Ghedini
• DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584, Onur Yilmaz
• Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14, dkl
• Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15, LpSolit
• Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability, Vulnerability Lab
• Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability, Vulnerability Lab
• PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability, Vulnerability Lab
• Magento Bug Bounty #19 - Persistent Filename Vulnerability, Vulnerability Lab
• [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability, Egidio Romano
• [security bulletin] HPSBHF03408 rev.2 - HP PCs with HP lt4112 LTE/HSPA+ Gobi 4G Module, Remote Execution of Arbitrary Code, security-alert
• IKEView.exe Fox beta 1 Stack Buffer Overflow, apparitionsec
• [SECURITY] [DSA 3356-1] openldap security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3357-1] vzctl security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3359-1] virtualbox security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3358-1] php5 security update, Salvatore Bonaccorso
• [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting, Ahrens, Julien
• [security bulletin] HPSBMU03392 rev.2 - HP ArcSight Logger, Remote Authorization Bypass, security-alert
• IKEView.exe R60 Stack Buffer Overflow, apparitionsec
• Openfire 3.10.2 CSRF Vulnerabilities, apparitionsec
• Paypal Inc - Open Redirect Web Vulnerability, Vulnerability Lab
• [security bulletin] HPSBHF03509 rev.1 - HP ThinPro and Smart Zero Core, Remote Denial of Service, Unauthorized Access to Data, security-alert
• [SECURITY] [DSA 3360-1] icu security update, GCS
• Microsoft Exchange Information Disclosure, apparitionsec
• Fwd: [CVE-2015-6940] Pentaho GA PDI & GA BA - Improper authentication allows unauthenticated access to configuration files, gregory draperi
• [security bulletin] HPSBGN03393 rev.2 - HP Operations Manager i, Remote Code Execution, security-alert
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Collaboration Assurance, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Server Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• APPLE-SA-2015-09-16-1 iOS 9, Apple Product Security
• APPLE-SA-2015-09-16-2 Xcode 7.0, Apple Product Security
• APPLE-SA-2015-09-16-3 iTunes 12.3, Apple Product Security
• Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912), Amit Klein
• APPLE-SA-2015-09-16-4 OS X Server 5.0.3, Apple Product Security
• [security bulletin] HPSBST03418 rev.1 - HP P6000 Command View Software, Remote Disclosure of Information, security-alert
• KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation, KoreLogic Disclosures
• [SECURITY] [DSA 3361-1] qemu security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3362-1] qemu-kvm security update, Salvatore Bonaccorso
• Defense in depth -- the Microsoft way (part 35): Windows Explorer ignores "Run as administrator" ..., Stefan Kanthak
• [SECURITY] [DSA 3363-1] owncloud-client security update, Luciano Bello
• SAP Netwaver - XML External Entity Injection, Lukasz Miedzinski
• CVE-2015-5372 SAML SP Authentication Bypass in nevisAuth, Antoine Neuenschwander
• Advisory: Insufficient Parameter Sanitization in login.live.com (Microsoft), securityresearch
• Jasig CAS server vulnerabilities, Antoni Klajn
• APPLE-SA-2015-09-21-1 watchOS 2, Apple Product Security
• [SECURITY] [DSA 3364-1] linux security update, Ben Hutchings
• Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
• UDID v1.0 iOS - Persistent Mail Encode Vulnerability, Vulnerability Lab
• [security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBGN03391 rev.1 - HP Universal CMDB Foundation, Discovery, Configuration Manager, and CMDB Browser running OpenSSL, Remote Disclosure of Information, security-alert
• Cisco AnyConnect elevation of privileges via DLL side loading, Securify B.V.
• [slackware-security] mozilla-firefox (SSA:2015-265-01), Slackware Security Team
• Open-Xchange Security Advisory 2015-09-23, Martin Heiland
• Reflected Cross-Site Scripting (XSS) in iTop, High-Tech Bridge Security Research
• Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability, Vulnerability Lab
• WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability, Vulnerability Lab
• UltraEdit v22.20 - Buffer Overflow Vulnerability, Vulnerability Lab
• Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• ESA-2015-142: RSA Archer® GRC Platform Multiple Vulnerabilities, Security Alert
• [SECURITY] [DSA 3365-1] iceweasel security update, Moritz Muehlenhoff
• Cisco AnyConnect elevation of privileges via DMG install script, Securify B.V.
• [SECURITY] [DSA 3366-1] rpcbind security update, Salvatore Bonaccorso
• BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting, appsec
• BMC-2015-0006: File inclusion vulnerability in "BIRT Engine" servlet used in BMC Remedy AR Reporting, appsec
• [SECURITY] [DSA 3367-1] wireshark security update, Moritz Muehlenhoff
• Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android, Shazron
• FortiManager v5.2.2 Multiple XSS Vulnerabilities, apparitionsec
• Insecure application-coupling in Good Authentication Delegation [MZ-15-03], modzero
• CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine, Portcullis Advisories
• CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine, Portcullis Advisories
• CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine, Portcullis Advisories
• [SECURITY] [DSA 3368-1] cyrus-sasl2 security update, Salvatore Bonaccorso
• [security bulletin] HPSBHF03513 rev.1 - HP PCs and Workstations running Windows and Linux with NVidia Graphics Driver, Local Denial of Service (DoS), Elevation of Privilege, security-alert
• Git-1.9.5 ssh-agent.exe Buffer Overflow, apparitionsec
  • <Possible follow-ups>
  • Git-1.9.5 ssh-agent.exe Buffer Overflow, apparitionsec
• CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
• CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
• Subject mail: CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin, ibemed
• My.WiFi USB Drive v1.0 iOS - File Include Vulnerability, Vulnerability Lab
• Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability, Vulnerability Lab
• WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, dev
    • RE: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Popovici, Alejo (LATCO - Buenos Aires)
      • Re: WinRAR SFX v5.21 - Remote Code Execution Vulnerability, Eugene Roshal
• NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability, Vulnerability Lab
• Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
• IconLover v5.4.5 - Stack Buffer Overflow Vulnerability, Vulnerability Lab
• Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000), Benjamin Daniel Mussler
• Remote privesc and RCE in Kaseya Virtual System Administrator, Pedro Ribeiro
• CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC, Ralf Spenneberg (OpenSource Security)
  • Re: CVE-2015-3938 Remote Permanent LoV (Loss of View) in Mitsubishi Melsec FX3G-24M PLC, Ralf Spenneberg
• ESA-2015-152: RSA Web Threat Detection Multiple Vulnerabilities, Security Alert
• ESA-2015-151: RSA® OneStep Path Traversal Vulnerability, Security Alert
• CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23, Marcello Duarte
• FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind, FreeBSD Security Advisories
• Apache James Server 2.3.2 security vulnerability fixed, Eric Charles