Mail Thread Index
- FreeBSD Security Advisory FreeBSD-SA-16:21.43bsd,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:23.libarchive,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:22.libarchive,
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-16:20.linux,
FreeBSD Security Advisories
- [SECURITY] [DSA 3590-1] chromium-browser security update,
Michael Gilbert
- AjaxExplorer v1.10.3.2 Remote CMD Execution / CSRF / Persistent XSS,
hyp3rlinx
- [SECURITY] [DSA 3591-1] imagemagick security update,
Luciano Bello
- [security bulletin] HPSBGN03609 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution, Denial of Service (DoS),
security-alert
- Cisco Security Advisory: Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3592-1] nginx security update,
Moritz Muehlenhoff
- [security bulletin] HPSBOV03615 rev.1 - HPE OpenVMS CSWS running the Apache Tomcat 7 Servlet Engine, Multiple Remote Vulnerabilities,
security-alert
- [security bulletin] HPSBMU03612 rev.1 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities,
security-alert
- SEC Consult SA-20160602-0 :: Multiple critical vulnerabilities in Ubee EVW3226 Advanced wireless voice gateway,
SEC Consult Vulnerability Lab
- [security bulletin] HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF),
security-alert
- Zoho OpManager < v12,
d_fens
- ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability,
Security Alert
- [SECURITY] [DSA 3593-1] libxml2 security update,
Salvatore Bonaccorso
- Notilus v2012 R3 - SQL injection,
alex_haynes
- [Announce] CVE-2016-4437: Apache Shiro information disclosure vulnerability,
Brian Demers
- [security bulletin] HPSBUX03616 SSRT110128 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access,
security-alert
- [security bulletin] - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER,
HP Security Alert
- [slackware-security] ntp (SSA:2016-155-01),
Slackware Security Team
- FreeBSD Security Advisory FreeBSD-SA-16:24.ntp,
FreeBSD Security Advisories
- [SECURITY] [DSA 3594-1] chromium-browser security update,
Michael Gilbert
- [SECURITY] [DSA 3548-3] samba regression update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3595-1] mariadb-10.0 security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3596-1] spice security update,
Salvatore Bonaccorso
- Re: rConfig, the open source network device configuration management tool, Vulnerable to Local File Inclusion,
Gregory Pickett
- [security bulletin] HPSBGN03442 rev.2 - HP Helion OpenStack using glibc, Remote Denial of Service (DoS), Arbitrary Code Execution,
security-alert
- [security bulletin] HPSBGN03619 rev.1 - HPE Discovery and Dependency Mapping Inventory (DDMi) using Java Deserialization, remote Code Execution,
security-alert
- [security bulletin] HPSBGN03620 rev.1 - HPE Helion OpenStack using OpenSSL and QEMU, Remote Unauthorized Data Access,
security-alert
- Mapbox (API) - Filter Bypass & Persistent Vulnerability,
Vulnerability Lab
- Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability,
Vulnerability Lab
- Microsoft Education - Code Execution Vulnerability,
Vulnerability Lab
- Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3597-1] expat security update,
Luciano Bello
- [CVE-2016-0392] IBM GPFS / Spectrum Scale Command Injection,
john . fitzpatrick
- [security bulletin] HPSBGN03621 rev.1 - HPE Universal CMDB using OpenSSL, Remote Disclosure of Sensitive Information,
security-alert
- [security bulletin] HPSBGN03622 rev.1 - HPE UCMDB, Universal Discovery, and UCMDB Configuration Manager using Apache Commons Collection, Remote Code Executon,
security-alert
- [security bulletin] HPSBGN03623 rev.1 - HPE Universal CMDB, Remote Disclosure of Sensitive Information,
security-alert
- [SECURITY] [DSA 3598-1] vlc security update,
Moritz Muehlenhoff
- Cisco EPC 3928 Multiple Vulnerabilities,
patryk . bogdan
- [security bulletin] HPSBGN03624 rev.1 - HPE Project and Portfolio Management Center, Remote Disclosure of Sensitive Information, Execution of Arbitrary of Commands,
security-alert
- [security bulletin] HPSBGN03618 rev.1 - HPE Service Manager remote Denial of Service (DoS), Disclosure of Information, Unauthorized Read Access to Files, Server Side Request Forgery,
security-alert
- [security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities,
security-alert
- [security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities,
security-alert
- ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability,
Security Alert
- ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability,
Security Alert
- CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability,
John Kinsella
- [SECURITY] [DSA 3599-1] p7zip security update,
Salvatore Bonaccorso
- SimpleSAMLphp Link Injection,
hyp3rlinx
- [SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update,
Moritz Muehlenhoff
- [security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS),
security-alert
- ESA-2016-062: EMC Data Domain Multiple Vulnerabilities,
Security Alert
- ***UNCHECKED*** OpenWRT: swconfig infrastructure fails to check permissions,
Elliott Mitchell
- FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability,
Vulnerability Lab
- CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability,
Vulnerability Lab
- ESA-2016-047: RSA Archer® GRC Platform Sensitive Information Disclosure Vulnerability,
Security Alert
- Oracle Orakill.exe Buffer Overflow,
hyp3rlinx
- [SECURITY] [DSA 3601-1] icedove security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3602-1] php5 security update,
Salvatore Bonaccorso
- Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability,
Vulnerability Lab
- [SECURITY] [DSA 3603-1] libav security update,
Moritz Muehlenhoff
- [CVE-2014-1520] NOT FIXED: privilege escalation via Mozilla's executable installers,
Stefan Kanthak
- NEW VMSA-2016-0009 VMware vCenter Server updates address an important reflective cross-site scripting issue,
VMware Security Response Center
- Joomla com_enmasse - SQL Injection,
hamedizadi
- FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability,
Vulnerability Lab
- BookingWizz < 5.5 Multiple Vulnerability,
mehmet
- Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability,
Cisco Systems Product Security Incident Response Team
- Microsoft Visio multiple DLL side loading vulnerabilities,
Securify B.V.
- [MWR-2016-0001] DDN Insecure Update Mechanism,
john . fitzpatrick
- [MWR-2016-0002] DDN Default SSH Keys,
john . fitzpatrick
- Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0),
iancling
- [security bulletin] HPSBGN03553 rev.1 - HP OneView Products using glibc and OpenSSL, Multiple Remote Vulnerabilties,
security-alert
- [security bulletin] HPSBNS03625 rev.1 - HPE NonStop Application Server for Java (NSASJ) running SSL/TLS, Remote Disclosure of Information,
security-alert
- [SECURITY] [DSA 3604-1] drupal7 security update,
Moritz Muehlenhoff
- User enumeration in Skype for Business 2013,
nyxgeek
- [FD] Multiple vulnerabilities in squid 0.4.16_2 running on pfSense,
Remco Sprooten
- [CVE-2016-1014] Escalation of privilege via executable (un)installers of Flash Player,
Stefan Kanthak
- [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability,
ERPScan inc
- [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability,
ERPScan inc
- [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability,
ERPScan inc
- CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion,
Berend-Jan Wever
- sNews CMS v1.7.1 Remote Command Execution / CSRF / XSS,
hyp3rlinx
- [SECURITY] [DSA 3605-1] libxslt security update,
Salvatore Bonaccorso
- Symphony CMS v2.6.7 Session Fixation,
hyp3rlinx
- APPLE-SA-2016-06-20-1 AirPort Base Station Firmware Update 7.6.7 and 7.7.7,
Apple Product Security
- [slackware-security] libarchive (SSA:2016-172-01),
Slackware Security Team
- [slackware-security] pcre (SSA:2016-172-02),
Slackware Security Team
- [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability,
ERPScan inc
- [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities,
ERPScan inc
- [ERPSCAN-16-017] SAP JAVA AS icman - DoS vulnerability,
ERPScan inc
- Magic values in 32-bit processes on 64-bit OS-es and how to exploit them,
Berend-Jan Wever
- [ERPSCAN-16-018] SAP Application server for Javat - DoS vulnerability,
ERPScan inc
- Open-Xchange Security Advisory 2016-06-22,
Martin Heiland
- ESA-2016-069: EMC Documentum WebTop and WebTop Clients Improper Authorization Vulnerability,
Security Alert
- [KIS-2016-07] SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability,
Egidio Romano
- [KIS-2016-04] SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities,
Egidio Romano
- [KIS-2016-05] SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities,
Egidio Romano
- [KIS-2016-06] SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability,
Egidio Romano
- SEC Consult SA-20160624-0 :: ASUS DSL-N55U router XSS and information disclosure,
SEC Consult Vulnerability Lab
- #146416 Ruby:HTTP Header injection in 'net/http',
redrain root
- [SECURITY] [DSA 3606-1] libpdfbox security update,
Moritz Muehlenhoff
- [slackware-security] php (SSA:2016-176-01),
Slackware Security Team
- MyLittleForum v2.3.5 PHP Command Injection,
hyp3rlinx
- [fd] CVE ID request: Untangle NGFW <= v12.1.0 post-auth command injection,
Matt Bush
- BigTree CMS <= 4.2.11 Authenticated SQL Injection Vulnerability,
mehmet
- Craft CMS affected by server side template injection,
Securify B.V.
- [SECURITY] [DSA 3607-1] linux security update,
Salvatore Bonaccorso
- Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability,
Vulnerability Lab
- Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability,
Vulnerability Lab
- Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability,
Vulnerability Lab
- Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities,
Vulnerability Lab
- [KIS-2016-08] Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities,
Egidio Romano
- [KIS-2016-09] Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities,
Egidio Romano
- [KIS-2016-10] Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability,
Egidio Romano
- KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution,
KoreLogic Disclosures
- Symantec SEPM v12.1 Multiple Vulnerabilities,
hyp3rlinx
- CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD,
Cantor, Scott
- Cisco Security Advisory: Cisco Firepower System Software Static Credential Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3609-1] tomcat8 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3608-1] libreoffice security update,
Moritz Muehlenhoff
- BFS-SA-2016-003: Huawei HiSuite Insecure Service Directory ACLs,
Blue Frost Security Research Lab
- [SECURITY] [DSA 3610-1] xerces-c security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3611-1] libcommons-fileupload-java security update,
Salvatore Bonaccorso
Mail converted by MHonArc