Mail Index
- [SECURITY] [DSA 3385-1] mariadb-10.0 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3386-1] unzip security update
- From: Laszlo Boszormenyi (GCS)
- TCPing 2.1.0 Buffer Overflow
- [SECURITY] [DSA 3387-1] openafs security update
- [SECURITY] [DSA 3388-1] ntp security update
- [SECURITY] [DSA 3381-2] openjdk-7 security update
- [SECURITY] [DSA 3389-1] elasticsearch end-of-life
- Cross-Site Scripting | Zeuscart V4
- Accentis Content Resource Management System - SQL
- Accentis Content Resource Management System - XSS
- CVE-2015-7326 (XXE vulnerability in Milton Webdav)
- [SECURITY] [DSA 3390-1] xen security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution
- [SECURITY] [DSA 3355-2] libvdpau regression update
- [security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code
- [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information
- [SECURITY] [DSA 3391-1] php-horde security update
- [security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege
- [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege
- [security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information
- [SECURITY] [DSA 3392-1] freeimage security update
- FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED]
- From: FreeBSD Security Advisories
- [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability
- [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability
- [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability
- [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability
- [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
- [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability
- Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3393-1] iceweasel security update
- [security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information
- SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products
- From: SEC Consult Vulnerability Lab
- Elasticsearch vulnerability CVE-2015-5377
- [SECURITY] [DSA 3394-1] libreoffice security update
- Elasticsearch vulnerability CVE-2015-4165
- NXFilter v3.0.3 CSRF
- NXFilter v3.0.3 Persistent / Reflected XSS
- CVE-2015-5619
- CVE-2015-5378
- [slackware-security] mozilla-nss (SSA:2015-310-02)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2015-310-01)
- From: Slackware Security Team
- [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities
- [SECURITY] [DSA 3395-1] krb5 security update
- From: Salvatore Bonaccorso
- TestLink 1.9.14 Persistent XSS
- TestLink 1.9.14 CSRF Vulnerability
- [SECURITY] [DSA 3386-2] unzip regression update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3396-1] linux security update
- From: Salvatore Bonaccorso
- Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099
- [SECURITY] [DSA 3397-1] wpa security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS)
- Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability
- [SECURITY] [DSA 3395-2] krb5 security update
- From: Salvatore Bonaccorso
- OpenBSD package 'net-snmp' information disclosure
- [slackware-security] seamonkey (SSA:2015-318-01)
- From: Slackware Security Team
- D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability
- /tmp race condition in IBM Installation Manager V1.8.1 install script
- [SECURITY] [DSA 3208-2] freexl regression update
- From: Salvatore Bonaccorso
- PHP Address Book SQL Injection Vulnerability
- CF Image Host PHP Command Injection
- CF Image Host CSRF
- CF Image Host XSS
- Dlink DIR-866L Buffer overflows in HNAP and send email functionalities
- Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L
- Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities.
- Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists
- Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities.
- Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality
- Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities
- Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities
- Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities
- Dlink DIR-645 UPNP Buffer Overflow
- Dlink DIR-601 Command injection in ping functionality
- Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities.
- Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality
- [security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information
- SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value
- CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability
- [SECURITY] [DSA 3398-1] strongswan security update
- LAN Scan HD v1.20 iOS - Command Inject Vulnerability
- Port Scan v2.0 iOS - Command Inject Vulnerability
- Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities
- Magento Bug Bounty #22 - (Profile) Persistent Vulnerability
- Murgent CMS - SQL Injection Vulnerability
- Free WMA MP3 Converter - Buffer Overflow Exploit (SEH)
- Open-Xchange Security Advisory 2015-11-17
- ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability
- WordPress Users Ultra Plugin [Unrestricted File Upload]
- [security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF)
- Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability
- RCE and SQL injection via CSRF in Horde Groupware
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3399-1] libpng security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF)
- IBM i Access Buffer Overflow Code Exec CVE-2015-2023
- IBM i Access Buffer Overflow Code DOS CVE-2015-7422
- CVE-2015-8131: Kibana CSRF vulnerability
- NEW VMSA-2015-0008 - VMware product updates address information disclosure issue
- From: VMware Security Response Center
- [security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS)
- [SECURITY] [DSA 3400-1] lxc security update
- From: Salvatore Bonaccorso
- Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions
- Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
- Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
- Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation
- Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation
- [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import
- [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS)
- [ERPSCAN-15-019] SAP Afaria - Stored XSS
- [ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE
- CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1
- Steam Weak File Permissions Privilege Escalation
- [SECURITY] [DSA 3402-1] symfony security update
- From: Salvatore Bonaccorso
- ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability
- [SECURITY] [DSA 3403-1] libcommons-collections3-java security update
- [slackware-security] pcre (SSA:2015-328-01)
- From: Slackware Security Team
- [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
- [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution
- CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability
- [SECURITY] [DSA 3404-1] python-django security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3406-1] nspr security update
- [SECURITY] [DSA 3405-1] smokeping security update
- [SECURITY] [DSA 3407-1] dpkg security update
- From: Salvatore Bonaccorso
- [FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report.
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Belkin N150 Wireless Home Router Multiple Vulnerabilities
- Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
- Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation
Mail converted by MHonArc