Mail Index
- Re: Cisco AnyConnect elevation of privileges via DMG install script
- APPLE-SA-2015-09-30-01 iOS 9.0.2
- From: Apple Product Security
- [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information
- APPLE-SA-2015-09-30-2 Safari 9
- From: Apple Product Security
- APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
- From: Apple Product Security
- [SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt
- [SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass
- [SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass
- [SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt
- [SYSS-2015-005] Kaspersky Total Security - Authentication Bypass
- [SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt
- [SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt
- [SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt
- [SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass
- [SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass
- [security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass
- [security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities
- LanSpy 2.0.0.155 Buffer Overflow
- Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
- A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin
- Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin
- Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin
- Reflected Cross-Site Scripting (XSS) in SourceBans
- From: High-Tech Bridge Security Research
- Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting
- Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
- ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage
- From: jerzy . patraszewski
- FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED]
- From: FreeBSD Security Advisories
- Qualys Security Advisory - OpenSMTPD Audit Report
- From: Qualys Security Advisory
- [ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution
- [SYSS-2015-039] CSRF in OpenText Secure MFT
- CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
- FTGate 2009 Build 6.4.00 CSRF Vulnerabilities
- [security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information
- [slackware-security] php (SSA:2015-274-02)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2015-274-01)
- From: Slackware Security Team
- [slackware-security] seamonkey (SSA:2015-274-03)
- From: Slackware Security Team
- [security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege
- LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow
- Advisory: web-based VM detection and coarse-grained fingerprinting
- Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
- Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver)
- TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
- TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390
- Zope Management Interface CSRF vulnerabilities
- Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
- [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin
- [SECURITY] [DSA 3370-1] freetype security update
- [SECURITY] [DSA 3369-1] zendframework security update
- Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
- Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
- RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img
- A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE
- [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
- Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost
- Potential vulnerabilites in PayPal Beacons
- [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass
- From: RedTeam Pentesting GmbH
- Veeam Backup & Replication Local Privilege Escalation Vulnerability
- WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability
- PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability
- W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability
- FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability
- Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
- [SECURITY] [DSA 3371-1] spice security update
- From: Salvatore Bonaccorso
- ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities
- Multiple Vulnerabilities found in ZHONE
- [SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials
- [SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection
- Multiple Remote Code Execution found in ZHONE
- CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin
- CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
- CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin
- AdobeWorkgroupHelper Stack Based Buffer Overflow
- [SECURITY] [DSA 3372-1] linux security update
- Boolean-based SQL injection Vulnerability in K2 Platforms
- [security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information
- [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability
- US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research
- Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow
- PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability
- Freemake Video Downloader 3.7.1 - Code Execution Vulnerability
- [security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities
- [security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities
- APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6
- From: Apple Product Security
- [ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD
- From: ISecAuditors Security Advisories
- Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334)
- From: Qualys Security Advisory
- Events Made Easy WordPress plugin CSRF + Persistent XSS
- ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access
- [SECURITY] [DSA 3373-1] owncloud security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3374-1] postgresql-9.4 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3375-1] wordpress security update
- [SECURITY] [DSA 3376-1] chromium-browser security update
- [SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42)
- From: Security Explorations
- SiteWIX - (edit_photo2.php id) SQL Injection Exploit
- Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2015-10-21-1 iOS 9.1
- From: Apple Product Security
- APPLE-SA-2015-10-21-2 watchOS 2.0.1
- From: Apple Product Security
- APPLE-SA-2015-10-21-3 Safari 9.0.1
- From: Apple Product Security
- APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
- From: Apple Product Security
- APPLE-SA-2015-10-21-5 iTunes 12.3.1
- From: Apple Product Security
- APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002
- From: Apple Product Security
- APPLE-SA-2015-10-21-7 Xcode 7.1
- From: Apple Product Security
- APPLE-SA-2015-10-21-8 OS X Server 5.0.15
- From: Apple Product Security
- Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
- From: Cisco Systems Product Security Incident Response Team
- TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
- Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
- SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities
- From: SEC Consult Vulnerability Lab
- Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE
- CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution
- [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information
- [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
- [SECURITY] [DSA 3377-1] mysql-5.5 security update
- From: Salvatore Bonaccorso
- Fwd: Timing attack vulnerability in most Zeus server-sides
- [SECURITY] [DSA 3379-1] miniupnpc security update
- From: Salvatore Bonaccorso
- AlienVault OSSIM 4.3 CSRF vulnerability report
- From: mohammadreza . mohajerani
- AlienVault OSSIM 4.3 CSRF
- From: mohammadreza . mohajerani
- FreeBSD Security Advisory FreeBSD-SA-15:25.ntp
- From: FreeBSD Security Advisories
- Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities
- Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability
- MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow
- MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC)
- [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability
- [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
- [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability
- [SECURITY] [DSA 3380-1] php5 security update
- [SECURITY] [DSA 3381-1] openjdk-7 security update
- Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE
- [SECURITY] [DSA 3382-1] phpmyadmin security update
- CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
- From: Portcullis Advisories
- CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver
- From: Portcullis Advisories
- Cross-Site Request Forgery on Oxwall
- From: High-Tech Bridge Security Research
- [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability
- [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability
- [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
- [SECURITY] [DSA 3332-2] wordpress regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3383-1] wordpress security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3384-1] virtualbox security update
- [slackware-security] ntp (SSA:2015-302-03)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2015-302-01)
- From: Slackware Security Team
- PHP Server Monitor 3.1.1 CSRF
- PHP Server Monitor 3.1.1 Privilege Escalation
- [slackware-security] jasper (SSA:2015-302-02)
- From: Slackware Security Team
Mail converted by MHonArc