Mail Thread Index

• Date Index

• LSE Leading Security Experts GmbH - LSE-2015-10-14 - HumHub SQL-Injection, advisories
• [SE-2014-02] Errata document for Issue 42 (CVE-2015-4871 affecting Java SE 7), Security Explorations
• Huawei Wimax routers vulnerable to multiple threats, Pierre Kim
• [SECURITY] [DSA 3408-1] gnutls26 security update, Salvatore Bonaccorso
• Zenphoto 1.4.10 XSS Vulnerability, apparitionsec
• Zenphoto 1.4.10 Local File Inclusion, apparitionsec
• [SECURITY] [DSA 3410-1] icedove security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3409-1] putty security update, Salvatore Bonaccorso
• Reflected Cross-Site Scripting (XSS) in SourceBans, High-Tech Bridge Security Research
• Reflected XSS in Role Scoper WordPress Plugin, High-Tech Bridge Security Research
• Reflected XSS in Ultimate Member WordPress Plugin, High-Tech Bridge Security Research
• Remote File Inclusion in Gwolle Guestbook WordPress Plugin, High-Tech Bridge Security Research
• Two Reflected XSS Vulnerabilities in Calls to Action WordPress plugin, High-Tech Bridge Security Research
• SQLi Vulnerability in ATuter management system, sirus . shahini
• Gnome Nautilus [Denial of Service], pan . vagenas
• WordPress Users Ultra Plugin [Blind SQL injection], pan . vagenas
• WordPress Users Ultra Plugin [Persistence XSS], pan . vagenas
• Ellucian Banner Student Vulnerability Disclosure, sean . dillon
• [SECURITY] [DSA 3411-1] cups-filters security update, Moritz Muehlenhoff
• [slackware-security] libpng (SSA:2015-337-01), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2015-337-02), Slackware Security Team
• ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability, Security Alert
• [SECURITY] [DSA 3412-1] redis security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03525 rev.1: HP Performance Center Virtual Table Server, Remote Code Execution, security-alert
• [SECURITY] [DSA 3413-1] openssl security update, Salvatore Bonaccorso
• KL-001-2015-006 : Linksys EA6100 Wireless Router Authentication Bypass, KoreLogic Disclosures
• FreeBSD Security Advisory FreeBSD-SA-15:26.openssl, FreeBSD Security Advisories
• Edimax BR-6478AC & Others Multiple Vulnerabilites, mwinstead3790
• [SYSS-2015-046] sysPass - Insecure Direct Object References (CWE-932), disclosure
• [SYSS-2015-047] sysPass - Cross-Site Scripting (CWE-79), disclosure
• Command Injection in cool-video-gallery v1.9 Wordpress plugin, Larry Cashdollar
• Executable installers are vulnerable^WEVIL (case 6): SumatraPDF-*-installer.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• WebBoutiques Cms Cross-Site Scripting Vulnerability, iedb . team
• iScripts Multicart Cms Multiple Vulnerability, iedb . team
• Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege, Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 5): JRSoft InnoSetup, Stefan Kanthak
• [SECURITY] [DSA 3415-1] chromium-browser security update, Michael Gilbert
• MacOS/iPhone/Apple Watch/Apple TV libc File System Buffer Overflow, submit
• WordPress Users Ultra Plugin [Blind SQL injection] - Update, Panagiotis Vagenas
• PHP File Inclusion in bitrix.mpbuilder Bitrix Module, High-Tech Bridge Security Research
• XSS vulnerability in Intellect Core banking software - Polaris, msahu
• [CVE-2015-7706] SECURE DATA SPACE API Multiple Non-Persistent Cross-Site Scripting Vulnerabilities, Vogt, Thomas
• APPLE-SA-2015-12-08-4 watchOS 2.1, Apple Product Security
  • <Possible follow-ups>
  • APPLE-SA-2015-12-08-4 watchOS 2.1, Apple Product Security
• Path Traversal via CSRF in bitrix.xscan Bitrix Module, High-Tech Bridge Security Research
• [security bulletin] HPSBMU03520 rev.1 - HP Insight Control server provisioning, Remote Disclosure of Information, security-alert
• Executable installers are vulnerable^WEVIL (case 9): Chrome's setup.exe allows arbitrary code execution and escalation of privilege, Stefan Kanthak
• Advisory: Arro and Other Android Taxi Hailing Apps Did Not Use SSL (Mobile Knowledge), securityresearch
• APPLE-SA-2015-12-08-1 iOS 9.2, Apple Product Security
• APPLE-SA-2015-12-08-5 Safari 9.0.2, Apple Product Security
• [security bulletin] HPSBHF03433 SSRT102964 rev.1 - HP-UX Running Mozilla Firefox and Thunderbird, Remote Disclosure of Information, security-alert
• [CORE-2015-0014] - Microsoft Windows Media Center link file incorrectly resolved reference, CORE Advisories Team
• Cisco Security Advisory: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability, Cisco Systems Product Security Incident Response Team
• APPLE-SA-2015-12-08-2 tvOS 9.1, Apple Product Security
• [security bulletin] HPSBHF03432 rev.1 - HPE Networking Comware 5, Comware 5 Low Encryption SW, Comware 7, VCX Using NTP, Remote Access Restriction Bypass and Code Execution, security-alert
• [SECURITY] [DSA 3414-1] xen security update, Moritz Muehlenhoff
• APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008, Apple Product Security
• Secunia Research: Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow Vulnerability, Secunia Research
• APPLE-SA-2015-12-08-6 Xcode 7.2, Apple Product Security
• Cisco Security Advisory: Vulnerability in Java Deserialization Affecting Cisco Products, Cisco Systems Product Security Incident Response Team
• SEC Consult SA-20151210-0 :: Skybox Platform Multiple Vulnerabilities, SEC Consult Vulnerability Lab
• BFS-SA-2015-003: Internet Explorer CObjectElement Use-After-Free Vulnerability, Blue Frost Security Research Lab
• WordPress <=v4.4 Username Exists Information Disclosure, John SECURELI.com
• Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege, Stefan Kanthak
• ORGIN STUDIOS Cms Multiple Vulnerability, iedb . team
• APPLE-SA-2015-12-11-1 iTunes 12.3.2, Apple Product Security
• [security bulletin] HPSBHF03431 rev.1 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities, security-alert
• XSS Vulnerability in Synnefo Client for Synnefo IMS 2015 - CVE-2015-8247, Aravind
• Windows Authentication UI DLL side loading vulnerability, Securify B.V.
• COM+ Services DLL side loading vulnerability, Securify B.V.
• [SECURITY] [DSA 3416-1] libphp-phpmailer security update, Luciano Bello
• ECommerceMajor SQL Injection Vulnerability, Rahul Pratap Singh
• [ERPSCAN-15-021] SAP NetWeaver 7.4 - SQL Injection vulnerability, ERPScan inc
• [SECURITY] [DSA 3417-1] bouncycastle security update, Luciano Bello
• ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS, ERPScan inc
• phpback v1.1 XSS vulnerability, apparitionsec
• Back to 28: Grub2 Authentication Bypass 0-Day [CVE-2015-8370], Hector Marco-Gisbert
• [security bulletin] HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), security-alert
• [SECURITY] [DSA 3418-1] chromium-browser security update, Michael Gilbert
• Executable installers are vulnerable^WEVIL (case 10): McAfee Security Scan Plus, WebAdvisor and CloudAV (Beta), Stefan Kanthak
• [SECURITY] [DSA 3419-1] cups-filters security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3420-1] bind9 security update, Salvatore Bonaccorso
• [slackware-security] libpng (SSA:2015-349-02), Slackware Security Team
• [slackware-security] bind (SSA:2015-349-01), Slackware Security Team
• [slackware-security] openssl (SSA:2015-349-04), Slackware Security Team
• libnsgif: stack overflow (CVE-2015-7505) and out-of-bounds read (CVE-2015-7506), Hans Jerry Illikainen
• RCE in Zen Cart via Arbitrary File Inclusion, High-Tech Bridge Security Research
• SQL Injection in orion.extfeedbackform Bitrix Module, High-Tech Bridge Security Research
• FreeBSD Security Advisory FreeBSD-SA-15:27.bind, FreeBSD Security Advisories
• libnsbmp: heap overflow (CVE-2015-7508) and out-of-bounds read (CVE-2015-7507), Hans Jerry Illikainen
• Event Viewer Snapin multiple DLL side loading vulnerabilities, Securify B.V.
• [security bulletin] HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS), security-alert
• Shutdown UX DLL side loading vulnerability, Securify B.V.
• Shockwave Flash Object DLL side loading vulnerability, Securify B.V.
• [SECURITY] [DSA 3422-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3421-1] grub2 security update, Luciano Bello
• [SECURITY] [DSA 3423-1] cacti security update, Luciano Bello
• [security bulletin] HPSBHF03528 rev.1 - HP Network Products running VCX, Remote Unauthorized Modification, security-alert
• [SECURITY] [DSA 3424-1] subversion security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2015-349-03), Slackware Security Team
• [SECURITY] [DSA 3337-2] gdk-pixbuf security update, Salvatore Bonaccorso
• CVE-2015-5348 - Apache Camel medium disclosure vulnerability, Claus Ibsen
• [SECURITY] [DSA 3425-1] tryton-server security update, Luciano Bello
  • <Possible follow-ups>
  • [SECURITY] [DSA 3425-1] tryton-server security update, Luciano Bello
• [oCERT 2015-011] PyAMF input sanitization errors (XXE), Daniele Bianco
• ESA-2015-148: EMC Isilon OneFS Security Privilege Escalation Vulnerability, Security Alert
• [SECURITY] [DSA 3426-1] linux security update, Salvatore Bonaccorso
• Executable uninstallers are vulnerable^WEVIL (case 12): Avira Registry Cleaner allows arbitrary code execution with escalation of privilege, Stefan Kanthak
• [slackware-security] libpng (SSA:2015-351-02), Slackware Security Team
• [slackware-security] grub (SSA:2015-351-01), Slackware Security Team
• KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address, KoreLogic Disclosures
• [SECURITY] [DSA 3428-1] tomcat8 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3427-1] blueman security update, Moritz Muehlenhoff
• KL-001-2015-007 : Seagate GoFlex Satellite Remote Telnet Default Password, KoreLogic Disclosures
• Almost no resp. only some mitigation(s) for "DLL hijacking" via load-time dependencies, Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 13): ESET NOD32 antivirus installer allows remote code execution with escalation of privilege, Stefan Kanthak
• giflib: heap overflow in giffix (CVE-2015-7555), Hans Jerry Illikainen
• ESA-2015-177: RSA SecurID(r) Web Agent Authentication Bypass Vulnerability, Security Alert
• [SECURITY] [DSA 3429-1] foomatic-filters security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03527 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, security-alert
• [security bulletin] HPSBGN03526 rev.1 - HPE Helion Eucalyptus, Remote Access Restriction Bypass, Unauthorized Modification, security-alert
• [security bulletin] HPSBHF03419 rev.1 - HP Network Products including H3C routers and switches, Remote Denial of Service (DoS), Unauthorized Access., security-alert
• Executable installers are vulnerable^WEVIL (case 14): Rapid7's ScanNowUPnP.exe allows arbitrary (remote) code execution, Stefan Kanthak
• [RT-SA-2015-013] Symfony PHP Framework: Session Fixation In "Remember Me" Login Functionality, RedTeam Pentesting GmbH
• DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability, Vulnerability Lab
• Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• Wordpress Content Text Slider on Post 6.8 - Persistent Vulnerability, Vulnerability Lab
• Lithium Forum - (previewImages) Persistent Vulnerability, Vulnerability Lab
• Switch v4.68 - Code Execution Vulnerability, Vulnerability Lab
• POP Peeper 4.0.1 - Persistent Code Execution Vulnerability, Vulnerability Lab
• Aeris Calandar v2.1 - Buffer Overflow Vulnerability, Vulnerability Lab
• ESA-2015-174: EMC VPLEX Undocumented Account Vulnerability, Security Alert
• ESA-2015-179: EMC Secure Remote Services Virtual Edition Path Traversal Vulnerability, Security Alert
• Security advisory for Bugzilla 5.0.2, 4.4.11 and 4.2.16, LpSolit
• [slackware-security] blueman (SSA:2015-356-01), Slackware Security Team
• Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [SECURITY] [DSA 3430-1] libxml2 security update, Salvatore Bonaccorso
• [slackware-security] mozilla-thunderbird (SSA:2015-357-01), Slackware Security Team
• AccessDiver V4.301 Buffer Overflow, apparitionsec
• libtiff: invalid write (CVE-2015-7554), Hans Jerry Illikainen
• libtiff bmp file Heap Overflow (CVE-2015-8668), riusksk
• WebKitGTK+ Security Advisory WSA-2015-0002, Carlos Alberto Lopez Perez
• [oCERT 2015-012] Ganeti multiple issues, Daniele Bianco
• FTPShell Client v5.24 Buffer Overflow, apparitionsec
• Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution, Stefan Kanthak
• Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang), irancrash