Mail Thread Index

• Date Index

• CVE-2015-5344 - Apache Camel medium disclosure vulnerability, Claus Ibsen
• [SECURITY] [DSA 3460-1] privoxy security update, Sebastien Delafond
• VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability, t . schughart
• OpenXchange | Information Disclosure, t . schughart
• WP-Comment-Rating XSS Vulnerability, Rahul Pratap Singh
• Executable installers are vulnerable^WEVIL (case 23): WinImage's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• eClinicalWorks (CCMR) - Multiple Vulnerabilities, jerold
• [SECURITY] [DSA 3464-1] rails security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3463-1] prosody security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3462-1] radicale security update, Yves-Alexis Perez
• [SECURITY] [DSA 3461-1] freetype security update, Sebastien Delafond
• Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities, Vulnerability Lab
• WebKitGTK+ Security Advisory WSA-2016-0001, Carlos Alberto Lopez Perez
• A tale of openssl_seal(), PHP and Apache2handle, s3810
• Re: VMWare Zimbra Mailer | DKIM longterm Mail Replay vulnerability, Phil Pearl
• MailPoet Newsletter 2.6.19 - Security Advisory - Reflected XSS, Onur Yilmaz
• [SECURITY] [DSA 3465-1] openjdk-6 security update, Moritz Muehlenhoff
• TimeClock - Multiple SQL Injections, marcelabx
• ASUS RT-N56U Persistent XSS, graphx
• Mezzanine CMS 4.1.0 Arbitrary File Upload, hyp3rlinx
• Mezzanine CMS 4.1.0 XSS, hyp3rlinx
• Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability, Vulnerability Lab
• Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability, Vulnerability Lab
• SimpleView CRM - Client Side Open Redirect Vulnerability, Vulnerability Lab
• File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Soso Transfer v1.1 iOS - Denial of Service Vulnerability, Vulnerability Lab
• Security Advisories, Portcullis Advisories
• Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco ASA-CX and Cisco Prime Security Manager Privilege Escalation Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability, Cisco Systems Product Security Incident Response Team
• Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability, David Coomber
• [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300, Pedro Ribeiro
• AST-2016-001: BEAST vulnerability in HTTP server, Asterisk Security Team
• AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data., Asterisk Security Team
• AST-2016-002: File descriptor exhaustion in chan_sip, Asterisk Security Team
• [slackware-security] MPlayer (SSA:2016-034-02), Slackware Security Team
• [slackware-security] php (SSA:2016-034-04), Slackware Security Team
• [slackware-security] openssl (SSA:2016-034-03), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2016-034-01), Slackware Security Team
• Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass, Vulnerability Lab
• WordPress User Meta Manager Plugin [Privilege Escalation], pan . vagenas
• WordPress User Meta Manager Plugin [Blind SQLI], pan . vagenas
• [SECURITY] [DSA 3466-1] krb5 security update, Salvatore Bonaccorso
• CVE-2015-3251: Apache CloudStack VM Credential Exposure, John Kinsella
• CVE-2015-3252: Apache CloudStack VNC authentication issue, John Kinsella
• [security bulletin] HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities, security-alert
• [security bulletin] HPSBGN03434 rev.1 - HP Continuous Delivery Automation using Java Deserialization, Remote Arbitrary Code Execution, security-alert
• [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox, Stefan Kanthak
  • Re: [FD] [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox, Jason Hellenthal
• [security bulletin] HPSBGN03430 rev.3 - HP ArcSight products, Local Elevation of Privilege, security-alert
• Multiple vulnerabilities in Open Real Estate v 1.15.1, Simon Waters (Surevine)
• [SECURITY] [DSA 3467-1] tiff security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3468-1] polarssl security update, Sebastien Delafond
• CFP: SIN 2016 - 9th International Conference on Security of Information and Networks, Hossain Shahriar
• Executable installers are vulnerable^WEVIL (case 25): WinRAR's installer and self-extractors allow arbitrary (remote) code execution and escalation of privilege, Stefan Kanthak
• WordPress User Meta Manager Plugin [Information Disclosure], Panagiotis Vagenas
• Symphony CMS multiple vulnerabilities, Filippo Cavallarin
• Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third-Party USB-Driver (ser2co64.sys), Ralf Spenneberg
• JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability, Vulnerability Lab
• Getdpd BB #5 - Persistent Filename Vulnerability, Vulnerability Lab
• Getdpd BB #4 - (name) Persistent Validation Vulnerability, Vulnerability Lab
• Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability, Vulnerability Lab
• Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities, Vulnerability Lab
• PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities, Vulnerability Lab
• WordPress WooCommerce - Store Toolkit Plugin [Privilege Escalation], Panagiotis Vagenas
• WordPress WP User Frontend Plugin [Unrestricted File Upload], Panagiotis Vagenas
• [SECURITY] [DSA 3471-1] qemu security update, Sebastien Delafond
• [SECURITY] [DSA 3469-1] qemu security update, Sebastien Delafond
• [SECURITY] [DSA 3470-1] qemu-kvm security update, Sebastien Delafond
• [SECURITY] [DSA 3472-1] wordpress security update, Salvatore Bonaccorso
• [slackware-security] libsndfile (SSA:2016-039-02), Slackware Security Team
• [slackware-security] curl (SSA:2016-039-01), Slackware Security Team
• Privilege escalation Vulnerability in ManageEngine Network Configuration Management, kingkaustubh
• ESA-2016-010 EMC Documentum xCP Security Update for Multiple Vulnerabilities, Security Alert
• Safebreach adsivory: Node.js HTTP Response Splitting (CVE-2016-2216), Amit Klein
• dotDefender Firewall CSRF, hyp3rlinx
• ManageEngine Eventlog Analyzer Privilege Escalation v10.8, graphx
• SEC Consult SA-20160210-0 :: Yeager CMS Multiple Vulnerabilities, SEC Consult Vulnerability Lab
• VP2016-001: Remote Command Execution in File Replication Pro, Vantage Point Security
• Getdpd Bug Bounty #6 - (Import - FTP) Persistent Vulnerability, Vulnerability Lab
• File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability, Vulnerability Lab
• Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability, Vulnerability Lab
• Remote Code Execution in Exponent, High-Tech Bridge Security Research
• Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability, Cisco Systems Product Security Incident Response Team
• NPS Datastore server DLL side loading vulnerability, Securify B.V.
• BDA MPEG2 Transport Information Filter DLL side loading vulnerability, Securify B.V.
• MapsUpdateTask Task DLL side loading vulnerability, Securify B.V.
• Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities, Securify B.V.
  • Message not available
    • Re: OLE DB Provider for Oracle multiple DLL side loading vulnerabilities, Securify B.V.
• Duplicator Wordpress Plugin - Source Code And Database Dump Via CSRF Vulnerability, Ratio Sec
• Re: [oss-security] HTTPS Only (Open Source, Python), P J P
• [SECURITY] [DSA 3473-1] nginx security update, Salvatore Bonaccorso
• [slackware-security] mozilla-firefox (SSA:2016-042-01), Slackware Security Team
• CVE-2015-0061 and CVE-2015-0063 (MS16-009/MS16-011), Berend-Jan Wever
• HD Video Player v2.5 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [SECURITY] [DSA 3474-1] libgcrypt20 security update, Salvatore Bonaccorso
• [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability, ERPScan inc
• [ERPSCAN-15-032] SAP PCo agent – DoS vulnerability, ERPScan inc
• KL-001-2016-001 : Arris DG1670A Cable Modem Remote Command Execution, KoreLogic Disclosures
• [SECURITY] [DSA 3475-1] postgresql-9.1 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3476-1] postgresql-9.4 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3477-1] iceweasel security update, Moritz Muehlenhoff
• Xymon: Critical security issues in all versions prior to 4.3.25, Xymon Software
• BFS-SA-2016-001: FireEye Detection Evasion and Whitelisting of Arbitrary Malware, Blue Frost Security Research Lab
• phpMyBackupPro v.2.5 XSS, hyp3rlinx
• phpMyBackupPro v.2.5 Arbitrary File Upload, hyp3rlinx
• phpMyBackupPro v.2.5 Remote Command Execution / CSRF, hyp3rlinx
• CyberCop Scanner Smbgrind v5.5 Buffer Overflow, hyp3rlinx
• [SECURITY] [DSA 3479-1] graphite2 security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3478-1] libgcrypt11 security update, Salvatore Bonaccorso
• Missing Function Level Access control Vulnerability in OPutils, kingkaustubh
• Privilege escalation Vulnerability in ManageEngine oputils, kingkaustubh
• CSRF and XsS In Manage Engine oputils, kingkaustubh
• [SECURITY] [DSA 3480-1] eglibc security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3481-1] glibc security update, Salvatore Bonaccorso
• Redaxo CMS contains multiple vulnerabilities, LSE-Advisories
• RCE via CSRF in osCmax, High-Tech Bridge Security Research
• SQL Injection in Osclass, High-Tech Bridge Security Research
• SQL Injection in WeBid, High-Tech Bridge Security Research
• SQL Injection in TestLink, High-Tech Bridge Security Research
• SQL Injection in webSPELL, High-Tech Bridge Security Research
• SSO Authentication Bypass and Website Takeover in DOKEOS, High-Tech Bridge Security Research
• RCE via CSRF in osCommerce, High-Tech Bridge Security Research
• [SECURITY] [DSA 3482-1] libreoffice security update, Sebastien Delafond
• [security bulletin] HPSBUX03437 SSRT110025 rev.1 - HP-UX IPFilter, Remote Denial of Service (DoS), security-alert
• CVE-2015-7521: Apache Hive authorization bug disclosure (update), Sushanth Sowmyan
• [SECURITY] [DSA 3484-1] xdelta3 security update, Salvatore Bonaccorso
• [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932), erlijn . vangenuchten
• [SYSS-2015-055] Novell Filr - Cross-Site Scripting (CWE-79), erlijn . vangenuchten
• [SYSS-2015-062] ownCloud - Information Exposure Through Directory Listing (CWE-548), erlijn . vangenuchten
• [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932), erlijn . vangenuchten
• [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (CWE-358), erlijn . vangenuchten
• [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (CWE-932), erlijn . vangenuchten
• [SYSS-2015-057] Thru Managed File Transfer Portal 9.0.2 - Cross-Site Scripting, erlijn . vangenuchten
• [SYSS-2015-056] Thru Managed File Transfer Portal 9.0.2 - SQL Injection, erlijn . vangenuchten
• ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability, Vulnerability Lab
• Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities, Vulnerability Lab
• Chamilo LMS - Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability, Vulnerability Lab
• Investors Application - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability, Vulnerability Lab
• ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3483-1] cpio security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03547 rev.1 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution, security-alert
• Cisco Security Advisory: Vulnerability in GNU glibc Affecting Cisco Products: February 2016, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3485-1] didiwiki security update, Sebastien Delafond
• [security bulletin] HPSBHF03544 rev.1 - HPE iMC PLAT and other HP and H3C products using Comware 7 and cURL, Remote Unauthorized Access, security-alert
• [SECURITY] [DSA 3486-1] chromium-browser security update, Michael Gilbert
• [SECURITY] CVE-2015-5346 Apache Tomcat Session fixation, Mark Thomas
• [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass, Mark Thomas
• [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass, Mark Thomas
• [SECURITY] CVE-2015-5345 Apache Tomcat Directory disclosure, Mark Thomas
• [SECURITY] CVE-2016-0763 Apache Tomcat Security Manager Bypass, Mark Thomas
• [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak, Mark Thomas
• [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal, Mark Thomas
• InstantCoder v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
  • <Possible follow-ups>
  • InstantCoder v1.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities, Vulnerability Lab
• [SYSS-2015-063] OpenCms - Cross Site Scripting, rainer . boie
• Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• CSNC-2016-002 - Open Redirect in OpenAM, Alexandre Herzog
• CVE-2015-0955 - Stored XSS in Adobe Experience Manager (AEM), Alexandre Herzog
• CSNC-2016-001 - XSS in OpenAM, Alexandre Herzog
• [SECURITY] [DSA 3488-1] libssh security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3489-1] lighttpd security update, Sebastien Delafond
• Ubiquiti Networks UniFi v3.2.10 Generic CSRF Protection Bypass, Julien Ahrens
• [slackware-security] bind (SSA:2016-054-01), Slackware Security Team
• [slackware-security] glibc (SSA:2016-054-02), Slackware Security Team
• [slackware-security] libgcrypt (SSA:2016-054-03), Slackware Security Team
• [slackware-security] ntp (SSA:2016-054-04), Slackware Security Team
• [KIS-2016-02] Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability, Egidio Romano
• Extra User Details [Privilege Escalation], Panagiotis Vagenas
• Re: Executable installers are vulnerable^WEVIL (case 26): the installer of GIMP for Windows allows arbitrary (remote) and escalation of privilege, Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 4): InstallShield's wrapper and setup.exe, Stefan Kanthak
• eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• CSV Import XSS Vulnerability, Rahul Pratap Singh
• WP Advanced Importer XSS Vulnerability, Rahul Pratap Singh
• WP Ultimate Exporter XSS Vulnerability, Rahul Pratap Singh
• Import Woocommerce XSS Vulnerability, Rahul Pratap Singh
• Belkin N150 Router Multiple XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3490-1] websvn security update, Sebastien Delafond
• WordPress User Submitted Posts Plugin [Persistent XSS], Panagiotis Vagenas
• JSN PowerAdmin Joomla! Extension - Remote Command Execution Via CSRF and XSS vulnerabilities, Ratio Sec
• [SECURITY] [DSA 3491-1] icedove security update, Moritz Muehlenhoff
• CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input, Cantor, Scott
  • RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input, Shivaprasad Sadashivappa
• [SECURITY] [DSA 3493-1] xerces-c security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3492-1] gajim security update, Yves-Alexis Perez
• APPLE-SA-2016-02-25-1 Apple TV 7.2.1, Apple Product Security
• WordPress plugin wp-ultimate-exporter SQL injection vulnerability, Henri Salo
• Zimbra Cross-Site Scripting vulnerabilities, pxli
• Executable installers are vulnerable^WEVIL (case 28): Google's Chrome cleanup tool allows arbitrary (remote) code execution WITH escalation of privilege, Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 27): Cygwin's installers allow arbitrary (remote) code execution WITH escalation of privilege, Stefan Kanthak
• [security bulletin] HPSBGN03549 rev.1 - HP IceWall Products using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
• [slackware-security] libssh (SSA:2016-057-01), Slackware Security Team
• Re: Symantec EP DOS, hyp3rlinx
• [SECURITY] [DSA 3494-1] cacti security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3497-1] php-horde security update, Salvatore Bonaccorso
• Call For Papers - CISTI 2016 Workshops - Deadline March 15, Maria Lemos
• [SECURITY] [DSA 3496-1] php-horde-core security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3499-1] pillow security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3498-1] drupal7 security advisory, Moritz Muehlenhoff
• [SECURITY] [DSA 3495-1] xymon security update, Sebastien Delafond
• WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab