Mail Thread Index

• Date Index

• [security bulletin] HPSBGN03547 rev.3 - HPE Helion Eucalyptus Node Controller and other Helion Eucalyptus Components using glibc, Remote Arbitrary Code Execution, security-alert
• [slackware-security] ntp (SSA:2016-120-01), Slackware Security Team
• [slackware-security] php (SSA:2016-120-02), Slackware Security Team
• [slackware-security] subversion (SSA:2016-121-01), Slackware Security Team
• Exploit-DB Captcha Bypass, Rahul Pratap Singh
• [SECURITY] [DSA 3562-1] tardiff security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3563-1] poppler security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3564-1] chromium-browser security update, Michael Gilbert
• [SECURITY] [DSA 3565-1] botan1.10 security update, Sebastien Delafond
• ESA-2016-041: RSA Data Loss Prevention Multiple Vulnerabilities, Security Alert
• [slackware-security] mercurial (SSA:2016-123-01), Slackware Security Team
• CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection, Timo Juhani Lindfors
• NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities, bhadresh . patel
  • <Possible follow-ups>
  • Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities, bhadresh . patel
• [SECURITY] [DSA 3566-1] openssl security update, Alessandro Ghedini
• LSE Leading Security Experts GmbH - LSE-2016-02-03 - OXID eShop Path Traversal Vulnerability, LSE-Advisories
• Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting, Julien Ahrens
• [slackware-security] openssl (SSA:2016-124-01), Slackware Security Team
• CVE-2016-2784: CMS Made Simple < 2.1.3 & < 1.12.2 Web server Cache Poisoning, Lab I-Tracing
• Cisco Security Advisory: Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• APPLE-SA-2016-05-03-1 Xcode 7.3.1, Apple Product Security
• [SECURITY] [DSA 3567-1] libpam-sshauth security update, Salvatore Bonaccorso
• ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities, Security Alert
• Cisco Security Advisory: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016, Cisco Systems Product Security Incident Response Team
• FreeBSD Security Advisory FreeBSD-SA-16:17.openssl, FreeBSD Security Advisories
• [SECURITY] [DSA 3568-1] libtasn1-6 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3569-1] openafs security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3570-1] mercurial security update, Salvatore Bonaccorso
• [security bulletin] HPSBMU03584 rev.1 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities, security-alert
• ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection., Saif El-Sherei
  • Re: ManageEngine Applications Manager Build No: 12700 Information Disclosure and Un-Authenticated SQL injection., Saif El-Sherei
• [SECURITY] [DSA 3571-1] ikiwiki security update, Moritz Muehlenhoff
• WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS, mail
• [SECURITY] [DSA 3572-1] websvn security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3573-1] qemu security update, Salvatore Bonaccorso
• [security bulletin] HPSBUX03577 SSRT102172 rev.1 - HP-UX VxFS, Local Unauthorized Access to Files, security-alert
• Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability, Vulnerability Lab
• Skype Manager - (Email Change) Filter Bypass Vulnerability, Vulnerability Lab
• Notes v4.5 iOS - Arbitrary File Upload Vulnerability, Vulnerability Lab
• Stanford University - Multiple SQL Injection Vulnerabilities, Vulnerability Lab
• Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability, Vulnerability Lab
• Intuit QuickBooks 2007 - 2016 Arbitrary Code Execution, support
• [SECURITY] [DSA 3574-1] libarchive security update, Salvatore Bonaccorso
• [security bulletin] HPSBUX03596 rev.1 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access, security-alert
• [security bulletin] HPSBUX03574 rev.1 - HPE HP-UX CIFS-Server (Samba), Remote Access Restriction Bypass, Authentication bypass, Denial of Service (DoS), Unauthorized Access to Files, Access Restriction Bypass, Unauthorized Information Disclosure, security-alert
• BulletProof Security 53.3 - Security Advisory - Multiple XSS Vulnerabilities, Onur Yilmaz
• [slackware-security] imagemagick (SSA:2016-132-01), Slackware Security Team
  • <Possible follow-ups>
  • Re: [slackware-security] imagemagick (SSA:2016-132-01), U2ME236
• [SECURITY] [DSA 3565-2] monotone ovito pdns qtcreator softhsm regression update, Sebastien Delafond
• [security bulletin] HPSBHF03592 rev.1 - HPE VAN SDN Controller OVA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBNS03581 rev.2 - HPE NonStop Servers running Samba (NS-Samba), Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBST03586 rev.1 - HPE 3PAR OS, Remote Unauthorized Modification, security-alert
• [security bulletin] HPSBST03598 rev.1 - HPE 3PAR OS using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
• [security bulletin] HPSBST03599 rev.1 - HPE 3PAR OS running OpenSSH, Remote Denial of Service (DoS), Access Restriction Bypass, security-alert
• [slackware-security] mozilla-thunderbird (SSA:2016-132-01), Slackware Security Team
• [security bulletin] HPSBGN03597 rev.1 - HPE Cloud Optimizer (Virtualization Performance Viewer) using glibc Remote Denial of Service (DoS), security-alert
• [SECURITY] [DSA 3575-1] libxstream-java security update, Moritz Muehlenhoff
• [security bulletin] HPSBMU03591 rev.1 - HPE Server Migration Pack, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU03589 rev.1 - HPE Version Control Repository Manager (VCRM), Remote Denial of Service (DoS), security-alert
• May 2016 - HipChat Server - Critical Security Advisory, David Black
• [security bulletin] HPSBMU03590 rev.1 - HPE Systems Insight Manager (SIM) on Windows and Linux, Multiple Vulnerabilities, security-alert
• [SECURITY] [DSA 3576-1] icedove security update, Moritz Muehlenhoff
• eXtplorer v2.1.9 Archive Path Traversal, hyp3rlinx
• dns_dhcp Web Interface SQL Injection, hyp3rlinx
• [SECURITY] [DSA 3577-1] jansson security update, Alessandro Ghedini
• [SECURITY] [DSA 3578-1] libidn security update, Alessandro Ghedini
• [SECURITY] [DSA 3579-1] xerces-c security update, Salvatore Bonaccorso
• [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability, ERPScan inc
• [ERPSCAN-16-008] SAP NetWeaver AS JAVA - XSS vulnerability in ProxyServer servlet, ERPScan inc
• [SECURITY] [DSA 3580-1] imagemagick security update, Luciano Bello
• Security advisory for Bugzilla 5.0.3 and 4.4.12, LpSolit
• APPLE-SA-2016-05-16-1 tvOS 9.2.1, Apple Product Security
• APPLE-SA-2016-05-16-2 iOS 9.3.2, Apple Product Security
• APPLE-SA-2016-05-16-3 watchOS 2.2.1, Apple Product Security
• APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003, Apple Product Security
• APPLE-SA-2016-05-16-5 Safari 9.1.1, Apple Product Security
• APPLE-SA-2016-05-16-6 iTunes 12.4, Apple Product Security
• [SECURITY] [DSA 3581-1] libndp security update, Salvatore Bonaccorso
• [security bulletin] HPSBHF03594 rev.1 - HPE ConvergedSystem and AppSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
• WSO2 SOA Enablement Server - Reflected Cross-Site Scripting, Etnies
• [security bulletin] HPSBGN03587 rev.1 - HPE Helion OpenStack using OpenSSL and Open vSwitch, Remote Arbitrary Command Execution, Denial of Service (DoS), Disclosure of Information, security-alert
• FreeBSD Security Advisory FreeBSD-SA-16:18.atkbd, FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg, FreeBSD Security Advisories
• [SECURITY] [DSA 3582-1] expat security update, Salvatore Bonaccorso
• [security bulletin] HPSBHF03578 rev.1 - HPE ConvergedSystem for SAP HANA using glibc, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBHF03579 rev.1 - HPE ConvergedSystem for SAP HANA using OpenSSL, Multiple Remote Vulnerabilities, security-alert
• Cisco Security Advisory: Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Web Security Appliance Connection Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBGN03602 rev.1 - HPE RESTful Interface Tool, Local Disclosure of Information, security-alert
• [SECURITY] [DSA 3583-1] swift-plugin-s3 security update, Moritz Muehlenhoff
• TYPO3 RemoveXSS.php vulnerability versions 6.2.19 and 7.6.4, mandy
• [ERPSCAN-16-010] SAP NetWeaver AS JAVA – information disclosure vulnerability, ERPScan inc
• [ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability, ERPScan inc
• [SEARCH-LAB advisory] LG NAS N1A1 multiple vulnerabilities in Familycast, Gergely Eberhardt
• [SECURITY] [DSA 3584-1] librsvg security update, Salvatore Bonaccorso
• [security bulletin] HPSBGN03564 rev.1 - HPE Release Control using Java Deserialization, Remote Code Execution, security-alert
• [slackware-security] curl (SSA:2016-141-01), Slackware Security Team
• [RCESEC-2016-001] Postfix Admin v2.93 Generic POST Cross-Site Request Forgeries, Julien Ahrens
• [SECURITY] [DSA 3585-1] wireshark security update, Moritz Muehlenhoff
• [RCESEC-2016-002] XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections, Julien Ahrens
• [SECURITY] [DSA 3586-1] atheme-services security update, Moritz Muehlenhoff
• AfterLogic WebMail Pro ASP.NET < 6.2.7 Administrator Account Takover via XXE Injection, mehmet . ince
• MSA-2016-01: PowerFolder Remote Code Execution Vulnerability, Advisories Advisories
• [security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information, security-alert
• [slackware-security] libarchive (SSA:2016-145-01), Slackware Security Team
• Open-Xchange Security Advisory 2016-05-25, Martin Heiland
• Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability, Cisco Systems Product Security Incident Response Team
• VMWare vSphere Web Client Flash XSS, apparitionsec
• [security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities, security-alert
• [security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS), security-alert
• [security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution, security-alert
• ESA-2016-061: EMC Isilon OneFS SMB Signing Vulnerability, Security Alert
• [CVE-2016-4434] Apache Tika XML External Entity vulnerability, Tim Allison
• [CVE-2016-2175] Apache PDFBox XML External Entity vulnerability, Andreas Lehmkuehler
• [SECURITY] [DSA 3587-1] libgd2 security update, Salvatore Bonaccorso
• [CVE-2016-3094] Apache Qpid Java Broker denial of service vulnerability, Lorenz Quack
• [CVE-2016-4432] Apache Qpid Java Broker - authentication bypass, Keith W
• [CVE-2016-4945] Login Form Hijacking Vulnerability in Citrix NetScaler Gateway, Daniel Schliebner
• [slackware-security] libxml2 (SSA:2016-148-01), Slackware Security Team
• [slackware-security] libxslt (SSA:2016-148-02), Slackware Security Team
• [slackware-security] php (SSA:2016-148-03), Slackware Security Team
• Multiple Vulnerabilities in Intex Wireless N150 Easy Setup Router, mohitreload
• [SECURITY] [DSA 3588-1] symfony security update, Luciano Bello
• [oCERT 2016-001] Jetty path sanitization issues, Daniele Bianco
• WebKitGTK+ Security Advisory WSA-2016-0004, Carlos Alberto Lopez Perez
• [SECURITY] [DSA 3589-1] gdk-pixbuf security update, Salvatore Bonaccorso
• [SECURITY] Lorex ECO DVR Hard coded password, andrew . hofmans
• [slackware-security] imagemagick (SSA:2016-152-01), Slackware Security Team
• [slackware-security] mozilla-thunderbird (SSA:2016-152-02), Slackware Security Team
• [RT-SA-2015-012] XML External Entity Expansion in Paessler PRTG Network Monitor, RedTeam Pentesting GmbH
• [RT-SA-2016-004] Websockify: Remote Code Execution via Buffer Overflow, RedTeam Pentesting GmbH
• [RT-SA-2016-005] Unauthenticated File Upload in Relay Ajax Directory Manager may Lead to Remote Command Execution, RedTeam Pentesting GmbH