Mail Index

• Thread Index

• Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• WebKitGTK+ Security Advisory WSA-2016-0003
  • From: Carlos Alberto Lopez Perez
• APPLE-SA-2016-03-31-1 iBooks Author 2.4.1
  • From: Apple Product Security
• [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files
  • From: HP Security Alert
• [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files
  • From: security-alert
• [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities
  • From: security-alert
• [slackware-security] php (SSA:2016-092-02)
  • From: Slackware Security Team
• [slackware-security] mercurial (SSA:2016-092-01)
  • From: Slackware Security Team
• [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS)
  • From: security-alert
• Open-Xchange Security Advisory 2016-04-02
  • From: Martin Heiland
• [SECURITY] [DSA 3539-1] srtp security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3540-1] lhasa security update
  • From: Moritz Muehlenhoff
• Bugcrowd CSV injection vulnerability
  • From: Hack Ex
• Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability
  • From: Vulnerability Lab
• ManageEngine Password Manager Pro Multiple Vulnerabilities
  • From: Sebastian Perez
• CVE-2016-2191: optipng: invalid write
  • From: Hans Jerry Illikainen
• [SE-2012-01] Broken security fix in IBM Java 7/8
  • From: Security Explorations
• ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability
  • From: Security Alert
• Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit
  • From: lists@xxxxxxxxxxxxxxxxxx
• [slackware-security] mozilla-thunderbird (SSA:2016-095-01)
  • From: Slackware Security Team
• [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
  • From: security-alert
• [SECURITY] [DSA 3541-1] roundcube security update
  • From: Sebastien Delafond
• Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3542-1] mercurial security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3543-1] oar security update
  • From: Moritz Muehlenhoff
• Re: [SE-2012-01] Broken security fix in IBM Java 7/8
  • From: Security Explorations
• CA20160405-01: Security Notice for CA API Gateway
  • From: Kotas, Kevin J
• op5 v7.1.9 Remote Command Execution
  • From: apparitionsec
• [slackware-security] subversion (SSA:2016-097-01)
  • From: Slackware Security Team
• RE: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability
  • From: Jacques GRILLOT
• SQL Injection in SocialEngine
  • From: High-Tech Bridge Security Research
• CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
  • From: Hector Marco-Gisbert
• Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF)
  • From: security-alert
• Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability
  • From: Vulnerability Lab
• Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities
  • From: Vulnerability Lab
• Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection
  • From: security-alert
• [SECURITY] [DSA 3544-1] python-django security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3545-1] cgit security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3546-1] optipng security update
  • From: Moritz Muehlenhoff
• AccelSite Content Manager v1.0 - SQL Injection Vulnerability
  • From: Vulnerability Lab
• JAWS Weak Service Permissions leads to Privilege Escalation
  • From: Heimbuecher003
• CVE-2015-3268: Apache OFBiz information disclosure vulnerability
  • From: jleroux@xxxxxxxxxx
• CVE-2016-2170: Apache OFBiz information disclosure vulnerability
  • From: jleroux@xxxxxxxxxx
• WPN-XM Serverstack v0.8.6 XSS
  • From: hyp3rlinx
• CSRF - MySQL / PHP.INI Hijacking
  • From: hyp3rlinx
• WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking
  • From: hyp3rlinx
• WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking
  • From: hyp3rlinx
• Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
  • From: iedb . team
• OpenCart json_decode function Remote PHP Code Execution
  • From: r3s34rch3r
• Directadmin ControlPanel 1.50.0 Version Xss Vulnerability
  • From: iedb . team
• Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability
  • From: iedb . team
• [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0
  • From: Pedro Ribeiro
• Blind SQL injections in CivicRM
  • From: Simon Waters (Surevine)
• ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability
  • From: Security Alert
• [SECURITY] [DSA 3547-1] imagemagick security update
  • From: Luciano Bello
• [SECURITY] [DSA 3485-2] didiwiki security update
  • From: Sebastien Delafond
• Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability
  • From: Vulnerability Lab
• Open redirect on Google.com
  • From: research
• .NET Framework 4.6 allows side loading of Windows API Set DLL
  • From: Securify B.V.
• CAM UnZip v5.1 Archive Directory Traversal
  • From: hyp3rlinx
• [SE-2012-01] Yet another broken security fix in IBM Java 7/8
  • From: Security Explorations
• Vbulletin Cms (Sendmessage.php Page) 0Day Exploit
  • From: iedb . team
• Webline CMS (2016Q2) - SQL Injection Vulnerability
  • From: Vulnerability Lab
• Mybb Cms (create forum and edit) Cross-Site Script Vulnerability
  • From: iedb . team
• Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3548-1] samba security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3548-2] samba regression update
  • From: Salvatore Bonaccorso
• Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Mybb Cms (private.php Page) Denial Of Service Vulnerability
  • From: iedb . team
• Securing Android Applications from Screen Capture
  • From: research
• ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability
  • From: Security Alert
• NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin
  • From: VMware Security Response Center
• AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk
  • From: Asterisk Security Team
• AST-2016-005: TCP denial of service in PJProject
  • From: Asterisk Security Team
• [SECURITY] [DSA 3549-1] chromium-browser security update
  • From: Michael Gilbert
• [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability
  • From: ERPScan inc
• [ERPSCAN-16-002] SAP HANA - log injection and no size restriction
  • From: ERPScan inc
• [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues
  • From: ERPScan inc
• Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability
  • From: Sandro Poppi
• [SECURITY] [DSA 3550-1] openssh security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2016-106-01)
  • From: Slackware Security Team
• [slackware-security] samba (SSA:2016-106-02)
  • From: Slackware Security Team
• [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android
  • From: urikanonov
• Ahrare Andeysheh Cms Multiple Vulnerabilities
  • From: iesb . team
• [SECURITY] [DSA 3551-1] fuseiso security update
  • From: Florian Weimer
• [SECURITY] [DSA 3552-1] tomcat7 security update
  • From: Moritz Muehlenhoff
• CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030)
  • From: klaus . eisentraut
• [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges
  • From: security-alert
• [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege
  • From: Stefan Kanthak
• [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability
  • From: ERPScan inc
• [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability
  • From: ERPScan inc
• Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1
  • From: research@xxxxxxxxxx
• ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities
  • From: Security Alert
• [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information
  • From: security-alert
• PHPBack v1.3.0 SQL Injection
  • From: apparitionsec
• *.Shell.com Port 443 DROWN decryption attack
  • From: shell
• shell.com vulnerable TLS
  • From: shell
• RCE via CSRF in phpMyFAQ
  • From: High-Tech Bridge Security Research
• Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Webutler CMS 3.2 - Cross-Site Request Forgery
  • From: displaymyname
• OpenTSDB RCE
  • From: gsoc
• exploit CVE-2016-2203
  • From: karim reda Fakhir
• CVE-2016-3074: libgd: signedness vulnerability
  • From: Hans Jerry Illikainen
• [SECURITY] [DSA 3554-1] xen security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3553-1] varnish security update
  • From: Sebastien Delafond
• SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app
  • From: SEC Consult Vulnerability Lab
• SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
  • From: security-alert
• [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information
  • From: security-alert
• Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109)
  • From: david . vieira-kurz
• Persian-woocommerce-sms XSS Vulnerability
  • From: Rahul Pratap Singh
• Tweet-wheel XSS Vulnerability
  • From: Rahul Pratap Singh
• Echosign Plugin for WordPress XSS Vulnerability
  • From: Rahul Pratap Singh
• Google SEO Pressor Snippet Plugin XSS Vulnerability
  • From: Rahul Pratap Singh
• Easy Social Share Buttons for WordPress XSS Vulnerability
  • From: Rahul Pratap Singh
• CM-AD-Changer XSS Vulnerability
  • From: Rahul Pratap Singh
• Unlimited Pop-Ups WordPress Plugin XSS Vulnerability
  • From: Rahul Pratap Singh
• [SECURITY] [DSA 3555-1] imlib2 security update
  • From: Alessandro Ghedini
• [SECURITY] [DSA 3556-1] libgd2 security update
  • From: Salvatore Bonaccorso
• Telisca IPS Lock 2 Vulnerability
  • From: karim reda Fakhir
• C & C++ for OS - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• UBNT Bug Bounty #2 - XML External Entity Vulnerability
  • From: Vulnerability Lab
• Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Negin Group CMS - (v) Multiple Web Vulnerabilities
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS)
  • From: security-alert
• Trend Micro (Account) - Email Spoofing Web Vulnerability
  • From: Vulnerability Lab
• VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability
  • From: Vulnerability Lab
• Sophos XG Firewall (SF01V) - Persistent Web Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3557-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3558-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2016-117-01)
  • From: Slackware Security Team
• Oracle Discoverer Viewer BI - Open Redirect Vulnerability
  • From: Vulnerability Lab
• EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection
  • From: Securify B.V.
• [SECURITY] [DSA 3559-1] iceweasel security update
  • From: Moritz Muehlenhoff
• CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS
  • From: Tony Homer
• CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
  • From: Tony Homer
• Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability
  • From: Mahmut Firuz Dumlupinar - Vendor
• CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS
  • From: Tony Homer
• [SECURITY] [DSA 3560-1] php5 security update
  • From: Salvatore Bonaccorso
• CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*
  • From: Hans Jerry Illikainen
• [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS)
  • From: security-alert
• Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream
  • From: Stefan Kanthak
• Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• SQL Injection in GLPI
  • From: High-Tech Bridge Security Research
• [SECURITY] [DSA 3561-1] subversion security update
  • From: Salvatore Bonaccorso