Mail Index
- LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection
- [SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7)
- From: Security Explorations
- Huawei Wimax routers vulnerable to multiple threats
- [SECURITY] [DSA 3408-1] gnutls26 security update
- From: Salvatore Bonaccorso
- Zenphoto 1.4.10 XSS Vulnerability
- Zenphoto 1.4.10 Local File Inclusion
- [SECURITY] [DSA 3410-1] icedove security update
- [SECURITY] [DSA 3409-1] putty security update
- From: Salvatore Bonaccorso
- Reflected Cross-Site Scripting (XSS) in SourceBans
- From: High-Tech Bridge Security Research
- Reflected XSS in Role Scoper WordPress Plugin
- From: High-Tech Bridge Security Research
- Reflected XSS in Ultimate Member WordPress Plugin
- From: High-Tech Bridge Security Research
- Remote File Inclusion in Gwolle Guestbook WordPress Plugin
- From: High-Tech Bridge Security Research
- Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin
- From: High-Tech Bridge Security Research
- SQLi Vulnerability in ATuter management system
- Gnome Nautilus [Denial of Service]
- WordPress Users Ultra Plugin [Blind SQL injection]
- WordPress Users Ultra Plugin [Persistence XSS]
- Ellucian Banner Student Vulnerability Disclosure
- [SECURITY] [DSA 3411-1] cups-filters security update
- [slackware-security] libpng (SSA:2015-337-01)
- From: Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2015-337-02)
- From: Slackware Security Team
- ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability
- [SECURITY] [DSA 3412-1] redis security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution
- [SECURITY] [DSA 3413-1] openssl security update
- From: Salvatore Bonaccorso
- KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass
- From: KoreLogic Disclosures
- FreeBSD Security Advisory FreeBSD-SA-15:26.openssl
- From: FreeBSD Security Advisories
- Edimax BR-6478AC & Others Multiple Vulnerabilites
- [SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932)
- [SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79)
- Command Injection in cool-video-gallery v1.9 Wordpress plugin
- Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege
- WebBoutiques Cms Cross-Site Scripting Vulnerability
- iScripts Multicart Cms Multiple Vulnerability
- Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege
- Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup
- [SECURITY] [DSA 3415-1] chromium-browser security update
- MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow
- WordPress Users Ultra Plugin [Blind SQL injection] - Update
- PHP File Inclusion in bitrix.mpbuilder Bitrix Module
- From: High-Tech Bridge Security Research
- XSS vulnerability in Intellect Core banking software - Polaris
- [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities
- APPLE-SA-2015-12-08-4 watchOS 2.1
- From: Apple Product Security
- Path Traversal via CSRF in bitrix.xscan Bitrix Module
- From: High-Tech Bridge Security Research
- [security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information
- Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege
- Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge)
- APPLE-SA-2015-12-08-1 iOS 9.2
- From: Apple Product Security
- APPLE-SA-2015-12-08-4 watchOS 2.1
- From: Apple Product Security
- APPLE-SA-2015-12-08-5 Safari 9.0.2
- From: Apple Product Security
- [security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information
- [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference
- From: CORE Advisories Team
- Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- APPLE-SA-2015-12-08-2 tvOS 9.1
- From: Apple Product Security
- [security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution
- [SECURITY] [DSA 3414-1] xen security update
- APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
- From: Apple Product Security
- Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability
- APPLE-SA-2015-12-08-6 Xcode 7.2
- From: Apple Product Security
- Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products
- From: Cisco Systems Product Security Incident Response Team
- SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities
- From: SEC Consult Vulnerability Lab
- BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability
- From: Blue Frost Security Research Lab
- WordPress <=v4.4 Username Exists Information Disclosure
- Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege
- ORGIN STUDIOS Cms Multiple Vulnerability
- APPLE-SA-2015-12-11-1 iTunes 12.3.2
- From: Apple Product Security
- [security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
- XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247
- Windows Authentication UI DLL side loading vulnerability
- COM+ Services DLL side loading vulnerability
- [SECURITY] [DSA 3416-1] libphp-phpmailer security update
- ECommerceMajor SQL Injection Vulnerability
- [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability
- [SECURITY] [DSA 3417-1] bouncycastle security update
- ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS
- phpback v1.1 XSS vulnerability
- Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370]
- From: Hector Marco-Gisbert
- [security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
- [SECURITY] [DSA 3418-1] chromium-browser security update
- Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta)
- [SECURITY] [DSA 3419-1] cups-filters security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3420-1] bind9 security update
- From: Salvatore Bonaccorso
- [slackware-security] libpng (SSA:2015-349-02)
- From: Slackware Security Team
- [slackware-security] bind (SSA:2015-349-01)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2015-349-04)
- From: Slackware Security Team
- libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506)
- From: Hans Jerry Illikainen
- RCE in Zen Cart via Arbitrary File Inclusion
- From: High-Tech Bridge Security Research
- SQL Injection in orion.extfeedbackform Bitrix Module
- From: High-Tech Bridge Security Research
- FreeBSD Security Advisory FreeBSD-SA-15:27.bind
- From: FreeBSD Security Advisories
- libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507)
- From: Hans Jerry Illikainen
- Event Viewer Snapin multiple DLL side loading vulnerabilities
- [security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
- Shutdown UX DLL side loading vulnerability
- Shockwave Flash Object DLL side loading vulnerability
- [SECURITY] [DSA 3422-1] iceweasel security update
- [SECURITY] [DSA 3421-1] grub2 security update
- [SECURITY] [DSA 3423-1] cacti security update
- [security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification
- [SECURITY] [DSA 3424-1] subversion security update
- [slackware-security] mozilla-firefox (SSA:2015-349-03)
- From: Slackware Security Team
- [SECURITY] [DSA 3337-2] gdk-pixbuf security update
- From: Salvatore Bonaccorso
- CVE-2015-5348 - Apache Camel medium disclosure vulnerability
- [SECURITY] [DSA 3425-1] tryton-server security update
- [SECURITY] [DSA 3425-1] tryton-server security update
- [oCERT 2015-011] PyAMF input sanitization errors (XXE)
- ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability
- [SECURITY] [DSA 3426-1] linux security update
- From: Salvatore Bonaccorso
- Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege
- [slackware-security] libpng (SSA:2015-351-02)
- From: Slackware Security Team
- [slackware-security] grub (SSA:2015-351-01)
- From: Slackware Security Team
- KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
- From: KoreLogic Disclosures
- [SECURITY] [DSA 3428-1] tomcat8 security update
- [SECURITY] [DSA 3427-1] blueman security update
- KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password
- From: KoreLogic Disclosures
- Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies
- Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege
- giflib: heap overflow in giffix (CVE-2015-7555)
- From: Hans Jerry Illikainen
- ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability
- [SECURITY] [DSA 3429-1] foomatic-filters security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass
- [security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification
- [security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access.
- Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution
- [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality
- From: RedTeam Pentesting GmbH
- DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability
- Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability
- Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability
- Lithium Forum - (previewImages) Persistent Vulnerability
- Switch v4.68 - Code Execution Vulnerability
- POP Peeper 4.0.1 - Persistent Code Execution Vulnerability
- Aeris Calandar v2.1 - Buffer Overflow Vulnerability
- ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability
- ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability
- Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16
- [slackware-security] blueman (SSA:2015-356-01)
- From: Slackware Security Team
- Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege
- [SECURITY] [DSA 3430-1] libxml2 security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-thunderbird (SSA:2015-357-01)
- From: Slackware Security Team
- AccessDiver V4.301 Buffer Overflow
- libtiff: invalid write (CVE-2015-7554)
- From: Hans Jerry Illikainen
- libtiff bmp file Heap Overflow (CVE-2015-8668)
- WebKitGTK+ Security Advisory WSA-2015-0002
- From: Carlos Alberto Lopez Perez
- [oCERT 2015-012] Ganeti multiple issues
- FTPShell Client v5.24 Buffer Overflow
- Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution
- Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang)
Mail converted by MHonArc