Mail Thread Index

• Date Index

• Re: Cisco AnyConnect elevation of privileges via DMG install script, Securify B.V.
• APPLE-SA-2015-09-30-01 iOS 9.0.2, Apple Product Security
• [security bulletin] HPSBST03502 rev.1 - HP 3PAR Service Processor (SP) SPOCC, Remote Disclosure of Information, security-alert
• APPLE-SA-2015-09-30-2 Safari 9, Apple Product Security
• APPLE-SA-2015-09-30-3 OS X El Capitan 10.11, Apple Product Security
• [SYSS-2015-010] Kaspersky Anti-Virus - Use of One-Way Hash withouth a Salt, matthias . deeg
• [SYSS-2015-007] Kaspersky Internet Security - Authentication Bypass, matthias . deeg
• [SYSS-2015-009] Kaspersky Anti-Virus - Authentication Bypass, matthias . deeg
• [SYSS-2015-008] Kaspersky Internet Security - Use of One-Way Hash withouth a Salt, matthias . deeg
• [SYSS-2015-005] Kaspersky Total Security - Authentication Bypass, matthias . deeg
• [SYSS-2015-006] Kaspersky Total Security - Use of One-Way Hash withouth a Salt, matthias . deeg
• [SYSS-2015-004] Kaspersky Small Office Security - Use of One-Way Hash withouth a Salt, matthias . deeg
• [SYSS-2015-002] Kaspersky Endpoint Security - Use of One-Way Hash withouth a Salt, matthias . deeg
• [SYSS-2015-003] Kaspersky Small Office Security - Authentication Bypass, matthias . deeg
• [SYSS-2015-001] Kaspersky Endpoint Security - Authentication Bypass, matthias . deeg
• [security bulletin] HPSBGN03424 rev.1 - HP Cloud Service Automation, Remote Authentication Bypass, security-alert
• [security bulletin] HPSBPV03516 rev.1 - HP VAN SDN Controller, Multiple Vulnerabilities, security-alert
• LanSpy 2.0.0.155 Buffer Overflow, apparitionsec
• Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin, ibemed
• A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin, ibemed
• Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin, ibemed
• Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin, ibemed
• Reflected Cross-Site Scripting (XSS) in SourceBans, High-Tech Bridge Security Research
• Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting, appsec
• Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting, appsec
• ZTE GPON F427 and possibly F460/F600 - authorization bypass and cleartext password storage, jerzy . patraszewski
• FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind [REVISED], FreeBSD Security Advisories
• Qualys Security Advisory - OpenSMTPD Audit Report, Qualys Security Advisory
• [ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution, Pedro Ribeiro
• [SYSS-2015-039] CSRF in OpenText Secure MFT, adrian . vollmer
• CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability, Specto
• FTGate 2009 Build 6.4.00 CSRF Vulnerabilities, apparitionsec
• [security bulletin] HPSBST03418 rev.2 - HP P6000 Command View Software, Remote Disclosure of Information, security-alert
• [slackware-security] php (SSA:2015-274-02), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2015-274-01), Slackware Security Team
• [slackware-security] seamonkey (SSA:2015-274-03), Slackware Security Team
• [security bulletin] HPSBUX03359 SSRT102094 rev.2 - HP-UX pppoec, local elevation of privilege, security-alert
• LanWhoIs.exe 1.0.1.120 Stack Buffer Overflow, apparitionsec
• Advisory: web-based VM detection and coarse-grained fingerprinting, Amit Klein
• Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img, Alexandre Herzog
  • Message not available
    • RE: Authentication Bypass in Netgear Router Firmware N300_1.1.0.31_1.0.1.img and N300-1.1.0.28_1.0.1.img, Alexandre Herzog
• Local RedHat Enterprise Linux DoS – RHEL 7.3 Kernel crashes on invalid USB device descriptors (usbvision driver), Ralf Spenneberg
  • Re: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver), Ralf Spenneberg
• TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391, Onur Yilmaz
• TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390, Onur Yilmaz
• Zope Management Interface CSRF vulnerabilities, apparitionsec
• Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), Nicholas Lemonias.
  • <Possible follow-ups>
  • Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), lem . nikolas
  • Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows), Nicholas Lemonias.
• [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin, ibeptaz
• [SECURITY] [DSA 3370-1] freetype security update, Alessandro Ghedini
• [SECURITY] [DSA 3369-1] zendframework security update, Alessandro Ghedini
• A comprehensive study of Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update, RCE, Pierre Kim
• [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities, Matteo Beccati
• Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost, Nicholas Lemonias.
• Potential vulnerabilites in PayPal Beacons, securityresearch
• [RT-SA-2015-006] Buffalo LinkStation Authentication Bypass, RedTeam Pentesting GmbH
• Veeam Backup & Replication Local Privilege Escalation Vulnerability, ascii
• WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability, Vulnerability Lab
• PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability, Vulnerability Lab
• W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability, Vulnerability Lab
• FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3371-1] spice security update, Salvatore Bonaccorso
• ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities, Security Alert
• Multiple Vulnerabilities found in ZHONE, lyon . yang . s
• [SYSS-2015-037] MATESO Password Safe and Repository Enterprise - Insufficiently Protected Credentials, matthias . deeg
• [SYSS-2015-034] MATESO Password Safe and Repository Enterprise - SQL Injection, matthias . deeg
• Multiple Remote Code Execution found in ZHONE, lyon . yang . s
• CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin, grajalerts
• CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin, grajalerts
• CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin, grajalerts
• AdobeWorkgroupHelper Stack Based Buffer Overflow, apparitionsec
• [SECURITY] [DSA 3372-1] linux security update, Ben Hutchings
• Boolean-based SQL injection Vulnerability in K2 Platforms, wissam . bashour
• [security bulletin] HPSBGN03515 rev.1 - HP Smart Profile Server Data Analytics Layer (SPS DAL), Remote Cross-Site-Scripting (XSS), Disclosure of Information, security-alert
• [CVE-2015-2552] Windows 8+ - Trusted Boot Security Feature Bypass Vulnerability, Myria
• US DoD's Dc3dd v7.2.6 suffers from a Buffer Overflow vulnerability - Advanced Information Security Corporation - Zero Day Research, Nicholas Lemonias.
• Blat.exe v2.7.6 SMTP / NNTP Mailer Buffer Overflow, apparitionsec
• PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability, Vulnerability Lab
• Freemake Video Downloader 3.7.1 - Code Execution Vulnerability, Vulnerability Lab
• [security bulletin] HPSBUX03512 SSRT102254 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS) and Other Vulnerabilities, security-alert
• [security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities, security-alert
• APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6, Apple Product Security
• [ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD, ISecAuditors Security Advisories
• Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334), Qualys Security Advisory
• Events Made Easy WordPress plugin CSRF + Persistent XSS, David Sopas
• ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access, ERPScan inc
• [SECURITY] [DSA 3373-1] owncloud security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3374-1] postgresql-9.4 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3375-1] wordpress security update, Yves-Alexis Perez
• [SECURITY] [DSA 3376-1] chromium-browser security update, Michael Gilbert
• [SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42), Security Explorations
• SiteWIX - (edit_photo2.php id) SQL Injection Exploit, ZoRLu Bugrahan
• Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
  • <Possible follow-ups>
  • Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• APPLE-SA-2015-10-21-1 iOS 9.1, Apple Product Security
• APPLE-SA-2015-10-21-2 watchOS 2.0.1, Apple Product Security
• APPLE-SA-2015-10-21-3 Safari 9.0.1, Apple Product Security
• APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007, Apple Product Security
• APPLE-SA-2015-10-21-5 iTunes 12.3.1, Apple Product Security
• APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002, Apple Product Security
• APPLE-SA-2015-10-21-7 Xcode 7.1, Apple Product Security
• APPLE-SA-2015-10-21-8 OS X Server 5.0.15, Apple Product Security
• Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015, Cisco Systems Product Security Incident Response Team
• TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
  • <Possible follow-ups>
  • Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
  • Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE, scurippio
• SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities, SEC Consult Vulnerability Lab
• CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution, David Black
• [security bulletin] HPSBGN03428 rev.1 - HP Asset Manager, Local Disclosure of Sensitive Information, security-alert
• [security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3377-1] mysql-5.5 security update, Salvatore Bonaccorso
• Fwd: Timing attack vulnerability in most Zeus server-sides, rotem kerner
• [SECURITY] [DSA 3379-1] miniupnpc security update, Salvatore Bonaccorso
• AlienVault OSSIM 4.3 CSRF vulnerability report, mohammadreza . mohajerani
• AlienVault OSSIM 4.3 CSRF, mohammadreza . mohajerani
• FreeBSD Security Advisory FreeBSD-SA-15:25.ntp, FreeBSD Security Advisories
• Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities, Secunia Research
• Secunia Research: Google Picasa Phase One Tags Processing Integer Overflow Vulnerability, Secunia Research
• MacOS X 10.11 FTS Deep structure of the file system Buffer Overflow, submit
• MacOS X 10.11 hardlink bomb cause resource exhaustion (Avast PoC), submit
• [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability, ERPScan inc
• [ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability, ERPScan inc
• [ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability, ERPScan inc
• [SECURITY] [DSA 3380-1] php5 security update, Florian Weimer
• [SECURITY] [DSA 3381-1] openjdk-7 security update, Moritz Muehlenhoff
• Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE, Stefan Kanthak
• [SECURITY] [DSA 3382-1] phpmyadmin security update, Thijs Kinkhorst
• CVE-2015-7724 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver, Portcullis Advisories
• CVE-2015-7723 - Privilege Escalation Via Symlink Attacks On POSIX Shared Memory With Insecure Permissions In AMD fglrx-driver, Portcullis Advisories
• Cross-Site Request Forgery on Oxwall, High-Tech Bridge Security Research
• [ERPSCAN-15-028] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
• [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
• [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability, ERPScan inc
• [SECURITY] [DSA 3332-2] wordpress regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 3383-1] wordpress security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3384-1] virtualbox security update, Moritz Muehlenhoff
• [slackware-security] ntp (SSA:2015-302-03), Slackware Security Team
• [slackware-security] curl (SSA:2015-302-01), Slackware Security Team
• PHP Server Monitor 3.1.1 CSRF, apparitionsec
• PHP Server Monitor 3.1.1 Privilege Escalation, apparitionsec
• [slackware-security] jasper (SSA:2015-302-02), Slackware Security Team