Mail Thread Index
- Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability,
Vulnerability Lab
- [SYSS-2015-073] perfact::mpa - URL Redirection to Untrusted Site,
matthias . deeg
- [SYSS-2015-072] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [SYSS-2015-071] perfact::mpa - Cross-Site Request Forgery,
matthias . deeg
- [SYSS-2015-070] perfact::mpa - Cross-Site Scripting,
matthias . deeg
- [SYSS-2015-066] perfact::mpa - Cross-Site Scripting,
matthias . deeg
- [SYSS-2015-067] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [SYSS-2015-069] perfact::mpa - Insecure Direct Object References,
matthias . deeg
- [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS),
security-alert
- Microsoft PowerPointViewer Code Execution,
hyp3rlinx
- WordPress plugin GravityForms Cross-site Scripting vulnerability,
Henri Salo
- [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in,
adrian . vollmer
- Executable installers are vulnerable^WEVIL (case 29): putty-0.66-installer.exe allowa arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- [SECURITY] [DSA 3500-1] openssl security update,
Alessandro Ghedini
- [SECURITY] [DSA 3501-1] perl security update,
Salvatore Bonaccorso
- Vivint Sky Control Panel Unauthenticated Access Vulnerability,
jeremyscott
- [security bulletin] HPSBGN03442 rev.1 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBHF03545 rev. 1 - HP EliteBook and Zbook Products with Windows NVidia Graphics Driver, Multiple Local Vulnerabilities,
HP Security Alert
- [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities,
Matteo Beccati
- Cisco Security Advisory: Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Web Security Appliance HTTPS Packet Processing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016,
Cisco Systems Product Security Incident Response Team
- Open-Xchange Security Advisory 2016-03-02,
Martin Heiland
- Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability,
David Coomber
- [security bulletin] HPSBHF03436 rev.1 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges,
HP Security Alert
- WordPress Bulk Delete Plugin [Privilege Escalation],
Panagiotis Vagenas
- [slackware-security] php (SSA:2016-062-03),
Slackware Security Team
- [slackware-security] openssl (SSA:2016-062-02),
Slackware Security Team
- [slackware-security] mailx (SSA:2016-062-01),
Slackware Security Team
- [SECURITY] [DSA 3502-1] roundup security update,
Yves-Alexis Perez
- [SECURITY] [DSA 3426-2] ctdb regression update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3503-1] linux security update,
Salvatore Bonaccorso
- [security bulletin] HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBHF03439 rev.1 - HP Commercial PCs with Sure Start, Local Denial of Service,
HP Security Alert
- [security bulletin] HPSBPI03546 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Enterprise Printers, Remote Disclosure of Information,
HP Security Alert
- [SYSS-2015-053] innovaphone IP222/IP232 - Denial of Service,
disclosure
- [SYSS-2015-064] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SYSS-2015-060] Thru Managed File Transfer Portal 9.0.2 - Improperly Implemented Security Check for Standard (REVISED),
erlijn . vangenuchten
- [SYSS-2015-059] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SYSS-2015-058] Thru Managed File Transfer Portal 9.0.2 - Insecure Direct Object Reference (REVISED),
erlijn . vangenuchten
- [SECURITY] [DSA 3506-1] libav security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3505-1] wireshark security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3504-1] bsh security update,
Sebastien Delafond
- McAfee VirusScan Enterprise security restrictions bypass,
Agazzini Maurizio
- Executable installers are vulnerable^WEVIL (case 31): MalwareBytes' installers allows arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- Executable installers are vulnerable^WEVIL (case 30): clamwin-0.99-setup.exe allows arbitrary (remote) code execution WITH escalation of privilege,
Stefan Kanthak
- [SECURITY] [DSA 3507-1] chromium-browser security update,
Michael Gilbert
- Multiple vulnerabilities in Wordpress plugin SP Projects & Document Manager,
mail
- [SECURITY] [DSA 3508-1] jasper security update,
Salvatore Bonaccorso
- Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link),
Vulnerability Lab
- ESA-2016-012: EMC Documentum xCP – User Information Disclosure Vulnerability,
Security Alert
- [slackware-security] php (SSA:2016-067-01),
Slackware Security Team
- [security bulletin] HPSBHF03557 rev.1 - HPE Networking Products using Comware 7 (CW7) running NTP, Remote Denial of Service (DoS),
security-alert
- Windows Mail Find People DLL side loading vulnerability,
Securify B.V.
- [slackware-security] samba (SSA:2016-068-02),
Slackware Security Team
- [slackware-security] mozilla-firefox (SSA:2016-068-01),
Slackware Security Team
- Thomson TWG850 Wireless Router Multiple Vulnerabilities,
Sebastian Perez
- LSE Leading Security Experts GmbH - LSE-2016-01-01 - Wordpress ProjectTheme - Multiple Vulnerabilities,
LSE-Advisories
- OS-S 2016-05 Linux aiptek Nullpointer Dereference CVE-2015-7515,
Ralf Spenneberg
- OS-S 2016-06 Linux cdc_acm Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-07 Linux cypress_m8 Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-08 Linux mct_u232 Nullpointer Dereference,
Ralf Spenneberg
- OS-S 2016-09 Linux visor clie_5_attach Nullpointer Dereference CVE-2015-7566,
Ralf Spenneberg
- OS-S 2016-10 Linux visor (treo_attach) Nullpointer Dereference CVE-2016-2782,
Ralf Spenneberg
- OS-S 2016-11 Linux wacom multiple Nullpointer Dereferences,
Ralf Spenneberg
- OS-S 2016-12 Linux digi_acceleport Nullpointer Dereference,
Ralf Spenneberg
- Cisco Security Advisory: Cisco Wireless Residential Gateway with EDVA Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory:Cisco Wireless Residential Gateway Information Disclosure Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Cable Modem with Digital Voice Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3509-1] rails security update,
Luciano Bello
- Advisory X41-2016-001: Memory Corruption Vulnerability in "libotr",
X41 D-Sec GmbH Advisories
- [CORE-2016-0004] - SAP Download Manager Password Weak Encryption,
CORE Advisories Team
- Cisco Security Advisory: Cisco ASA Content Security and Control Security Services Module Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3510-1] iceweasel security update,
Moritz Muehlenhoff
- [CORE-2016-0003] - Samsung SW Update Tool MiTM,
CORE Advisories Team
- [SECURITY] [DSA 3511-1] bind9 security update,
Michael Gilbert
- [SECURITY] [DSA 3512-1] libotr security update,
Salvatore Bonaccorso
- [SE-2012-01] Broken security fix in Oracle Java SE 7/8/9,
Security Explorations
- [slackware-security] bind (SSA:2016-069-01),
Slackware Security Team
- [slackware-security] mozilla-nss (SSA:2016-069-02),
Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-16:13.bind,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:12.openssl,
FreeBSD Security Advisories
- [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting,
Christopher Shannon
- [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking,
Christopher Shannon
- [SECURITY] [DSA 3513-1] chromium-browser security update,
Michael Gilbert
- oss-2016-13: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver),
Ralf Spenneberg
- oss-2016-14: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (gtco driver),
Ralf Spenneberg
- oss-2016-15: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver),
Ralf Spenneberg
- oss-2016-16: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (snd-usb-audio driver),
Ralf Spenneberg
- oss-2016-17: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver),
Ralf Spenneberg
- oss-2016-18: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver),
Ralf Spenneberg
- [slackware-security] openssh (SSA:2016-070-01),
Slackware Security Team
- DW Question Answer Stored XSS Vulnerability,
Rahul Pratap Singh
- WebKitGTK+ Security Advisory WSA-2016-0002,
Carlos Alberto Lopez Perez
- Microsoft Edge CDOMTextNode::get_data type confusion,
Berend-Jan Wever
- [SECURITY] [DSA 3514-1] samba security update,
Salvatore Bonaccorso
- Soundy Background Music XSS Vulnerability,
Rahul Pratap Singh
- [SECURITY] [DSA 3515-1] graphite2 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3516-1] wireshark security update,
Moritz Muehlenhoff
- Re: oss-2016-13: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (powermate driver),
amaris
- Re: oss-2016-15: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (iowarrior driver),
amaris
- Re: oss-2016-18: Multiple Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (ati_remote2 driver),
amaris
- Re: oss-2016-17: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel crashes (multiple free) on invalid USB device descriptors (snd-usb-audio driver),
amaris
- Reflected Cross-Site Scripiting in CuteEditor,
adrmm
- ChitaSoft (Web-Application) - SQL Injection Vulnerability,
Vulnerability Lab
- Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability,
Vulnerability Lab
- Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability,
Vulnerability Lab
- [security bulletin] HPSBGN03373 rev.2 - HP Release Control running TLS, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03377 rev.2 - HP Release Control running RC4, Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBGN03556 rev.1 - ArcSight ESM and ESM Express, Remote Arbitrary File Download, Local Arbitrary Command Execution,
security-alert
- Defense in depth -- the Microsoft way (part 39): vulnerabilities, please meet the bar for security servicing,
Stefan Kanthak
- [ANNOUNCE][CVE-2016-0779] Apache TomEE 1.7.4 and 7.0.0-M3 releases,
Romain Manni-Bucau
- [slackware-security] git (SSA:2016-075-01),
Slackware Security Team
- [slackware-security] seamonkey (SSA:2016-075-02),
Slackware Security Team
- Reflected Cross-Site Scripting (XSS) Vulnerability in Litecart CMS,
rsrathoreravi
- [SECURITY] [DSA 3518-1] spip security update,
Sebastien Delafond
- [security bulletin] HPSBGN03558 rev.1 - ArcSight ESM and ESM Express, Remote Disclosure of Sensitive Information,
security-alert
- [CORE-2016-0005] - FreeBSD Kernel amd64_set_ldt Heap Overflow,
CORE Advisories Team
- FreeBSD Security Advisory FreeBSD-SA-16:14.openssh,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch,
FreeBSD Security Advisories
- Multiple (persistent) XSS in ProjectSend,
mail
- CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability,
Georg Lukas
- CVE-2016-1519: GrandStream Android VoIP App TLS MitM Vulnerability,
Georg Lukas
- CVE-2016-1520: GrandStream Android VoIP App Update Redirection,
Georg Lukas
- [CVE-2016-2345] Solarwinds Dameware Mini Remote Control Remote Code Execution Vulnerability,
contact
- [SECURITY] [DSA 3519-1] xen security update,
Moritz Muehlenhoff
- [slackware-security] mozilla-firefox (SSA:2016-077-01),
Slackware Security Team
- Xoops 2.5.7.2 CSRF - Arbitrary User Deletions,
hyp3rlinx
- Xoops 2.5.7.2 Directory Traversal Bypass,
hyp3rlinx
- Re: server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315),
Laël Cellier
- Remote Code Execution via CSRF in iTop,
High-Tech Bridge Security Research
- Admin Password Reset & RCE via CSRF in Dating Pro,
High-Tech Bridge Security Research
- SQL Injection and RCE in WebsiteBaker,
High-Tech Bridge Security Research
- [SECURITY] [DSA 3520-1] icedove security update,
Moritz Muehlenhoff
- [security bulletin] HPSBGN03438 rev.1 - HP Support Assistant, Local Authentication Bypass,
HP Security Alert
- [SECURITY] [DSA 3521-1] git security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3522-1] squid3 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3523-1] iceweasel security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3524-1] activemq security update,
Moritz Muehlenhoff
- AbsoluteTelnet 10.14 DLL Hijack Code Exec,
hyp3rlinx
- [security bulletin] HPSBGN03551 rev.1 - HPE Helion Development Platform using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03560 rev.1 - HP Operations Orchestration using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBMU03562 rev.1 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- APPLE-SA-2016-03-21-1 iOS 9.3,
Apple Product Security
- APPLE-SA-2016-03-21-2 watchOS 2.2,
Apple Product Security
- APPLE-SA-2016-03-21-4 Xcode 7.3,
Apple Product Security
- APPLE-SA-2016-03-21-7 OS X Server 5.1,
Apple Product Security
- APPLE-SA-2016-03-21-3 tvOS 9.2,
Apple Product Security
- APPLE-SA-2016-03-21-6 Safari 9.1,
Apple Product Security
- APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002,
Apple Product Security
- [RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2,
RedTeam Pentesting GmbH
- [SECURITY] [DSA 3525-1] pixman security update,
Salvatore Bonaccorso
- Remote Code Execution in DVR affecting over 70 different vendors,
rotem kerner
- [SECURITY] [DSA 3526-1] libmatroska security update,
Sebastien Delafond
- CVE-2016-2166: Apache Qpid Proton python binding silently ignores request for 'amqps' if SSL/TLS not supported,
Ken Giusti
- CA20160323-01: Security Notice for CA Single Sign-On Web Agents,
Kotas, Kevin J
- Hardcoded root password in Zyxel MAX3XX series Wimax CPEs,
Gianni Carabelli
- Cisco Security Advisory: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3528-1] pidgin-otr security update,
Sebastien Delafond
- [SECURITY] [DSA 3529-1] redmine security update,
Moritz Muehlenhoff
- XSS (Cross Site Scripting) in Social CRM & Community Solutions powered by Lithium in Knowledge base section,
netizen01k
- [SECURITY] [DSA 3527-1] inspircd security update,
Sebastien Delafond
- [SYSS-2016-017] innovaphone IP222 - Improper Input Validation,
sven . freund
- [SYSS-2016-018] innovaphone IP222 - Improper Restriction of Excessive Authentication Attempts,
sven . freund
- [SYSS-2016-016] innovaphone IP222 - Improper Input Validation,
sven . freund
- [security bulletin] HPSBMU03562 rev.2 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03563 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Local Denial of Service (DoS), Disclosure of Information,
security-alert
- [CVE-2016-0783] Predictable password reset token,
Maxim Solodovnik
- [CVE-2016-2164] Arbitrary file read via SOAP API,
Maxim Solodovnik
- [CVE-2016-2163] Stored Cross Site Scripting in Event description,
Maxim Solodovnik
- [SECURITY] [DSA 3530-1] tomcat6 security update,
Moritz Muehlenhoff
- [slackware-security] libevent (SSA:2016-085-01),
Slackware Security Team
- [slackware-security] mozilla-thunderbird (SSA:2016-085-02),
Slackware Security Team
- [SECURITY] [DSA 3531-1] chromum-browser security update,
Michael Gilbert
- TrendMicro DDI Cross Site Request Forgerys,
hyp3rlinx
- [SECURITY] [DSA 3532-1] quagga security update,
Salvatore Bonaccorso
- Validation Bypass in C2Box application : CVE - 2015-4626,
harish . ramadoss
- BMC-2015-0010: User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux RSCD Agent (CVE-2016-1542),
appsec
- BMC-2015-0011: Unauthorized password reset vulnerability in BMC Server Automation (BSA) (CVE-2016-1543),
appsec
- [SECURITY] [DSA 3533-1] openvswitch security update,
Salvatore Bonaccorso
- Fireware XTM Web UI - Open Redirect,
Manuel Mancera
- [SECURITY] [DSA 3534-1] dhcpcd security update,
Salvatore Bonaccorso
- [security bulletin] HPSBGN03444 rev.2 - HPE Network Automation, Remote Code Execution, Disclosure of Sensitive Information,
security-alert
- [SECURITY] [DSA 3535-1] kamailio security update,
Moritz Muehlenhoff
- Easy Hosting Control Panel (EHCP) - Multiple Vulnerabilities,
kyle Lovett
- CVE-2016-2385 Kamailio SEAS module heap buffer overflow,
Stelios Tsampas
- Multiple Vulnerabilities in CubeCart,
High-Tech Bridge Security Research
- [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal,
Maxim Solodovnik
- Cisco Security Advisory: Cisco Firepower Malware Block Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3536-1] libstruts1.2-java security update,
Sebastien Delafond
- [SECURITY] [DSA 3537-1] imlib2 security update,
Sebastien Delafond
- [SECURITY] [DSA 3538-1] libebml security update,
Sebastien Delafond
- Patron Info System - SQL Injection Vulnerability,
Vulnerability Lab
- Hi Technology & Services CMS - SQL Injection Vulnerabilities,
Vulnerability Lab
- WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities,
Vulnerability Lab
- Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities,
Vulnerability Lab
- Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- Dorsa Web CMS - Multiple SQL Injection Vulnerabilities,
Vulnerability Lab
- Docker UI v0.10.0 - Multiple Persistent Vulnerabilities,
Vulnerability Lab
- Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability,
Vulnerability Lab
Mail converted by MHonArc