Mail Thread Index

• Date Index

• [SECURITY] [DSA 3432-1] icedove security update, Moritz Muehlenhoff
• OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders, Ralf Spenneberg
• [SECURITY] [DSA 3431-1] ganeti security update, Moritz Muehlenhoff
• OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S, Ralf Spenneberg
• OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag, Ralf Spenneberg
• [SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability, Stefan Seelmann
• Open Audit SQL Injection Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3433-1] samba security update, Salvatore Bonaccorso
• Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities, Stefan Kanthak
• Confluence Vulnerabilities, Sebastian Perez
• CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak), Pierre Kim
• [SECURITY] [DSA 3435-1] git security update, Laszlo Boszormenyi (GCS)
• [SECURITY] [DSA 3434-1] linux security update, Ben Hutchings
• [security bulletin] HPSBGN03530 rev.1 - HPE UCMDB Browser, Remote Disclosure of Sensitive Information, Local Unauthorized Access, security-alert
• Executable installers are vulnerable^WEVIL (case 18): EMSISoft's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [SYSS-2015-062] ownCloud Information Exposure Through Directory Listing (CVE-2016-1499), erlijn . vangenuchten
• Executable installers are vulnerable^WEVIL (case 19): ZoneAlarm's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• [RT-SA-2014-014] AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images, RedTeam Pentesting GmbH
• [RT-SA-2015-001] AVM FRITZ!Box: Remote Code Execution via Buffer Overflow, RedTeam Pentesting GmbH
• Serendipity Security Advisory - XSS Vulnerability - CVE-2015-8603, Onur Yilmaz
• [CVE-2015-7242] AVM FRITZ!Box: HTML Injection Vulnerability, Daniel Schliebner
• Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through, Eitan Caspi
• APPLE-SA-2016-01-07-1 QuickTime 7.7.9, Apple Product Security
  • <Possible follow-ups>
  • APPLE-SA-2016-01-07-1 QuickTime 7.7.9, Apple Product Security
• [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS), security-alert
  • <Possible follow-ups>
  • [security bulletin] HPSBUX03435 SSRT102977 rev.1 - HP-UX Web Server Suite running Apache, Remote Denial of Service (DoS), security-alert
• Symantec EP DOS, hyp3rphp
• WP Symposium Pro Social Network Plugin XSS and Critical CSRF Vulnerability, Rahul Pratap Singh
• [RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials, RedTeam Pentesting GmbH
• MobaXTerm before version 8.5 vulnerability in "jump host" functionality, Thomas Bleier
• Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
  • Re: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege, Sarah Allen
• [SECURITY] [DSA 3436-1] openssl security update, Salvatore Bonaccorso
• CVE-2015-8397: GDCM out-of-bounds read in JPEGLSCodec::DecodeExtent, Stelios Tsampas
• CVE-2015-8396: GDCM buffer overflow in ImageRegionReader::ReadIntoBuffer, Stelios Tsampas
• [SECURITY] [DSA 3438-1] xscreensaver security update, Michael Gilbert
• [SECURITY] [DSA 3437-1] gnutls26 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3439-1] prosody security update, Salvatore Bonaccorso
• OpenBravo Hibernate HQL Injection, Ng, Sam (Fortify)
• Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, iedb . team
  • Message not available
    • Message not available
      • Re: Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, Reed Loden
  • <Possible follow-ups>
  • Mozilla Firefox 44.0b2 Cross-site Scripting Vulnerability, iedb . team
• Re: TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode), fgghy
• Exploiting XXE vulnerabilities in AMF libraries, Nicolas Grégoire
• [SECURITY] [DSA 3440-1] sudo security update, Ben Hutchings
• [SECURITY] [DSA 3441-1] perl security update, Salvatore Bonaccorso
• SEC Consult whitepaper: Bypassing McAfee Application Whitelisting for Critical Infrastructure Systems, SEC Consult Vulnerability Lab
• WP Symposium Pro Social Network Plugin XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3442-1] isc-dhcp security update, Michael Gilbert
• Cisco Security Advisory: Cisco Identity Services Engine Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3445-1] pygments security update, Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Aironet 1800 Series Access Point Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Commentator Wordpress Plugin 2.5.2 XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3444-1] wordpress security update, Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Wireless LAN Controller Unauthorized Access Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBHF03535 rev.1 - HPE iMC OSS and iMC Plat running Adobe Flash, Multiple Remote Vulnerabilities, security-alert
• Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module, High-Tech Bridge Security Research
• [security bulletin] HPSBGN03532 rev.1 - HPE ArcSight Logger, Multiple Vulnerabilities, security-alert
• [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ..., Stefan Kanthak
• Remote Code Execution in Roundcube, High-Tech Bridge Security Research
• [slackware-security] dhcp (SSA:2016-012-01), Slackware Security Team
• [SECURITY] [DSA 3443-1] libpng security update, Salvatore Bonaccorso
• [security bulletin] HPSBUX03359 SSRT102094 rev.3 - HP-UX pppoec, local elevation of privilege, security-alert
• FreeBSD Security Advisory FreeBSD-SA-16:03.linux, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:05.tcp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:02.ntp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:01.sctp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:04.linux, FreeBSD Security Advisories
• [SECURITY] [DSA 3446-1] openssh security update, Yves-Alexis Perez
• Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778, Qualys Security Advisory
• [SECURITY] [DSA 3431-2] ganeti regression update, Salvatore Bonaccorso
• FreeBSD bsnmpd information disclosure, Pierre Kim
• FreeBSD Security Advisory FreeBSD-SA-16:07.openssh, FreeBSD Security Advisories
• [slackware-security] openssh (SSA:2016-014-01), Slackware Security Team
• Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution, Stefan Kanthak
• Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?, Stefan Kanthak
• [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability, Egidio Romano
• [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3, urikanonov
  • <Possible follow-ups>
  • Re: [CVE-2016-1920] VPN Man-in-the-Middle due to shared certificate store on KNOX 1.0 / Android 4.3, urikanonov
• [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3, urikanonov
  • <Possible follow-ups>
  • Re: [CVE-2016-1919] Weak eCryptFS Key generation from user password on KNOX 1.0 / Android 4.3, urikanonov
• [SECURITY] [DSA 3447-1] tomcat7 security update, Salvatore Bonaccorso
• Advanced Electron Forum v1.0.9 CSRF, hyp3rlinx
• Advanced Electron Forum v1.0.9 Persistent XSS, hyp3rlinx
• Advanced Electron Forum v1.0.9 RFI / CSRF, hyp3rlinx
• Quick CMS v 6.1 XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3448-1] linux security update, Salvatore Bonaccorso
• Quick Cart v6.6 XSS Vulnerability, Rahul Pratap Singh
• [CORE-2016-0001] - Intel Driver Update Utility MiTM, CORE Advisories Team
• Executable installers are vulnerable^WEVIL (case 21): Panda Security's installers allow arbitrary (remote) code execution AND escalation of privilege with PANDAIS16.exe, Stefan Kanthak
• [security bulletin] HPSBGN03534 rev.1 - HPE Performance Center using Microsoft Report Viewer, Remote Disclosure of Information, Cross-Site Scripting (XSS), security-alert
• [SECURITY] [DSA 3449-1] bind9 security update, Salvatore Bonaccorso
• APPLE-SA-2016-01-19-1 iOS 9.2.1, Apple Product Security
• APPLE-SA-2016-01-19-2 OS X El Capitan 10.11.3 and Security Update 2016-001, Apple Product Security
• APPLE-SA-2016-01-19-3 Safari 9.0.3, Apple Product Security
• LiteSpeed Web Server - Security Advisory - HTTP Header Injection Vulnerability, Onur Yilmaz
• [CVE-2016-1926] XSS in Greenbone Security Assistant &#8805; 6.0.0 and < 6.0.8, bugtraq
• Cisco Security Advisory: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3450-1] ecryptfs-utils security update, Salvatore Bonaccorso
• Cisco Security Advisory: Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability, Cisco Systems Product Security Incident Response Team
• QuickAuth - Google Authenticator Pebble app vulnerable to MITM attack when configuring TOTP keys, issues
• Oracle HtmlConverter.exe Buffer Overflow, hyp3rlinx
• SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices, SEC Consult Vulnerability Lab
• Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe", Stefan Kanthak
• [SECURITY] [DSA 3451-1] fuse security update, Yves-Alexis Perez
• January 2016 - Bamboo - Critical Security Advisory, David Black
• imageone Cms Multiple vulnerabilities, iedb . team
  • <Possible follow-ups>
  • imageone Cms Multiple vulnerabilities, iedb . team
• [SECURITY] [DSA 3452-1] claws-mail security update, Ben Hutchings
• XMB - eXtreme Message Board v1.9.11.13 Weak Crypto, hyp3rlinx
• HP LaserJet Fax Preview DLL side loading vulnerability, Securify B.V.
• LEADTOOLS ActiveX control multiple DLL side loading vulnerabilities, Securify B.V.
• HP ToComMsg DLL side loading vulnerability, Securify B.V.
• ZyXel WAP3205 v1 Multiple XSS, graphx
• Remote shutdown vulnerability in Buffalo NAS (Linkstation 420), zemnmez
• PHP-FPM fpm_log.c memory leak and buffer overflow, Imre RAD
• PHP LiteSpeed SAPI secret key improper disposal, Imre RAD
• WP Easy Gallery v4.1.4 Stored XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3453-1] mariadb-10.0 security update, Salvatore Bonaccorso
• glibc catopen() Multiple unbounded stack allocations, cxsecurity
• Magento 1.9.x Multiple Man-In The Middle, cxsecurity
• APPLE-SA-2016-01-25-1 tvOS 9.1.1, Apple Product Security
• Authentication bypass in PHP File Manager 0.9.8, Imre Rad
• [CORE-2016-0002] - Lenovo ShareIT Multiple Vulnerabilities, CORE Advisories Team
• PHP LiteSpeed SAPI out of boundaries read due to missing input validation, Imre RAD
• [security bulletin] HPSBGN03536 rev.1 - HP IceWall Products running OpenSSL, Remote and Local Denial of Service (DoS), security-alert
• [security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS), security-alert
• WP-Ultimate CSV Importer XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3454-1] virtualbox security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-16:08.bind, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:09.ntp, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:10.linux, FreeBSD Security Advisories
• [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption, ERPScan inc
• [SECURITY] [DSA 3455-1] curl security update, Alessandro Ghedini
• [SECURITY] [DSA 3456-1] chromium-browser security update, Michael Gilbert
• BK Mobile CMS SQLi and XSS Vulnerability, Rahul Pratap Singh
• Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Apple WatchOS v2.1 - Denial of Service Vulnerability, Vulnerability Lab
• Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities, Vulnerability Lab
• Telegram (API) - Cross Site Request Forgery Vulnerabilities, Vulnerability Lab
• Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability, Vulnerability Lab
• Kleefa v1.7 (IR) - Multiple Web Vulnerabilities, Vulnerability Lab
• Classic Infomedia (Login) - Auth Bypass Web Vulnerability, Vulnerability Lab
• WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability, Vulnerability Lab
• los818 CMS 2016 Q1 - SQL Injection Web Vulnerability, Vulnerability Lab
• Netgear GS105Ev2 - Multiple Vulnerabilities, benedikt . westermann
• Cisco Security Advisory: Cisco Wide Area Application Service CIFS DoS Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco RV220 Management Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• Log2Space Central v 6.2 Multiple XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3457-1] iceweasel security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3458-1] openjdk-7 security update, Moritz Muehlenhoff
• HCA0005 - Liberty Global - Horizon HD STB - predictable WiFi passphrase, Hacking Corporation Sàrl
• Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability, Vulnerability Lab
• New Era Company CMS - (id) SQL Injection Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3459-1] mysql-5.5 security update, Salvatore Bonaccorso
• CVE-2015-7521: Apache Hive authorization bug disclosure, Sushanth Sowmyan
• [security bulletin] HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS), security-alert
• ProjectSend multiple vulnerabilities, Filippo Cavallarin
• Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• [security bulletin] HPSBGN03542 rev.1 - HPE Operations Manager for Windows using Java Deserialization, Remote Arbitrary Code Execution, security-alert
• [security bulletin] HPSBHF03510 rev.1 - HP Integrated Lights-Out 2/3/4, Remote Unauthorized Modification, security-alert
• [security bulletin] HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBOV03540 rev.1 - HPE OpenVMS TCPIP Bind Services and OpenVMS TCPIP IPC Services for OpenVMS, Remote Disclosure of Information, Execution of Code, Denial of Service (DoS), security-alert
• ManageEngine Eventlog Analyzer v4-v10 Privilege Esacalation, graphx
• [security bulletin] HPSBGN03533 rev.1 - HP Enterprise Cloud Service Automation and Codar, Remote Unauthorized Modification, security-alert
• Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network, kingkaustubh
• [security bulletin] HPSBHF03419 rev.3 - HPE Networking Products, Remote Denial of Service (DoS), Unauthorized Access, security-alert
• FreeBSD Security Advisory FreeBSD-SA-16:11.openssl, FreeBSD Security Advisories