Mail Index

• Thread Index

• CA20160627-01: Security Notice for Release Automation
  • From: Kotas, Kevin J
• [CVE-2016-5728] Double-Fetch Vulnerability in Linux-4.5/drivers/misc/mic/host/mic_virtio.c
  • From: wpengfeinudt
• [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c
  • From: wpengfeinudt
• Logic security flaw in TP-LINK - tplinklogin.net
  • From: Info
• Executable installers are vulnerable^WEVIL (case 34): Microsoft's vs-community-*.exe susceptible to DLL hijacking
  • From: Stefan Kanthak
• KL-001-2016-003 : SQLite Tempdir Selection Vulnerability
  • From: KoreLogic Disclosures
• [security bulletin] HPSBGN03626 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information Logjam
  • From: security-alert
• [SECURITY] [DSA 3612-1] gimp security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPSBGN03627 rev.1 - HPE Service Manager using OpenSSL, Remote Disclosure of Information
  • From: security-alert
• [SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage
  • From: Robbie Gemmell
• [SECURITY] [DSA 3613-1] libvirt security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3615-1] wireshark security update
  • From: Moritz Muehlenhoff
• [SECURITY] [DSA 3614-1] tomcat7 security update
  • From: Salvatore Bonaccorso
• [FD]CVE ID request : SQL injection in 24Online Client
  • From: rahullraz
• WebCalendar v1.2.7 PHP Code Injection
  • From: hyp3rlinx
• HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation
  • From: Andrey B. Panfilov
• WebCalendar v1.2.7 CSRF Protection Bypass
  • From: hyp3rlinx
• WebCalendar v1.2.7 CSRF Protection Bypass
  • From: hyp3rlinx
• WebCalendar v1.2.7 CSRF Protection Bypass
  • From: hyp3rlinx
• [SECURITY] [DSA 3616-1] linux security update
  • From: Salvatore Bonaccorso
• [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c
  • From: wpengfeinudt
• KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability
  • From: Vulnerability Lab
• OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability
  • From: Vulnerability Lab
• [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c
  • From: wpengfeinudt
• Syslog Server "npriority" field remote Denial of Service vulnerability
  • From: chaoyi . huang
• Apple Safari for Mac OS X SVG local XXE
  • From: Filippo Cavallarin
• Putty (beta 0.67) DLL Hijacking Vulnerability
  • From: wsachin092
• [slackware-security] mozilla-thunderbird (SSA:2016-187-01)
  • From: Slackware Security Team
• [security bulletin] HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access
  • From: security-alert
• IBM BlueMix Cloud - (API) Persistent Web Vulnerability
  • From: Vulnerability Lab
• Teampass 2.1.26 - Authenticated File Upload Vulnerability
  • From: Vulnerability Lab
• Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability
  • From: Vulnerability Lab
• ESA-2016-054: EMC Avamar Data Store and Avamar Virtual Edition Unauthorized Data Access Vulnerability
  • From: Security Alert
• Re: Putty (beta 0.67) DLL Hijacking Vulnerability
  • From: wsachin092
• [SECURITY] [DSA 3617-1] horizon security update
  • From: Moritz Muehlenhoff
• Acer Portal Android Application - MITM SSL Certificate Vulnerability (CVE-2016-5648)
  • From: David Coomber
• [KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
  • From: Egidio Romano
• [security bulletin] HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information
  • From: security-alert
• [slackware-security] samba (SSA:2016-189-01)
  • From: Slackware Security Team
• Microsoft WinDbg logviewer.exe Buffer Overflow DOS
  • From: hyp3rlinx
• Microsoft Process Kill Utility "kill.exe" Buffer Overflow
  • From: hyp3rlinx
• BMW ConnectedDrive - (Update) VIN Session Vulnerability
  • From: Vulnerability Lab
• BMW - (Token) Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• Persistent Cross-Site Scripting in All in One SEO Pack WordPress Plugin
  • From: Summer of Pwnage
• Persistent Cross-Site Scripting in WP Live Chat Support plugin
  • From: Summer of Pwnage
• [RCESEC-2016-003][CVE-2016-4469] Apache Archiva 1.3.9 Multiple Cross-Site Request Forgeries
  • From: Julien Ahrens
• [RCESEC-2016-004][CVE-2016-5005] Apache Archiva 1.3.9 admin/addProxyConnector_commit.action connector.sourceRepoId Persistent Cross-Site Scripting
  • From: Julien Ahrens
• Persistent Cross-Site Scripting in WordPress Activity Log plugin
  • From: Summer of Pwnage
• [security bulletin] HPSBHF03608 rev.1 - HPE iMC PLAT and other Network Products using Apache Java Commons Collection (ACC), Remote Execution of Arbitrary Code
  • From: security-alert
• Cross-Site Scripting vulnerability in Master Slider WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting vulnerability in Email Users WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting vulnerability in Profile Builder WordPress Plugin
  • From: Summer of Pwnage
• WP Fastest Cache Member Local File Inclusion vulnerability
  • From: Summer of Pwnage
• Easy Forms for MailChimp Local File Inclusion vulnerability
  • From: Summer of Pwnage
• [CVE-2016-1014, CVE-2016-4247] Executable installers are vulnerable^WEVIL (case 35): Adobe's Flash Player (un)installers
  • From: Stefan Kanthak
• missing input validation in pmount: arbitrary mount as non-root
  • From: Imre RAD
• Open-Xchange Security Advisory 2016-07-13
  • From: Martin Heiland
• Cisco Security Advisory: Cisco IOS XR for NCS 6000 Packet Timer Leak Denial of Service Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cross-Site Scripting vulnerability in Simple Membership WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting vulnerability in Top 10 - Popular posts plugin for WordPress
  • From: Summer of Pwnage
• Cross-Site Scripting vulnerability in WP No External Links WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting vulnerability in Google Forms WordPress Plugin
  • From: Summer of Pwnage
• [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability
  • From: ERPScan inc
• [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability
  • From: ERPScan inc
• [ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability
  • From: ERPScan inc
• [security bulletin] HPSBMU03562 rev.3 - HPE Service Manager using Java Deserialization, Remote Arbitrary Code Execution
  • From: security-alert
• [SECURITY] [DSA 3619-1] libgd2 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3620-1] pidgin security update
  • From: Salvatore Bonaccorso
• Multiple vulns in Vodafone EasyBox 804
  • From: Tim Schughart
• [Remote Format String Exploit] Axis Communications MPQT/PACS Server Side Include (SSI) Daemon
  • From: bashis
• [SECURITY] [DSA 3621-1] mysql-connector-java security update
  • From: Salvatore Bonaccorso
• [CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking
  • From: Stefan Kanthak
• [SECURITY] [DSA 3622-1] python-django security update
  • From: Salvatore Bonaccorso
• APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004
  • From: Apple Product Security
• APPLE-SA-2016-07-18-2 iOS 9.3.3
  • From: Apple Product Security
• APPLE-SA-2016-07-18-3 watchOS 2.2.2
  • From: Apple Product Security
• APPLE-SA-2016-07-18-4 tvOS 9.2.2
  • From: Apple Product Security
• APPLE-SA-2016-07-18-5 Safari 9.1.2
  • From: Apple Product Security
• APPLE-SA-2016-07-18-6 iTunes 12.4.2
  • From: Apple Product Security
• Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)
  • From: Vulnerability Lab
• Executable installers are vulnerable^WEVIL (case 35): eclipse-inst-win*.exe vulnerable to DLL and EXE hijacking
  • From: Stefan Kanthak
• Multiple Cross-Site Scripting vulnerabilities in Ninja Forms WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Request Forgery in Icegram WordPress Plugin
  • From: Summer of Pwnage
• Multiple SQL injection vulnerabilities in WordPress Video Player
  • From: Summer of Pwnage
• CVE-2016-5080: Memory corruption in code generated by Objective Systems Inc. ASN1C compiler for C/C++ [STIC-2016-0603]
  • From: Programa STIC
• [SECURITY] [DSA 3623-1] apache2 security update
  • From: Salvatore Bonaccorso
• [SEARCH-LAB advisory] Cisco EPC3925 UPC modem/router default passphrase vulnerabilities
  • From: Gergely Eberhardt
• [SEARCH-LAB advisory] Hitron CGNV4 modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [SEARCH-LAB advisory] Compal CH7465LG-LC modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [SEARCH-LAB advisory] Technicolor TC7200 modem/router multiple vulnerabilities
  • From: Gergely Eberhardt
• [SEARCH-LAB advisory] UPC Hungary network problems
  • From: Gergely Eberhardt
• Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin
  • From: Summer of Pwnage
• Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)
  • From: Summer of Pwnage
• CVE-2016-5399: php: out-of-bounds write in bzread()
  • From: Hans Jerry Illikainen
• Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 3624-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• MySQL zero-day vulnerabilities (July 2016 CPU)
  • From: lem . nikolas
• [security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)
  • From: security-alert
• [slackware-security] php (SSA:2016-203-02)
  • From: Slackware Security Team
• [slackware-security] gimp (SSA:2016-203-01)
  • From: Slackware Security Team
• Dreammail 5 mail client XSS Vulnerability
  • From: wwiinngd
• [SECURITY] [DSA 3625-1] squid3 security update
  • From: Sebastien Delafond
• MySQL zero-day vulnerabilities (July 2016 CPU)
  • From: lem . nikolas
• [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example
  • From: Tim Allison
• CA20160721-01: Security Notice for CA eHealth
  • From: Kotas, Kevin J
• [slackware-security] bind (SSA:2016-204-01)
  • From: Slackware Security Team
• Executable installers are vulnerable^WEVIL (case 37): eclipse-inst-win*.exe vulnerable to DLL redirection and manifest hijacking
  • From: Stefan Kanthak
• Defense in depth -- the Microsoft way (part 41): vulnerable by (poor implementation of bad) design
  • From: Stefan Kanthak
• Autobahn|Python Insecure allowedOrigins validation >= 0.14.1
  • From: mgill
• [SECURITY] [DSA 3626-1] openssh security update
  • From: Salvatore Bonaccorso
• Neoscreen v4.5 Authentication bypass
  • From: alex_haynes
• Neoscreen v4.5 Blind SQL injection
  • From: alex_haynes
• Neoscreen v4.5 Cross-site scripting
  • From: alex_haynes
• Cross-Site Scripting in Contact Form to Email WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting in Code Snippets WordPress Plugin
  • From: Summer of Pwnage
• [SECURITY] [DSA 3627-1] phpmyadmin security update
  • From: Thijs Kinkhorst
• SEC Consult SA-20160725-0 :: Multiple vulnerabilities in Micro Focus (Novell) Filr
  • From: SEC Consult Vulnerability Lab
• XSS and SQLi in huge IT gallery v1.1.5 for Joomla
  • From: Larry W. Cashdollar
• [SECURITY] [DSA 3628-1] perl security update
  • From: Salvatore Bonaccorso
• FreeBSD Security Advisory FreeBSD-SA-16:25.bspatch
  • From: FreeBSD Security Advisories
• Secunia Research: Reprise License Manager "actserver" Buffer Overflow Vulnerability
  • From: Secunia Research
• Secunia Research: Reprise License Manager "akey" Buffer Overflow Vulnerability
  • From: Secunia Research
• [security bulletin] HPSBGN03630 rev.1 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3629-1] ntp security update
  • From: Moritz Muehlenhoff
• July 2016 - Bamboo Server - Critical Security Advisory
  • From: David Black
• MySQL 0days followup (CVE-2016-3477) CVSS 8.1
  • From: lem . nikolas
• Crashing Browsers Remotely via Insecure Search Suggestions
  • From: research
• Huawei ISM Professional XSS Vulnerability
  • From: ak47464659484
• Dropbox 6.4.14 DLL Hijacking Vulnerability
  • From: mehta . himanshu21
• Cross-Site Scripting vulnerability in ColorWay WordPress Theme
  • From: Summer of Pwnage
• Silurus Classifieds XSS Vulnerability
  • From: ak47464659484
• [security bulletin] HPSBST03603 rev.1 - HPE StoreVirtual Products running LeftHand OS using glibc, Remote Arbitrary Code Execution, Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 3630-1] libgd2 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3631-1] php5 security update
  • From: Moritz Muehlenhoff
• Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability
  • From: Vulnerability Lab
• DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• RE: VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability
  • From: Wick, Ryan (US - Chicago)
• [SECURITY] [DSA 3632-1] mariadb-10.0 security update
  • From: Salvatore Bonaccorso
• CVE-2016-2783 - Avaya VOSS/VSP Release 4.1.0.0 Vulnerable to SPB Traffic traversal
  • From: Grebovich, Dragan (Dragan)
• [SECURITY] [DSA 3633-1] xen security update
  • From: Moritz Muehlenhoff
• Zortam Media Studio 20.60 - Buffer Overflow Vulnerability
  • From: Vulnerability Lab
• Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability
  • From: Vulnerability Lab
• Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities
  • From: Vulnerability Lab
• Saveya Bounty #1 - Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Vicon Network Cameras - Authentication Bypass
  • From: reggie . dodd30
• [S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting
  • From: S21sec Vulnerability Research
• ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities
  • From: Vulnerability Lab
• [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-046] Perixx PERIDUO-710W - Missing Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-047] Perixx PERIDUO-710W - Keystroke Injection Vulnerability
  • From: matthias . deeg
• [SYSS-2016-045] Perixx PERIDUO-710W - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: matthias . deeg
• [SYSS-2016-044] Logitech K520 - Insufficient Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-059] Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345)
  • From: matthias . deeg
• [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: matthias . deeg
• [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability
  • From: matthias . deeg
• [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-032] CHERRY B.UNLIMITED AES - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
  • From: matthias . deeg
• [SYSS-2016-038] CHERRY B.UNLIMITED AES - Keystroke Injection Vulnerability
  • From: matthias . deeg
• CVE-2016-5672: Intel Crosswalk SSL Prompt Issue
  • From: research
• [SECURITY] [DSA 3635-1] libdbd-mysql-perl security update
  • From: Salvatore Bonaccorso