Mail Thread Index
- Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- WebKitGTK+ Security Advisory WSA-2016-0003,
Carlos Alberto Lopez Perez
- APPLE-SA-2016-03-31-1 iBooks Author 2.4.1,
Apple Product Security
- [security bulletin] HPSBGN3547 rev.1 - HP Device Manager, Remote Read Access to Arbitrary Files,
HP Security Alert
- [security bulletin] HPSBGN03567 rev.1 - HP Asset Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Bypass, Arbitrary Code Execution, Execution of Arbitrary Code With Privilege Elevation, Unauthorized Read Access to Files,
security-alert
- [security bulletin] HPSBHF03431 rev.3 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities,
security-alert
- [slackware-security] php (SSA:2016-092-02),
Slackware Security Team
- [slackware-security] mercurial (SSA:2016-092-01),
Slackware Security Team
- [security bulletin] HPSBGN03565 rev.1 - HPE Virtualization Performance Viewer, Local Denial of Service (DoS),
security-alert
- Open-Xchange Security Advisory 2016-04-02,
Martin Heiland
- [SECURITY] [DSA 3539-1] srtp security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3540-1] lhasa security update,
Moritz Muehlenhoff
- Bugcrowd CSV injection vulnerability,
Hack Ex
- Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability,
Vulnerability Lab
- FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability,
Vulnerability Lab
- ManageEngine Password Manager Pro Multiple Vulnerabilities,
Sebastian Perez
- CVE-2016-2191: optipng: invalid write,
Hans Jerry Illikainen
- [SE-2012-01] Broken security fix in IBM Java 7/8,
Security Explorations
- ESA-2016-034: EMC Documentum D2 Configuration Object Vulnerability,
Security Alert
- Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares Exploit,
lists@xxxxxxxxxxxxxxxxxx
- [slackware-security] mozilla-thunderbird (SSA:2016-095-01),
Slackware Security Team
- [security bulletin] HPSBGN03569 rev.1 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 3541-1] roundcube security update,
Sebastien Delafond
- Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3542-1] mercurial security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3543-1] oar security update,
Moritz Muehlenhoff
- CA20160405-01: Security Notice for CA API Gateway,
Kotas, Kevin J
- op5 v7.1.9 Remote Command Execution,
apparitionsec
- [slackware-security] subversion (SSA:2016-097-01),
Slackware Security Team
- SQL Injection in SocialEngine,
High-Tech Bridge Security Research
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR,
Hector Marco-Gisbert
- Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco UCS Invicta Default SSH Key Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03569 rev.2 - HPE OneView for VMware vCenter (OV4VC), Remote Disclosure of Information,
security-alert
- [security bulletin] HPSBST03568 rev.1 - HP XP7 Command View Advanced Edition Suite including Device Manager and Hitachi Automation Director (HAD), Remote Server-Side Request Forgery (SSRF),
security-alert
- Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability,
Vulnerability Lab
- Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability,
Vulnerability Lab
- Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities,
Vulnerability Lab
- Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability,
Vulnerability Lab
- Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- [security bulletin] HPSBGN03570 rev.1 - HPE Universal CMDB, Remote Information Disclosure, URL Redirection,
security-alert
- [SECURITY] [DSA 3544-1] python-django security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3545-1] cgit security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3546-1] optipng security update,
Moritz Muehlenhoff
- AccelSite Content Manager v1.0 - SQL Injection Vulnerability,
Vulnerability Lab
- JAWS Weak Service Permissions leads to Privilege Escalation,
Heimbuecher003
- CVE-2015-3268: Apache OFBiz information disclosure vulnerability,
jleroux@xxxxxxxxxx
- CVE-2016-2170: Apache OFBiz information disclosure vulnerability,
jleroux@xxxxxxxxxx
- WPN-XM Serverstack v0.8.6 XSS,
hyp3rlinx
- CSRF - MySQL / PHP.INI Hijacking,
hyp3rlinx
- WPN-XM Serverstack v0.8.6 CSRF - MySQL / PHP.INI Hijacking,
hyp3rlinx
- Directadmin ControlPanel 1.50.0 Version Xss Vulnerability,
iedb . team
- OpenCart json_decode function Remote PHP Code Execution,
r3s34rch3r
- Directadmin cp ( Delete User ) 1.50.0 Version Xss Vulnerability,
iedb . team
- [Multiple CVE]: RCE, info disclosure, HQL injection and stored XSS in Novell Service Desk 7.1.0,
Pedro Ribeiro
- Blind SQL injections in CivicRM,
Simon Waters (Surevine)
- ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra’s Attack Vulnerability,
Security Alert
- [SECURITY] [DSA 3547-1] imagemagick security update,
Luciano Bello
- [SECURITY] [DSA 3485-2] didiwiki security update,
Sebastien Delafond
- Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability,
Vulnerability Lab
- Open redirect on Google.com,
research
- .NET Framework 4.6 allows side loading of Windows API Set DLL,
Securify B.V.
- CAM UnZip v5.1 Archive Directory Traversal,
hyp3rlinx
- [SE-2012-01] Yet another broken security fix in IBM Java 7/8,
Security Explorations
- Vbulletin Cms (Sendmessage.php Page) 0Day Exploit,
iedb . team
- Webline CMS (2016Q2) - SQL Injection Vulnerability,
Vulnerability Lab
- Mybb Cms (create forum and edit) Cross-Site Script Vulnerability,
iedb . team
- Cisco Security Advisory:Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3548-1] samba security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3548-2] samba regression update,
Salvatore Bonaccorso
- Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- Mybb Cms (private.php Page) Denial Of Service Vulnerability,
iedb . team
- Securing Android Applications from Screen Capture,
research
- ESA-2016-036: EMC Unisphere for VMAX Virtual Appliance Arbitrary File Upload Vulnerability,
Security Alert
- NEW VMSA-2016-0004 VMware product updates address a critical security issue in the VMware Client Integration Plugin,
VMware Security Response Center
- AST-2016-004: Long Contact URIs in REGISTER requests can crash Asterisk,
Asterisk Security Team
- AST-2016-005: TCP denial of service in PJProject,
Asterisk Security Team
- [SECURITY] [DSA 3549-1] chromium-browser security update,
Michael Gilbert
- [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability,
ERPScan inc
- [ERPSCAN-16-002] SAP HANA - log injection and no size restriction,
ERPScan inc
- [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues,
ERPScan inc
- Microsoft Internet Explorer 11 MSHTML.DLL Remote Binary Planting Vulnerability,
Sandro Poppi
- [SECURITY] [DSA 3550-1] openssh security update,
Moritz Muehlenhoff
- [slackware-security] mozilla-thunderbird (SSA:2016-106-01),
Slackware Security Team
- [slackware-security] samba (SSA:2016-106-02),
Slackware Security Team
- [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android,
urikanonov
- Ahrare Andeysheh Cms Multiple Vulnerabilities,
iesb . team
- [SECURITY] [DSA 3551-1] fuseiso security update,
Florian Weimer
- [SECURITY] [DSA 3552-1] tomcat7 security update,
Moritz Muehlenhoff
- CVE-2016-4021: pgpdump 0.29 - Endless loop parsing specially crafted input (SYSS-2016-030),
klaus . eisentraut
- [security bulletin] HPSBGN03555 rev.1 - HPE Vertica Analytics, Management Console, Remote Disclosure of Sensitive information, Execution of Arbitrary Code with Root Privileges,
security-alert
- [security bulletin] HPSBST03576 rev.2 - HP P9000, XP7 Command View Advanced Edition (CVAE) Suite including Device Manager and Tiered Storage Manager using Java Deserialization, Remote Arbitrary Code Execution,
security-alert
- Executable installers are vulnerable^WEVIL (case 33): GData's installers allow escalation of privilege,
Stefan Kanthak
- [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability,
ERPScan inc
- [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability,
ERPScan inc
- Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1,
research@xxxxxxxxxx
- ESA-2016-039: EMC ViPR SRM Multiple Cross-Site Request Forgery Vulnerabilities,
Security Alert
- [security bulletin] HPSBMU03575 rev.1 - HP Smart Update Manager (SUM), Remote Denial of Service (DoS), Disclosure of Information,
security-alert
- PHPBack v1.3.0 SQL Injection,
apparitionsec
- *.Shell.com Port 443 DROWN decryption attack,
shell
- shell.com vulnerable TLS,
shell
- RCE via CSRF in phpMyFAQ,
High-Tech Bridge Security Research
- Cisco Security Advisory: Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Multiple Cisco Products libSRTP Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- Webutler CMS 3.2 - Cross-Site Request Forgery,
displaymyname
- OpenTSDB RCE,
gsoc
- exploit CVE-2016-2203,
karim reda Fakhir
- CVE-2016-3074: libgd: signedness vulnerability,
Hans Jerry Illikainen
- [SECURITY] [DSA 3554-1] xen security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3553-1] varnish security update,
Sebastien Delafond
- SEC Consult SA-20160422-0 :: Insecure credential storage in my devolo Android app,
SEC Consult Vulnerability Lab
- SEC Consult SA-20160422-1 :: Multiple vulnerabilities in Digitalstrom Konfigurator,
SEC Consult Vulnerability Lab
- [security bulletin] HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information,
security-alert
- [security bulletin] HPSBMU03573 rev.1 - HPE System Management Homepage (SMH), Remote Disclosure of Information,
security-alert
- Remote Code Execution in Shopware <5.1.5 (CVE-2016-3109),
david . vieira-kurz
- Persian-woocommerce-sms XSS Vulnerability,
Rahul Pratap Singh
- Tweet-wheel XSS Vulnerability,
Rahul Pratap Singh
- Echosign Plugin for WordPress XSS Vulnerability,
Rahul Pratap Singh
- Google SEO Pressor Snippet Plugin XSS Vulnerability,
Rahul Pratap Singh
- Easy Social Share Buttons for WordPress XSS Vulnerability,
Rahul Pratap Singh
- CM-AD-Changer XSS Vulnerability,
Rahul Pratap Singh
- Unlimited Pop-Ups WordPress Plugin XSS Vulnerability,
Rahul Pratap Singh
- [SECURITY] [DSA 3555-1] imlib2 security update,
Alessandro Ghedini
- [SECURITY] [DSA 3556-1] libgd2 security update,
Salvatore Bonaccorso
- Telisca IPS Lock 2 Vulnerability,
karim reda Fakhir
- C & C++ for OS - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- UBNT Bug Bounty #2 - XML External Entity Vulnerability,
Vulnerability Lab
- Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities,
Vulnerability Lab
- Negin Group CMS - (v) Multiple Web Vulnerabilities,
Vulnerability Lab
- [security bulletin] HPSBGN03582 rev.1 - HPE Helion CloudSystem using glibc, Remote Code Execution, Denial of Service (DoS),
security-alert
- Trend Micro (Account) - Email Spoofing Web Vulnerability,
Vulnerability Lab
- VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability,
Vulnerability Lab
- Sophos XG Firewall (SF01V) - Persistent Web Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3557-1] mysql-5.5 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3558-1] openjdk-7 security update,
Moritz Muehlenhoff
- [slackware-security] mozilla-firefox (SSA:2016-117-01),
Slackware Security Team
- Oracle Discoverer Viewer BI - Open Redirect Vulnerability,
Vulnerability Lab
- EMC M&R (Watch4net) lacks Cross-Site Request Forgery protection,
Securify B.V.
- [SECURITY] [DSA 3559-1] iceweasel security update,
Moritz Muehlenhoff
- CVE-2015-5208 - Arbitrary plugin execution issue in Apache Cordova iOS,
Tony Homer
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS,
Tony Homer
- [SECURITY] [DSA 3560-1] php5 security update,
Salvatore Bonaccorso
- CVE-2016-3078: php: integer overflow in ZipArchive::getFrom*,
Hans Jerry Illikainen
- [security bulletin] HPSBUX03583 SSRT110084 rev.1 - HP-UX BIND Service running Named, Remote Denial of Service (DoS),
security-alert
- Mozilla doesn't care for upstream security fixes, and doesn't bother to send own security fixes upstream,
Stefan Kanthak
- Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- SQL Injection in GLPI,
High-Tech Bridge Security Research
- [SECURITY] [DSA 3561-1] subversion security update,
Salvatore Bonaccorso
Mail converted by MHonArc