Mail Index
- CVE-2015-5344 - Apache Camel medium disclosure vulnerability
- [SECURITY] [DSA 3460-1] privoxy security update
- VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
- OpenXchange | Information Disclosure
- WP-Comment-Rating XSS Vulnerability
- Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- eClinicalWorks (CCMR) - Multiple Vulnerabilities
- [SECURITY] [DSA 3464-1] rails security update
- [SECURITY] [DSA 3463-1] prosody security update
- [SECURITY] [DSA 3462-1] radicale security update
- [SECURITY] [DSA 3461-1] freetype security update
- Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability
- File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities
- WebKitGTK+ Security Advisory WSA-2016-0001
- From: Carlos Alberto Lopez Perez
- A tale of openssl_seal(), PHP and Apache2handle
- Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability
- MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS
- [SECURITY] [DSA 3465-1] openjdk-6 security update
- TimeClock - Multiple SQL Injections
- ASUS RT-N56U Persistent XSS
- Mezzanine CMS 4.1.0 Arbitrary File Upload
- Mezzanine CMS 4.1.0 XSS
- Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability
- Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability
- SimpleView CRM - Client Side Open Redirect Vulnerability
- File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities
- Soso Transfer v1.1 iOS - Denial of Service Vulnerability
- Security Advisories
- From: Portcullis Advisories
- Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
- [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
- AST-2016-001: BEAST vulnerability in HTTP server
- From: Asterisk Security Team
- AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data.
- From: Asterisk Security Team
- AST-2016-002: File descriptor exhaustion in chan_sip
- From: Asterisk Security Team
- [slackware-security] MPlayer (SSA:2016-034-02)
- From: Slackware Security Team
- [slackware-security] php (SSA:2016-034-04)
- From: Slackware Security Team
- [slackware-security] openssl (SSA:2016-034-03)
- From: Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2016-034-01)
- From: Slackware Security Team
- Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass
- WordPress User Meta Manager Plugin [Privilege Escalation]
- WordPress User Meta Manager Plugin [Blind SQLI]
- [SECURITY] [DSA 3466-1] krb5 security update
- From: Salvatore Bonaccorso
- CVE-2015-3251: Apache CloudStack VM Credential Exposure
- CVE-2015-3252: Apache CloudStack VNC authentication issue
- [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
- [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution
- [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- [security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege
- Multiple vulnerabilities in Open Real Estate v 1.15.1
- From: Simon Waters (Surevine)
- [SECURITY] [DSA 3467-1] tiff security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3468-1] polarssl security update
- CFP: SIN 2016 - 9th International Conference on Security of Information and Networks
- Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege
- WordPress User Meta Manager Plugin [Information Disclosure]
- Symphony CMS multiple vulnerabilities
- Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys)
- JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability
- Getdpd BB #5 - Persistent Filename Vulnerability
- Getdpd BB #4 - (name) Persistent Validation Vulnerability
- Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability
- Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities
- PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities
- WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation]
- WordPress WP User Frontend Plugin [Unrestricted File Upload]
- [SECURITY] [DSA 3471-1] qemu security update
- [SECURITY] [DSA 3469-1] qemu security update
- [SECURITY] [DSA 3470-1] qemu-kvm security update
- [SECURITY] [DSA 3472-1] wordpress security update
- From: Salvatore Bonaccorso
- [slackware-security] libsndfile (SSA:2016-039-02)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2016-039-01)
- From: Slackware Security Team
- Privilege escalation Vulnerability in ManageEngine Network Configuration Management
- ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities
- Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216)
- dotDefender Firewall CSRF
- ManageEngine Eventlog Analyzer Privilege Escalation v10.8
- SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities
- From: SEC Consult Vulnerability Lab
- VP2016-001: Remote Command Execution in File Replication Pro
- From: Vantage Point Security
- Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability
- File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities
- MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability
- Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability
- Remote Code Execution in Exponent
- From: High-Tech Bridge Security Research
- Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- NPS Datastore server DLL side loading vulnerability
- BDA MPEG2 Transport Information Filter DLL side loading vulnerability
- MapsUpdateTask Task DLL side loading vulnerability
- Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
- Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability
- Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities
- Re: [oss-security] HTTPS Only (Open Source, Python)
- [SECURITY] [DSA 3473-1] nginx security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-firefox (SSA:2016-042-01)
- From: Slackware Security Team
- CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011)
- HD Video Player v2.5 iOS - Multiple Web Vulnerabilities
- [SECURITY] [DSA 3474-1] libgcrypt20 security update
- From: Salvatore Bonaccorso
- [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability
- [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability
- KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution
- From: KoreLogic Disclosures
- [SECURITY] [DSA 3475-1] postgresql-9.1 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3476-1] postgresql-9.4 security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3477-1] iceweasel security update
- Xymon: Critical security issues in all versions prior to 4.3.25
- BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware
- From: Blue Frost Security Research Lab
- phpMyBackupPro v.2.5 XSS
- phpMyBackupPro v.2.5 Arbitrary File Upload
- phpMyBackupPro v.2.5 Remote Command Execution / CSRF
- CyberCop Scanner Smbgrind v5.5 Buffer Overflow
- [SECURITY] [DSA 3479-1] graphite2 security update
- [SECURITY] [DSA 3478-1] libgcrypt11 security update
- From: Salvatore Bonaccorso
- Missing Function Level Access control Vulnerability in OPutils
- Privilege escalation Vulnerability in ManageEngine oputils
- CSRF and XsS In Manage Engine oputils
- [SECURITY] [DSA 3480-1] eglibc security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3481-1] glibc security update
- From: Salvatore Bonaccorso
- Redaxo CMS contains multiple vulnerabilities
- RCE via CSRF in osCmax
- From: High-Tech Bridge Security Research
- SQL Injection in Osclass
- From: High-Tech Bridge Security Research
- SQL Injection in WeBid
- From: High-Tech Bridge Security Research
- SQL Injection in TestLink
- From: High-Tech Bridge Security Research
- SQL Injection in webSPELL
- From: High-Tech Bridge Security Research
- SSO Authentication Bypass and Website Takeover in DOKEOS
- From: High-Tech Bridge Security Research
- RCE via CSRF in osCommerce
- From: High-Tech Bridge Security Research
- [SECURITY] [DSA 3482-1] libreoffice security update
- [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS)
- CVE-2015-7521: Apache Hive authorization bug disclosure (update)
- [SECURITY] [DSA 3484-1] xdelta3 security update
- From: Salvatore Bonaccorso
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79)
- From: erlijn . vangenuchten
- [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548)
- From: erlijn . vangenuchten
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358)
- From: erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932)
- From: erlijn . vangenuchten
- [SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting
- From: erlijn . vangenuchten
- [SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection
- From: erlijn . vangenuchten
- ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability
- Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities
- Chamilo LMS - Persistent Cross Site Scripting Vulnerability
- Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability
- Investors Application - Client Side Cross Site Scripting Vulnerability
- Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability
- ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability
- [SECURITY] [DSA 3483-1] cpio security update
- From: Salvatore Bonaccorso
- [security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution
- Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3485-1] didiwiki security update
- [security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access
- [SECURITY] [DSA 3486-1] chromium-browser security update
- [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation
- [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass
- [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass
- [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure
- [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass
- [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak
- [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal
- InstantCoder v1.0 iOS - Multiple Web Vulnerabilities
- Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities
- [SYSS-2015-063] OpenCms - Cross Site Scripting
- Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability
- InstantCoder v1.0 iOS - Multiple Web Vulnerabilities
- CSNC-2016-002 - Open Redirect in OpenAM
- CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM)
- CSNC-2016-001 - XSS in OpenAM
- [SECURITY] [DSA 3488-1] libssh security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3489-1] lighttpd security update
- Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass
- [slackware-security] bind (SSA:2016-054-01)
- From: Slackware Security Team
- [slackware-security] glibc (SSA:2016-054-02)
- From: Slackware Security Team
- [slackware-security] libgcrypt (SSA:2016-054-03)
- From: Slackware Security Team
- [slackware-security] ntp (SSA:2016-054-04)
- From: Slackware Security Team
- [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability
- Extra User Details [Privilege Escalation]
- Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege
- Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe
- eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability
- CSV Import XSS Vulnerability
- WP Advanced Importer XSS Vulnerability
- WP Ultimate Exporter XSS Vulnerability
- Import Woocommerce XSS Vulnerability
- Belkin N150 Router Multiple XSS Vulnerability
- [SECURITY] [DSA 3490-1] websvn security update
- WordPress User Submitted Posts Plugin [Persistent XSS]
- JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities
- [SECURITY] [DSA 3491-1] icedove security update
- CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
- [SECURITY] [DSA 3493-1] xerces-c security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3492-1] gajim security update
- APPLE-SA-2016-02-25-1 Apple TV 7.2.1
- From: Apple Product Security
- WordPress plugin wp-ultimate-exporter SQL injection vulnerability
- Zimbra Cross-Site Scripting vulnerabilities
- RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
- From: Shivaprasad Sadashivappa
- Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege
- Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege
- [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
- [slackware-security] libssh (SSA:2016-057-01)
- From: Slackware Security Team
- Re: Symantec EP DOS
- [SECURITY] [DSA 3494-1] cacti security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3497-1] php-horde security update
- From: Salvatore Bonaccorso
- Call For Papers - CISTI 2016 Workshops - Deadline March 15
- [SECURITY] [DSA 3496-1] php-horde-core security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3499-1] pillow security update
- [SECURITY] [DSA 3498-1] drupal7 security advisory
- [SECURITY] [DSA 3495-1] xymon security update
- WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability
Mail converted by MHonArc