Mail Index

• Thread Index

• [SECURITY] [DSA 3432-1] icedove security update
  • From: Moritz Muehlenhoff
• OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders
  • From: Ralf Spenneberg
• [SECURITY] [DSA 3431-1] ganeti security update
  • From: Moritz Muehlenhoff
• OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S
  • From: Ralf Spenneberg
• OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag
  • From: Ralf Spenneberg
• [SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
  • From: Stefan Seelmann
• Open Audit SQL Injection Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3433-1] samba security update
  • From: Salvatore Bonaccorso
• Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities
  • From: Stefan Kanthak
• Confluence Vulnerabilities
  • From: Sebastian Perez
• CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
  • From: Pierre Kim
• [SECURITY] [DSA 3435-1] git security update
  • From: Laszlo Boszormenyi (GCS)
• [SECURITY] [DSA 3434-1] linux security update
  • From: Ben Hutchings
• [security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access
  • From: security-alert
• Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499)
  • From: erlijn . vangenuchten
• Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images
  • From: RedTeam Pentesting GmbH
• [RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow
  • From: RedTeam Pentesting GmbH
• Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603
  • From: Onur Yilmaz
• [CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability
  • From: Daniel Schliebner
• Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through
  • From: Eitan Caspi
• APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • From: Apple Product Security
• APPLE-SA-2016-01-07-1 QuickTime 7.7.9
  • From: Apple Product Security
• [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
  • From: security-alert
• Symantec EP DOS
  • From: hyp3rphp
• WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability
  • From: Rahul Pratap Singh
• [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
  • From: RedTeam Pentesting GmbH
• MobaXTerm before version 8.5 vulnerability in "jump host" functionality
  • From: Thomas Bleier
• Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Stefan Kanthak
• [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 3436-1] openssl security update
  • From: Salvatore Bonaccorso
• CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent
  • From: Stelios Tsampas
• CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer
  • From: Stelios Tsampas
• [SECURITY] [DSA 3438-1] xscreensaver security update
  • From: Michael Gilbert
• [SECURITY] [DSA 3437-1] gnutls26 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3439-1] prosody security update
  • From: Salvatore Bonaccorso
• OpenBravo Hibernate HQL Injection
  • From: Ng, Sam (Fortify)
• Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: iedb . team
• Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: iedb . team
• Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
  • From: Sarah Allen
• Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)
  • From: fgghy
• Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability
  • From: Reed Loden
• Exploiting XXE vulnerabilities in AMF libraries
  • From: Nicolas Grégoire
• [SECURITY] [DSA 3440-1] sudo security update
  • From: Ben Hutchings
• [SECURITY] [DSA 3441-1] perl security update
  • From: Salvatore Bonaccorso
• SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems
  • From: SEC Consult Vulnerability Lab
• WP Symposium Pro Social Network Plugin XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3442-1] isc-dhcp security update
  • From: Michael Gilbert
• Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3445-1] pygments security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Commentator Wordpress Plugin 2.5.2 XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3444-1] wordpress security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities
  • From: security-alert
• Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module
  • From: High-Tech Bridge Security Research
• [security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities
  • From: security-alert
• [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...
  • From: Stefan Kanthak
• Remote Code Execution in Roundcube
  • From: High-Tech Bridge Security Research
• [slackware-security] dhcp (SSA:2016-012-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3443-1] libpng security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-16:03.linux
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:05.tcp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:02.ntp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:01.sctp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:04.linux
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3446-1] openssh security update
  • From: Yves-Alexis Perez
• Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
  • From: Qualys Security Advisory
• [SECURITY] [DSA 3431-2] ganeti regression update
  • From: Salvatore Bonaccorso
• FreeBSD bsnmpd information disclosure
  • From: Pierre Kim
• FreeBSD Security Advisory FreeBSD-SA-16:07.openssh
  • From: FreeBSD Security Advisories
• [slackware-security] openssh (SSA:2016-014-01)
  • From: Slackware Security Team
• Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution
  • From: Stefan Kanthak
• Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?
  • From: Stefan Kanthak
• [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability
  • From: Egidio Romano
• [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3
  • From: urikanonov
• [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
  • From: urikanonov
• [SECURITY] [DSA 3447-1] tomcat7 security update
  • From: Salvatore Bonaccorso
• Advanced Electron Forum v1.0.9 CSRF
  • From: hyp3rlinx
• Advanced Electron Forum v1.0.9 Persistent XSS
  • From: hyp3rlinx
• Advanced Electron Forum v1.0.9 RFI / CSRF
  • From: hyp3rlinx
• Quick CMS v 6.1 XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3448-1] linux security update
  • From: Salvatore Bonaccorso
• Quick Cart v6.6 XSS Vulnerability
  • From: Rahul Pratap Singh
• [CORE-2016-0001] - Intel Driver Update Utility MiTM
  • From: CORE Advisories Team
• Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe
  • From: Stefan Kanthak
• [security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS)
  • From: security-alert
• [SECURITY] [DSA 3449-1] bind9 security update
  • From: Salvatore Bonaccorso
• APPLE-SA-2016-01-19-1 iOS 9.2.1
  • From: Apple Product Security
• APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001
  • From: Apple Product Security
• APPLE-SA-2016-01-19-3 Safari 9.0.3
  • From: Apple Product Security
• LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability
  • From: Onur Yilmaz
• [CVE-2016-1926] XSS in Greenbone Security Assistant &#8805; 6.0.0 and < 6.0.8
  • From: bugtraq
• Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3450-1] ecryptfs-utils security update
  • From: Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3
  • From: urikanonov
• Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3
  • From: urikanonov
• QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys
  • From: issues
• Oracle HtmlConverter.exe Buffer Overflow
  • From: hyp3rlinx
• SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices
  • From: SEC Consult Vulnerability Lab
• Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
  • From: Stefan Kanthak
• [SECURITY] [DSA 3451-1] fuse security update
  • From: Yves-Alexis Perez
• January 2016 - Bamboo - Critical Security Advisory
  • From: David Black
• imageone Cms Multiple vulnerabilities
  • From: iedb . team
• [SECURITY] [DSA 3452-1] claws-mail security update
  • From: Ben Hutchings
• imageone Cms Multiple vulnerabilities
  • From: iedb . team
• XMB - eXtreme Message Board v1.9.11.13 Weak Crypto
  • From: hyp3rlinx
• HP LaserJet Fax Preview DLL side loading vulnerability
  • From: Securify B.V.
• LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities
  • From: Securify B.V.
• HP ToComMsg DLL side loading vulnerability
  • From: Securify B.V.
• ZyXel WAP3205 v1 Multiple XSS
  • From: graphx
• Remote shutdown vulnerability in Buffalo NAS (Linkstation 420)
  • From: zemnmez
• PHP-FPM fpm_log.c memory leak and buffer overflow
  • From: Imre RAD
• PHP LiteSpeed SAPI secret key improper disposal
  • From: Imre RAD
• WP Easy Gallery v4.1.4 Stored XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3453-1] mariadb-10.0 security update
  • From: Salvatore Bonaccorso
• glibc catopen() Multiple unbounded stack allocations
  • From: cxsecurity
• Magento 1.9.x Multiple Man-In The Middle
  • From: cxsecurity
• APPLE-SA-2016-01-25-1 tvOS 9.1.1
  • From: Apple Product Security
• Authentication bypass in PHP File Manager 0.9.8
  • From: Imre Rad
• [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities
  • From: CORE Advisories Team
• PHP LiteSpeed SAPI out of boundaries read due to missing input validation
  • From: Imre RAD
• [security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)
  • From: security-alert
• WP-Ultimate CSV Importer XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3454-1] virtualbox security update
  • From: Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-16:08.bind
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:09.ntp
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:10.linux
  • From: FreeBSD Security Advisories
• [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption
  • From: ERPScan inc
• [SECURITY] [DSA 3455-1] curl security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3456-1] chromium-browser security update
  • From: Michael Gilbert
• BK Mobile CMS SQLi and XSS Vulnerability
  • From: Rahul Pratap Singh
• Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Apple WatchOS v2.1 - Denial of Service Vulnerability
  • From: Vulnerability Lab
• Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities
  • From: Vulnerability Lab
• Telegram (API) - Cross Site Request Forgery Vulnerabilities
  • From: Vulnerability Lab
• Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability
  • From: Vulnerability Lab
• Kleefa v1.7 (IR) - Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• Classic Infomedia (Login) - Auth Bypass Web Vulnerability
  • From: Vulnerability Lab
• WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• los818 CMS 2016 Q1 - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• Netgear GS105Ev2 - Multiple Vulnerabilities
  • From: benedikt . westermann
• Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Log2Space Central v 6.2 Multiple XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3457-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3458-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase
  • From: Hacking Corporation Sàrl
• Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability
  • From: Vulnerability Lab
• New Era Company CMS - (id) SQL Injection Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3459-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• CVE-2015-7521: Apache Hive authorization bug disclosure
  • From: Sushanth Sowmyan
• [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities
  • From: security-alert
• [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)
  • From: security-alert
• ProjectSend multiple vulnerabilities
  • From: Filippo Cavallarin
• Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification
  • From: security-alert
• [security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
  • From: security-alert
• [security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS)
  • From: security-alert
• ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation
  • From: graphx
• [security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification
  • From: security-alert
• Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network
  • From: kingkaustubh
• [security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access
  • From: security-alert
• FreeBSD Security Advisory FreeBSD-SA-16:11.openssl
  • From: FreeBSD Security Advisories