Mail Index

• Thread Index

• Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability
  • From: Vulnerability Lab
• [SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site
  • From: matthias . deeg
• [SYSS-2015-072] perfact::mpa - Insecure Direct Object References
  • From: matthias . deeg
• [SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery
  • From: matthias . deeg
• [SYSS-2015-070] perfact::mpa - Cross-Site Scripting
  • From: matthias . deeg
• [SYSS-2015-066] perfact::mpa - Cross-Site Scripting
  • From: matthias . deeg
• [SYSS-2015-067] perfact::mpa - Insecure Direct Object References
  • From: matthias . deeg
• [SYSS-2015-069] perfact::mpa - Insecure Direct Object References
  • From: matthias . deeg
• [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS)
  • From: security-alert
• Microsoft PowerPointViewer Code Execution
  • From: hyp3rlinx
• WordPress plugin GravityForms Cross-site Scripting vulnerability
  • From: Henri Salo
• [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in
  • From: adrian . vollmer
• Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [SECURITY] [DSA 3500-1] openssl security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3501-1] perl security update
  • From: Salvatore Bonaccorso
• Vivint Sky Control Panel Unauthenticated Access Vulnerability
  • From: jeremyscott
• [security bulletin] HPSBGN03442 rev.1 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBHF03545 rev. 1 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities
  • From: HP Security Alert
• [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities
  • From: Matteo Beccati
• Cisco Security Advisory: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
  • From: Cisco Systems Product Security Incident Response Team
• Open-Xchange Security Advisory 2016-03-02
  • From: Martin Heiland
• Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability
  • From: David Coomber
• [security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges
  • From: HP Security Alert
• WordPress Bulk Delete Plugin [Privilege Escalation]
  • From: Panagiotis Vagenas
• [slackware-security] php (SSA:2016-062-03)
  • From: Slackware Security Team
• [slackware-security] openssl (SSA:2016-062-02)
  • From: Slackware Security Team
• [slackware-security] mailx (SSA:2016-062-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3502-1] roundup security update
  • From: Yves-Alexis Perez
• [SECURITY] [DSA 3426-2] ctdb regression update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3503-1] linux security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service
  • From: HP Security Alert
• [security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information
  • From: HP Security Alert
• [SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service
  • From: disclosure
• [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
  • From: erlijn . vangenuchten
• [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED)
  • From: erlijn . vangenuchten
• [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
  • From: erlijn . vangenuchten
• [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED)
  • From: erlijn . vangenuchten
• [SECURITY] [DSA 3506-1] libav security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3505-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3504-1] bsh security update
  • From: Sebastien Delafond
• McAfee VirusScan Enterprise security restrictions bypass
  • From: Agazzini Maurizio
• Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege
  • From: Stefan Kanthak
• [SECURITY] [DSA 3507-1] chromium-browser security update
  • From: Michael Gilbert
• Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager
  • From: mail
• [SECURITY] [DSA 3508-1] jasper security update
  • From: Salvatore Bonaccorso
• Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
  • From: Vulnerability Lab
• Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
  • From: Dubbju
• Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
  • From: Edsel Adap
• ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability
  • From: Security Alert
• [slackware-security] php (SSA:2016-067-01)
  • From: Slackware Security Team
• Re: Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)
  • From: Michael Lima
• [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS)
  • From: security-alert
• Windows Mail Find People DLL side loading vulnerability
  • From: Securify B.V.
• [slackware-security] samba (SSA:2016-068-02)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2016-068-01)
  • From: Slackware Security Team
• Thomson TWG850 Wireless Router Multiple Vulnerabilities
  • From: Sebastian Perez
• LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities
  • From: LSE-Advisories
• OS-S 2016-05 Linux aiptek Nullpointer Dereference CVE-2015-7515
  • From: Ralf Spenneberg
• OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
  • From: Ralf Spenneberg
• OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference
  • From: Ralf Spenneberg
• Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
  • From: abdyfhie
• OS-S 2016-08 Linux mct_u232 Nullpointer Dereference
  • From: Ralf Spenneberg
• OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566
  • From: Ralf Spenneberg
• OS-S 2016-10 Linux visor (treo_attach) Nullpointer Dereference CVE-2016-2782
  • From: Ralf Spenneberg
• OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences
  • From: Ralf Spenneberg
• OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference
  • From: Ralf Spenneberg
• Re: Windows Mail Find People DLL side loading vulnerability
  • From: Stefan Kanthak
• Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Re: Windows Mail Find People DLL side loading vulnerability
  • From: Securify B.V.
• [SECURITY] [DSA 3509-1] rails security update
  • From: Luciano Bello
• [SECURITY] [DSA 3509-1] rails security update
  • From: Luciano Bello
• Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr"
  • From: X41 D-Sec GmbH Advisories
• [CORE-2016-0004] - SAP Download Manager Password Weak Encryption
  • From: CORE Advisories Team
• Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3510-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3509-1] rails security update
  • From: Luciano Bello
• [CORE-2016-0003] - Samsung SW Update Tool MiTM
  • From: CORE Advisories Team
• [SECURITY] [DSA 3511-1] bind9 security update
  • From: Michael Gilbert
• [SECURITY] [DSA 3512-1] libotr security update
  • From: Salvatore Bonaccorso
• [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9
  • From: Security Explorations
• [slackware-security] bind (SSA:2016-069-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-nss (SSA:2016-069-02)
  • From: Slackware Security Team
• FreeBSD Security Advisory FreeBSD-SA-16:13.bind
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:12.openssl
  • From: FreeBSD Security Advisories
• [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
  • From: Christopher Shannon
• [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking
  • From: Christopher Shannon
• [SECURITY] [DSA 3513-1] chromium-browser security update
  • From: Michael Gilbert
• oss-2016-13: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
  • From: Ralf Spenneberg
• oss-2016-14: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver)
  • From: Ralf Spenneberg
• oss-2016-15: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
  • From: Ralf Spenneberg
• oss-2016-16: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver)
  • From: Ralf Spenneberg
• oss-2016-17: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
  • From: Ralf Spenneberg
• oss-2016-18: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
  • From: Ralf Spenneberg
• [slackware-security] openssh (SSA:2016-070-01)
  • From: Slackware Security Team
• DW Question Answer Stored XSS Vulnerability
  • From: Rahul Pratap Singh
• WebKitGTK+ Security Advisory WSA-2016-0002
  • From: Carlos Alberto Lopez Perez
• Microsoft Edge CDOMTextNode::get_data type confusion
  • From: Berend-Jan Wever
• [SECURITY] [DSA 3514-1] samba security update
  • From: Salvatore Bonaccorso
• Soundy Background Music XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3515-1] graphite2 security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3516-1] wireshark security update
  • From: Moritz Muehlenhoff
• Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
  • From: amaris
• Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
  • From: amaris
• Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
  • From: amaris
• Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
  • From: amaris
• ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability
  • From: Security Alert
• Reflected Cross-Site Scripiting in CuteEditor
  • From: adrmm
• ChitaSoft (Web-Application) - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability
  • From: Vulnerability Lab
• Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information
  • From: security-alert
• Re: OS-S 2016-06 Linux cdc_acm Nullpointer Dereference
  • From: vdronov
• Re: OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference
  • From: vdronov
• Re: OS-S 2016-08 Linux mct_u232 Nullpointer Dereference
  • From: vdronov
• Re: OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference
  • From: vdronov
• Re: OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences
  • From: vdronov
• Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver)
  • From: vdronov
• Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver)
  • From: vdronov
• Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver)
  • From: vdronov
• Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver)
  • From: vdronov
• [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution
  • From: security-alert
• Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing
  • From: Stefan Kanthak
• [ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases
  • From: Romain Manni-Bucau
• [slackware-security] git (SSA:2016-075-01)
  • From: Slackware Security Team
• [slackware-security] seamonkey (SSA:2016-075-02)
  • From: Slackware Security Team
• Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS
  • From: rsrathoreravi
• [SECURITY] [DSA 3518-1] spip security update
  • From: Sebastien Delafond
• [security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information
  • From: security-alert
• [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
  • From: CORE Advisories Team
• Re: [FD] [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow
  • From: jungle Boogie
• FreeBSD Security Advisory FreeBSD-SA-16:14.openssh
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch
  • From: FreeBSD Security Advisories
• Multiple (persistent) XSS in ProjectSend
  • From: mail
• CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability
  • From: Georg Lukas
• CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability
  • From: Georg Lukas
• CVE-2016-1520: GrandStream Android VoIP App Update Redirection
  • From: Georg Lukas
• Re: [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
  • From: Derek Mahar
• [CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability
  • From: contact
• [SECURITY] [DSA 3519-1] xen security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2016-077-01)
  • From: Slackware Security Team
• Xoops 2.5.7.2 CSRF - Arbitrary User Deletions
  • From: hyp3rlinx
• Xoops 2.5.7.2 Directory Traversal Bypass
  • From: hyp3rlinx
• Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)
  • From: Laël Cellier
• Remote Code Execution via CSRF in iTop
  • From: High-Tech Bridge Security Research
• Admin Password Reset & RCE via CSRF in Dating Pro
  • From: High-Tech Bridge Security Research
• SQL Injection and RCE in WebsiteBaker
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 3520-1] icedove security update
  • From: Moritz Muehlenhoff
• [security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass
  • From: HP Security Alert
• [SECURITY] [DSA 3521-1] git security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3522-1] squid3 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3523-1] iceweasel security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3524-1] activemq security update
  • From: Moritz Muehlenhoff
• AbsoluteTelnet 10.14 DLL Hijack Code Exec
  • From: hyp3rlinx
• [security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• APPLE-SA-2016-03-21-1 iOS 9.3
  • From: Apple Product Security
• APPLE-SA-2016-03-21-2 watchOS 2.2
  • From: Apple Product Security
• APPLE-SA-2016-03-21-4 Xcode 7.3
  • From: Apple Product Security
• APPLE-SA-2016-03-21-7 OS X Server 5.1
  • From: Apple Product Security
• APPLE-SA-2016-03-21-3 tvOS 9.2
  • From: Apple Product Security
• APPLE-SA-2016-03-21-6 Safari 9.1
  • From: Apple Product Security
• APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002
  • From: Apple Product Security
• [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2
  • From: RedTeam Pentesting GmbH
• [SECURITY] [DSA 3525-1] pixman security update
  • From: Salvatore Bonaccorso
• Remote Code Execution in DVR affecting over 70 different vendors
  • From: rotem kerner
• [SECURITY] [DSA 3526-1] libmatroska security update
  • From: Sebastien Delafond
• CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported
  • From: Ken Giusti
• CA20160323-01: Security Notice for CA Single Sign-On Web Agents
  • From: Kotas, Kevin J
• Hardcoded root password in Zyxel MAX3XX series Wimax CPEs
  • From: Gianni Carabelli
• Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3528-1] pidgin-otr security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3529-1] redmine security update
  • From: Moritz Muehlenhoff
• XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section
  • From: netizen01k
• [SECURITY] [DSA 3527-1] inspircd security update
  • From: Sebastien Delafond
• [SYSS-2016-017] innovaphone IP222 - Improper Input Validation
  • From: sven . freund
• [SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts
  • From: sven . freund
• [SYSS-2016-016] innovaphone IP222 - Improper Input Validation
  • From: sven . freund
• [security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information
  • From: security-alert
• [CVE-2016-0783] Predictable password reset token
  • From: Maxim Solodovnik
• [CVE-2016-2164] Arbitrary file read via SOAP API
  • From: Maxim Solodovnik
• [CVE-2016-2163] Stored Cross Site Scripting in Event description
  • From: Maxim Solodovnik
• [SECURITY] [DSA 3530-1] tomcat6 security update
  • From: Moritz Muehlenhoff
• [slackware-security] libevent (SSA:2016-085-01)
  • From: Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2016-085-02)
  • From: Slackware Security Team
• [SECURITY] [DSA 3531-1] chromum-browser security update
  • From: Michael Gilbert
• TrendMicro DDI Cross Site Request Forgerys
  • From: hyp3rlinx
• [SECURITY] [DSA 3532-1] quagga security update
  • From: Salvatore Bonaccorso
• Validation Bypass in C2Box application : CVE - 2015-4626
  • From: harish . ramadoss
• BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542)
  • From: appsec
• BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543)
  • From: appsec
• [SECURITY] [DSA 3533-1] openvswitch security update
  • From: Salvatore Bonaccorso
• Fireware XTM Web UI - Open Redirect
  • From: Manuel Mancera
• [SECURITY] [DSA 3534-1] dhcpcd security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information
  • From: security-alert
• [SECURITY] [DSA 3535-1] kamailio security update
  • From: Moritz Muehlenhoff
• Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities
  • From: kyle Lovett
• CVE-2016-2385 Kamailio SEAS module heap buffer overflow
  • From: Stelios Tsampas
• Multiple Vulnerabilities in CubeCart
  • From: High-Tech Bridge Security Research
• [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal
  • From: Maxim Solodovnik
• Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• RE: Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability
  • From: Murray, Mike
• [SECURITY] [DSA 3536-1] libstruts1.2-java security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3537-1] imlib2 security update
  • From: Sebastien Delafond
• [SECURITY] [DSA 3538-1] libebml security update
  • From: Sebastien Delafond
• Patron Info System - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Hi Technology & Services CMS - SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities
  • From: Vulnerability Lab
• Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Dorsa Web CMS - Multiple SQL Injection Vulnerabilities
  • From: Vulnerability Lab
• Docker UI v0.10.0 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability
  • From: Vulnerability Lab