Mail Thread Index

• Date Index

• Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• WebKitGTK+ Security Advisory WSA-2016-0003, Carlos Alberto Lopez Perez
• APPLE-SA-2016-03-31-1 iBooks Author 2.4.1, Apple Product Security
• [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files, HP Security Alert
• [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution, security-alert
• [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files, security-alert
• [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities, security-alert
• [slackware-security] php (SSA:2016-092-02), Slackware Security Team
• [slackware-security] mercurial (SSA:2016-092-01), Slackware Security Team
• [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS), security-alert
• Open-Xchange Security Advisory 2016-04-02, Martin Heiland
• [SECURITY] [DSA 3539-1] srtp security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3540-1] lhasa security update, Moritz Muehlenhoff
• Bugcrowd CSV injection vulnerability, Hack Ex
• Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability, Vulnerability Lab
• FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability, Vulnerability Lab
  • RE: FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability, Jacques GRILLOT
• ManageEngine Password Manager Pro Multiple Vulnerabilities, Sebastian Perez
• CVE-2016-2191: optipng: invalid write, Hans Jerry Illikainen
• [SE-2012-01] Broken security fix in IBM Java 7/8, Security Explorations
  • Re: [SE-2012-01] Broken security fix in IBM Java 7/8, Security Explorations
• ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability, Security Alert
• Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit, lists@xxxxxxxxxxxxxxxxxx
• [slackware-security] mozilla-thunderbird (SSA:2016-095-01), Slackware Security Team
• [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information, security-alert
• [SECURITY] [DSA 3541-1] roundcube security update, Sebastien Delafond
• Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3542-1] mercurial security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3543-1] oar security update, Moritz Muehlenhoff
• CA20160405-01: Security Notice for CA API Gateway, Kotas, Kevin J
• op5 v7.1.9 Remote Command Execution, apparitionsec
• [slackware-security] subversion (SSA:2016-097-01), Slackware Security Team
• SQL Injection in SocialEngine, High-Tech Bridge Security Research
• CVE-2016-3672 - Unlimiting the stack not longer disables ASLR, Hector Marco-Gisbert
• Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information, security-alert
• [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF), security-alert
• Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability, Vulnerability Lab
• Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability, Vulnerability Lab
• Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities, Vulnerability Lab
• Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability, Vulnerability Lab
• Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection, security-alert
• [SECURITY] [DSA 3544-1] python-django security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3545-1] cgit security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3546-1] optipng security update, Moritz Muehlenhoff
• AccelSite Content Manager v1.0 - SQL Injection Vulnerability, Vulnerability Lab
• JAWS Weak Service Permissions leads to Privilege Escalation, Heimbuecher003
• CVE-2015-3268: Apache OFBiz information disclosure vulnerability, jleroux@xxxxxxxxxx
• CVE-2016-2170: Apache OFBiz information disclosure vulnerability, jleroux@xxxxxxxxxx
• WPN-XM Serverstack v0.8.6 XSS, hyp3rlinx
• CSRF - MySQL / PHP.INI Hijacking, hyp3rlinx
• WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking, hyp3rlinx
  • <Possible follow-ups>
  • WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking, hyp3rlinx
• Directadmin ControlPanel 1.50.0 Version Xss Vulnerability, iedb . team
  • <Possible follow-ups>
  • Directadmin ControlPanel 1.50.0 Version Xss Vulnerability, iedb . team
• OpenCart json_decode function Remote PHP Code Execution, r3s34rch3r
• Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability, iedb . team
• [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0, Pedro Ribeiro
• Blind SQL injections in CivicRM, Simon Waters (Surevine)
• ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability, Security Alert
• [SECURITY] [DSA 3547-1] imagemagick security update, Luciano Bello
• [SECURITY] [DSA 3485-2] didiwiki security update, Sebastien Delafond
• Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability, Vulnerability Lab
• Open redirect on Google.com, research
• .NET Framework 4.6 allows side loading of Windows API Set DLL, Securify B.V.
• CAM UnZip v5.1 Archive Directory Traversal, hyp3rlinx
• [SE-2012-01] Yet another broken security fix in IBM Java 7/8, Security Explorations
• Vbulletin Cms (Sendmessage.php Page) 0Day Exploit, iedb . team
• Webline CMS (2016Q2) - SQL Injection Vulnerability, Vulnerability Lab
• Mybb Cms (create forum and edit) Cross-Site Script Vulnerability, iedb . team
• Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability, Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3548-1] samba security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3548-2] samba regression update, Salvatore Bonaccorso
• Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
  • <Possible follow-ups>
  • Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• Mybb Cms (private.php Page) Denial Of Service Vulnerability, iedb . team
• Securing Android Applications from Screen Capture, research
• ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability, Security Alert
• NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin, VMware Security Response Center
• AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk, Asterisk Security Team
• AST-2016-005: TCP denial of service in PJProject, Asterisk Security Team
• [SECURITY] [DSA 3549-1] chromium-browser security update, Michael Gilbert
• [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability, ERPScan inc
• [ERPSCAN-16-002] SAP HANA - log injection and no size restriction, ERPScan inc
• [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues, ERPScan inc
• Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability, Sandro Poppi
• [SECURITY] [DSA 3550-1] openssh security update, Moritz Muehlenhoff
• [slackware-security] mozilla-thunderbird (SSA:2016-106-01), Slackware Security Team
• [slackware-security] samba (SSA:2016-106-02), Slackware Security Team
• [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android, urikanonov
• Ahrare Andeysheh Cms Multiple Vulnerabilities, iesb . team
• [SECURITY] [DSA 3551-1] fuseiso security update, Florian Weimer
• [SECURITY] [DSA 3552-1] tomcat7 security update, Moritz Muehlenhoff
• CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030), klaus . eisentraut
• [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges, security-alert
• [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution, security-alert
• Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege, Stefan Kanthak
• [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability, ERPScan inc
  • Re: [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability, Mahmut Firuz Dumlupinar - Vendor
• [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability, ERPScan inc
• Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1, research@xxxxxxxxxx
• ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities, Security Alert
• [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information, security-alert
• PHPBack v1.3.0 SQL Injection, apparitionsec
• *.Shell.com Port 443 DROWN decryption attack, shell
• shell.com vulnerable TLS, shell
• RCE via CSRF in phpMyFAQ, High-Tech Bridge Security Research
• Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Webutler CMS 3.2 - Cross-Site Request Forgery, displaymyname
• OpenTSDB RCE, gsoc
• exploit CVE-2016-2203, karim reda Fakhir
• CVE-2016-3074: libgd: signedness vulnerability, Hans Jerry Illikainen
• [SECURITY] [DSA 3554-1] xen security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3553-1] varnish security update, Sebastien Delafond
• SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app, SEC Consult Vulnerability Lab
• SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator, SEC Consult Vulnerability Lab
• [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information, security-alert
• [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information, security-alert
• Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109), david . vieira-kurz
• Persian-woocommerce-sms XSS Vulnerability, Rahul Pratap Singh
• Tweet-wheel XSS Vulnerability, Rahul Pratap Singh
• Echosign Plugin for WordPress XSS Vulnerability, Rahul Pratap Singh
• Google SEO Pressor Snippet Plugin XSS Vulnerability, Rahul Pratap Singh
• Easy Social Share Buttons for WordPress XSS Vulnerability, Rahul Pratap Singh
• CM-AD-Changer XSS Vulnerability, Rahul Pratap Singh
• Unlimited Pop-Ups WordPress Plugin XSS Vulnerability, Rahul Pratap Singh
• [SECURITY] [DSA 3555-1] imlib2 security update, Alessandro Ghedini
• [SECURITY] [DSA 3556-1] libgd2 security update, Salvatore Bonaccorso
• Telisca IPS Lock 2 Vulnerability, karim reda Fakhir
• C & C++ for OS - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability, Vulnerability Lab
• UBNT Bug Bounty #2 - XML External Entity Vulnerability, Vulnerability Lab
• Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities, Vulnerability Lab
• Negin Group CMS - (v) Multiple Web Vulnerabilities, Vulnerability Lab
• [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS), security-alert
• Trend Micro (Account) - Email Spoofing Web Vulnerability, Vulnerability Lab
• VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability, Vulnerability Lab
• Sophos XG Firewall (SF01V) - Persistent Web Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3557-1] mysql-5.5 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3558-1] openjdk-7 security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2016-117-01), Slackware Security Team
• Oracle Discoverer Viewer BI - Open Redirect Vulnerability, Vulnerability Lab
• EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection, Securify B.V.
• [SECURITY] [DSA 3559-1] iceweasel security update, Moritz Muehlenhoff
• CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS, Tony Homer
• CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS, Tony Homer
  • <Possible follow-ups>
  • CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS, Tony Homer
• [SECURITY] [DSA 3560-1] php5 security update, Salvatore Bonaccorso
• CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*, Hans Jerry Illikainen
• [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS), security-alert
• Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream, Stefan Kanthak
• Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• SQL Injection in GLPI, High-Tech Bridge Security Research
• [SECURITY] [DSA 3561-1] subversion security update, Salvatore Bonaccorso