Mail Index
- Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492)
- [SECURITY] [DSA 3636-1] collectd security update
- [SECURITY] [DSA 3634-1] redis security update
- Huawei eSpace IAD Remote Information Disclosure Vulnerability
- Insert PHP WordPress Plugin allows authenticated user to execute arbitrary PHP
- Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin
- Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA
- [SECURITY] [DSA 3637-1] chromium-browser security update
- Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
- SQL injection vulnerability in Booking Calendar WordPress Plugin
- Cross-Site Scripting in Contact Bank WordPress Plugin
- Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)
- Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
- [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c
- [security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information
- [security bulletin] HPSBGN03564 rev.2 - HPE Release Control using Java Deserialization, Remote Code Execution
- FortiManager (Series) - Multiple Web Vulnerabilities
- Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability
- Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
- Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities
- Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability
- WinSaber - Unquoted Service Path Privilege Escalation
- Cross-Site Scripting in Uji Countdown WordPress Plugin
- Cross-Site Scripting in WangGuard WordPress Plugin
- Arbitrary File Content Disclosure in Atutor
- From: High-Tech Bridge Security Research
- WorldCIST'17 - Call for Workshops Proposals; Deadline: September 5
- [SECURITY] [DSA 3638-1] curl security update
- [SECURITY] [DSA 3639-1] wordpress security update
- From: Salvatore Bonaccorso
- Cisco Security Advisory: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [security bulletin] HPSBGN03633 rev.1 - HPE Release Control, Remote Denial of Service (DoS), Disclosure of Information, Unauthorized Access to Files or Server-Side Request Forgery(SSRF)
- Secunia Research: LibGD "_gdContributionsAlloc()" Integer Overflow Denial of Service Vulnerability
- [SECURITY] [DSA 3640-1] firefox-esr security update
- Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin
- Cross-Site Scripting in Activity Log WordPress Plugin
- Cross-Site Scripting in WordPress Landing Pages Plugin
- FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability
- FortiManager (Series) - (Bookmark) Persistent Vulnerability
- [SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection
- [SECURITY] [DSA 3641-1] openjdk-7 security update
- Cisco Security Advisory: Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- Re: Multiple remote vulnerabilities (RCE, bof) in Nuuo NVR and NETGEAR Surveillance
- Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
- Cross-Site Scripting in FormBuilder WordPress Plugin
- Cross-Site Scripting in Count per Day WordPress Plugin
- Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin
- [0day] net2ftp multiple XSS on unauthenticated users
- Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability
- Subrion v4.0.5 CMS - SQL Injection Vulnerability
- FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)
- Sophos Mobile Control EAS Proxy Open Reverse Proxy vulnerability (CVE-2016-6597)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
- DLL side loading vulnerability in VMware Host Guest Client Redirector
- Ecwid Ecommerce Shopping Cart WordPress Plugin unauthenticated PHP Object injection vulnerability
- [SECURITY] [DSA 3642-1] lighttpd security update
- [SECURITY] [DSA 3643-1] kde4libs security update
- From: Salvatore Bonaccorso
- [slackware-security] mozilla-firefox (SSA:2016-219-02)
- From: Slackware Security Team
- [slackware-security] stunnel (SSA:2016-219-04)
- From: Slackware Security Team
- [slackware-security] curl (SSA:2016-219-01)
- From: Slackware Security Team
- [slackware-security] openssh (SSA:2016-219-03)
- From: Slackware Security Team
- vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF)
- phpCollab v2.5 CMS - SQL Injection Vulnerability
- [SECURITY] [DSA 3644-1] fontconfig security update
- From: Salvatore Bonaccorso
- ESA-2016-070: RSA® Authentication Manager Prime SelfService Insecure Direct Object Reference Vulnerability
- [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1
- [SECURITY] [DSA 3645-1] chromium-browser security update
- Nagios Network Analyzer v2.2.1 Multiple CSRF
- Any Video Converter DLL Hijack
- AirSnort v0.2.7 Stack Corruption DOS
- Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability
- FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability
- Nuke Evolution 2.0.9d - Multiple Client Side Cross Site Scripting Vulnerabilities
- Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin
- Notepad++6.9.2 DLL Hijacking Vulnerability
- Nagios NA v2.2.1 XSS
- Internet Explorer iframe sandbox local file name disclosure vulnerability
- Cisco Security Advisory: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [CORE-2016-0006] - SAP CAR Multiple Vulnerabilities
- From: CORE Advisories Team
- Microsoft Education - Stored Cross Site Web Vulnerability
- QuickerBB 0.7.0 - Register Cross Site Scripting Vulnerability
- Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8)
- [SECURITY] [DSA 3646-1] postgresql-9.4 security update
- From: Salvatore Bonaccorso
- Defense in depth -- the Microsoft way (part 42): Sysinternals utilities load and execute rogue DLLs from %TEMP%
- [SECURITY] [DSA 3647-1] icedove security update
- [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel
- [security bulletin] HPSBHF03440 rev.1 - HPE iLO 3 using JQuery, Remote Cross-Site Scripting (XSS)
- [security bulletin] HPSBGN03630 rev.2 - HP Operations Manager for Unix, Solaris, and Linux using Apache Commons Collections (ACC), Remote Code Execution
- [SECURITY] [DSA 3648-1] wireshark security update
- WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity
- WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION
- WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT
- WSO2-CARBON v4.4.5 CSRF / DOS
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET)
- Linksys E1200 and E2500 (Missing authorization on parental control)
- Linksys E2500 and E1200 (Unauth Command Injection)
- Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70
- Stash v1.0.3 CMS - SQL Injection Vulnerability
- PayPal Inc BB #127 - 2FA Bypass Vulnerability
- Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images
- Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images
- Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin
- Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
- Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
- Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin
- Ajax Load More Local File Inclusion vulnerability
- Cross-Site Scripting in Link Library WordPress Plugin
- Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
- Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
- [security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information
- [security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution
- [security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities
- Lepton CMS Archive Directory Traversal
- Lepton CMS PHP Code Injection
- [ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials
- [ERPSCAN-16-023] Potential backdoor via hardcoded system ID
- [SYSS-2016-067] NetIQ Access Manager (iManager) - Temporary Second Order Cross-Site Scripting (CWE-79)
- Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 3649-1] gnupg security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3650-1] libgcrypt20 security update
- From: Salvatore Bonaccorso
- Telus Actiontec T2200H Modem Input Validation Flaw Allows Elevated Shell Access
- [SYSS-2016-052] QNAP QTS - OS Command Injection
- [SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-054] QNAP QTS - OS Command Injection
- [SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting
- [SYSS-2016-048] QNAP QTS - OS Command Injection
- [SYSS-2016-055] QNAP QTS - OS Command Injection
- [SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting
- [SYSS-2016-054] QNAP QTS - OS Command Injection
- [SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting
- [CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method
- Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client
- Path traversal vulnerability in WordPress Core Ajax handlers
- [security bulletin] HPSBNS03635 rev.1 - HPE NonStop Servers OSS Script Languages running Perl and PHP, Multiple Local and Remote Vulnerabilities
- [slackware-security] gnupg (SSA:2016-236-01)
- From: Slackware Security Team
- nullcon 8-bit Call for Papers is open
- WebKitGTK+ Security Advisory WSA-2016-0005
- From: Carlos Alberto Lopez Perez
- SEC Consult SA-20160825-0 :: Multiple vulnerabilities in Micro Focus (Novell) GroupWise
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2016-08-25-1 iOS 9.3.5
- From: Apple Product Security
- [SECURITY] [DSA 3652-1] imagemagick security update
- Necroscan <= v0.9.1 Buffer Overflow
- [SECURITY] [DSA 3654-1] quagga security update
- Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
- [security bulletin] HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote Disclosure of Information
- [slackware-security] kernel (SSA:2016-242-01)
- From: Slackware Security Team
- [security bulletin] HPSBHF03641 rev.1 - HPE Integrated Lights-Out 3 (iLO 3), Remote Disclosure of Information
- [security bulletin] HPSBGN03637 rev.1 - HP Operations Manager for Unix, Solaris, and Linux, Remote Cross-Site Scripting (XSS)
Mail converted by MHonArc