Mail Thread Index

• Date Index

• [SECURITY] [DSA 3385-1] mariadb-10.0 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3386-1] unzip security update, Laszlo Boszormenyi (GCS)
• TCPing 2.1.0 Buffer Overflow, apparitionsec
• [SECURITY] [DSA 3387-1] openafs security update, Florian Weimer
• [SECURITY] [DSA 3388-1] ntp security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3381-2] openjdk-7 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3389-1] elasticsearch end-of-life, Moritz Muehlenhoff
• Cross-Site Scripting | Zeuscart V4, ITAS Team
• Accentis Content Resource Management System - SQL, GalaxyCVEcollector
• Accentis Content Resource Management System - XSS, GalaxyCVEcollector
• CVE-2015-7326 (XXE vulnerability in Milton Webdav), 0ang3el
• [SECURITY] [DSA 3390-1] xen security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution, security-alert
• [SECURITY] [DSA 3355-2] libvdpau regression update, Alessandro Ghedini
• [security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code, security-alert
• [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure of Information, security-alert
• [SECURITY] [DSA 3391-1] php-horde security update, Florian Weimer
• [security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege, security-alert
• [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege, security-alert
• [security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3392-1] freeimage security update, Sebastien Delafond
• FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED], FreeBSD Security Advisories
• [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability, Egidio Romano
• [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability, Egidio Romano
• [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability, Egidio Romano
• [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability, Egidio Romano
• [KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability, Egidio Romano
• [KIS-2015-10] Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability, Egidio Romano
• Cisco Security Advisory: Cisco AsyncOS TCP Flood Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Cache Reply Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Range Request Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Mobility Services Engine Static Credential Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Mobility Services Engine Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Certificate Generation Command Injection Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3393-1] iceweasel security update, Moritz Muehlenhoff
• [security bulletin] HPSBGN03519 rev.1 - HP Project and Portfolio Management Center, Remote Disclosure of Information, security-alert
• SEC Consult SA-20151105-0 :: Insecure default configuration in Ubiquiti Networks products, SEC Consult Vulnerability Lab
• Elasticsearch vulnerability CVE-2015-5377, Kevin Kluge
• [SECURITY] [DSA 3394-1] libreoffice security update, Moritz Muehlenhoff
• Elasticsearch vulnerability CVE-2015-4165, Kevin Kluge
• NXFilter v3.0.3 CSRF, apparitionsec
• NXFilter v3.0.3 Persistent / Reflected XSS, apparitionsec
• CVE-2015-5619, Suyog Rao
• CVE-2015-5378, Suyog Rao
• [slackware-security] mozilla-nss (SSA:2015-310-02), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2015-310-01), Slackware Security Team
• [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities, Timothy Bish
• [SECURITY] [DSA 3395-1] krb5 security update, Salvatore Bonaccorso
• TestLink 1.9.14 Persistent XSS, Aravind
• TestLink 1.9.14 CSRF Vulnerability, Aravind
• [SECURITY] [DSA 3386-2] unzip regression update, Salvatore Bonaccorso
• [SECURITY] [DSA 3396-1] linux security update, Salvatore Bonaccorso
• Microsoft .NET Framework XSS / Elevation of Privilege CVE-2015-6099, apparitionsec
• [SECURITY] [DSA 3397-1] wpa security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03507 rev.2 - HP Arcsight Management Center, Arcsight Logger, Remote Cross-Site Scripting (XSS), security-alert
• Secunia Research: Google Picasa CAMF Section Integer Overflow Vulnerability, Secunia Research
• [SECURITY] [DSA 3395-2] krb5 security update, Salvatore Bonaccorso
• OpenBSD package 'net-snmp' information disclosure, Pierre Kim
• [slackware-security] seamonkey (SSA:2015-318-01), Slackware Security Team
• D-link wireless router DIR-816L Cross-Site Request Forgery (CSRF) vulnerability, bhadresh . patel
• /tmp race condition in IBM Installation Manager V1.8.1 install script, larry0
• [SECURITY] [DSA 3208-2] freexl regression update, Salvatore Bonaccorso
• PHP Address Book SQL Injection Vulnerability, Rahul Pratap Singh
• CF Image Host PHP Command Injection, apparitionsec
• CF Image Host CSRF, apparitionsec
• CF Image Host XSS, apparitionsec
• Dlink DIR-866L Buffer overflows in HNAP and send email functionalities, samhuntley84
• Dlink SSDP command injection using UDP for a lot of Dlink routers including DIR-815, DIR-850L, samhuntley84
• Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities., samhuntley84
  • <Possible follow-ups>
  • Dlink DIR-880L Buffer overflows in authenticatio and HNAP functionalities., samhuntley84
• Dlink DIR-825 (vC) Buffer overflows in authentication,HNAP and ping functionalities and also directory traversal issue exists, samhuntley84
• Dlink DIR-890L/R Buffer overflows in authentication and HNAP functionalities., samhuntley84
• Dlink DIR-615 Authenticated Buffer overflow in Ping and Send email functionality, samhuntley84
• Dlink DIR-818W Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
• Dlink DIR-817LW Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
• Dlink DIR-815 Buffer overflows and Command injection in authentication and HNAP functionalities, samhuntley84
• Dlink DIR-645 UPNP Buffer Overflow, samhuntley84
• Dlink DIR-601 Command injection in ping functionality, samhuntley84
• Dlink DGL5500 Un-Authenticated Buffer overflow in HNAP functionality, samhuntley84
• [security bulletin] HPSBGN03428 rev.3 - HP Asset Manager Web UI Client, Local Disclosure of Sensitive Information, security-alert
• SYSS-2015-061 Wirecard Checkout Page - Improper Validation of Integrity Check Value, martin . sturm
• CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability, Matthew Flanagan
• [SECURITY] [DSA 3398-1] strongswan security update, Yves-Alexis Perez
• LAN Scan HD v1.20 iOS - Command Inject Vulnerability, Vulnerability Lab
• Port Scan v2.0 iOS - Command Inject Vulnerability, Vulnerability Lab
• Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities, Vulnerability Lab
• Magento Bug Bounty #22 - (Profile) Persistent Vulnerability, Vulnerability Lab
• Murgent CMS - SQL Injection Vulnerability, Vulnerability Lab
• Free WMA MP3 Converter - Buffer Overflow Exploit (SEH), Vulnerability Lab
• Open-Xchange Security Advisory 2015-11-17, Martin Heiland
• ESA-2015-163: EMC VPLEX Sensitive Information Exposure Vulnerability, Security Alert
• WordPress Users Ultra Plugin [Unrestricted File Upload], pan . vagenas
• [security bulletin] HPSBGN03521 rev.1 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF), security-alert
• Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability, Vulnerability Lab
• RCE and SQL injection via CSRF in Horde Groupware, High-Tech Bridge Security Research
• [SECURITY] [DSA 3399-1] libpng security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03521 rev.2 - HP Operations Orchestration Central, Cross-Site Request Forgery (CSRF), security-alert
• IBM i Access Buffer Overflow Code Exec CVE-2015-2023, apparitionsec
• IBM i Access Buffer Overflow Code DOS CVE-2015-7422, apparitionsec
• CVE-2015-8131: Kibana CSRF vulnerability, Kevin Kluge
• NEW VMSA-2015-0008 - VMware product updates address information disclosure issue, VMware Security Response Center
• [security bulletin] HPSBUX03522 SSRT102942 rev.1 - HP-UX BIND running named, Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 3400-1] lxc security update, Salvatore Bonaccorso
• Fwd: CVE-2015-5256: Apache Cordova vulnerable to improper application of whitelist restrictions, Shazron
• Fwd: CVE-2015-5257 - Weak Randomization of BridgeSecret for Apache Cordova Android, Shazron
• Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
  • <Possible follow-ups>
  • Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd v1.3.5a ZERODAY - Heap Overflows due to zero length mallocs. Advanced Information Security Corporation, Nicholas Lemonias.
• Proftpd ZERODAY - Malloc issues Advanced Information Security Corporation, Nicholas Lemonias.
• Proftpd v1.3.5a ZERODAY - Malloc issues Advanced Information Security Corporation, Nicholas Lemonias.
• [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import, ERPScan inc
• [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS), Manuel Mancera
• [ERPSCAN-15-019] SAP Afaria - Stored XSS, ERPScan inc
• [ERPSCAN-15-018] SAP NetWeaver 7.4 - XXE, ERPScan inc
• CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1, Christofer Dutz
• Steam Weak File Permissions Privilege Escalation, ajs
• [SECURITY] [DSA 3402-1] symfony security update, Salvatore Bonaccorso
• ESA-2015-164: EMC Isilon OneFS Privilege Escalation Vulnerability, Security Alert
• [SECURITY] [DSA 3403-1] libcommons-collections3-java security update, Moritz Muehlenhoff
• [slackware-security] pcre (SSA:2015-328-01), Slackware Security Team
• [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution, security-alert
  • <Possible follow-ups>
  • [security bulletin] HPSBGN03523 rev.1 - HP Loadrunner Virtual Table Server, Remote Code Execution, security-alert
• CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3404-1] python-django security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3406-1] nspr security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3405-1] smokeping security update, Florian Weimer
• [SECURITY] [DSA 3407-1] dpkg security update, Salvatore Bonaccorso
• [FD] Visual Paradigm Server v10.0 - Cross Site Scripting (XSS), Manuel Mancera
• Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • <Possible follow-ups>
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, aiscorp
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, lem . nikolas
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
  • Proftpd 1.3.5a LATEST 0day Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.
• Proftpd 1.3.5a LATEST 0day (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation Audit Report., Nicholas Lemonias.
• Belkin N150 Wireless Home Router Multiple Vulnerabilities, Rahul Pratap Singh
• Proftpd 1.3.5a LATEST (0-day) Follow-up report (Part 2), Patch released!! 29/11/2015 --- Advanced Information Security Corporation, Nicholas Lemonias.