Mail Index

• Thread Index

• [HITB-Announce] HITB2017AMS CFP
  • From: Hafez Kamal
• OS-S 2016-23 - Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())
  • From: Ralf Spenneberg
• CfP and Special Session :: CyberSec2017
  • From: Jackie Blanco
• [slackware-security] x11 (SSA:2016-305-02)
  • From: Slackware Security Team
• [slackware-security] mariadb (SSA:2016-305-03)
  • From: Slackware Security Team
• [slackware-security] php (SSA:2016-305-04)
  • From: Slackware Security Team
• Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details
  • From: Berend-Jan Wever
• Cisco Security Advisory: Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• [security bulletin] HPSBUX03664 SSRT110248 rev.1 - HP-UX BIND Service running named, Remote Denial of Service (DoS)
  • From: security-alert
• Axessh 4.2.2 Denial Of Service
  • From: apparitionsec
• [security bulletin] HPSBUX03665 rev.1 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
  • From: security-alert
• MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )
  • From: Dawid Golunski
• KL-001-2016-008 : Sophos Web Appliance Privilege Escalation
  • From: KoreLogic Disclosures
• KL-001-2016-009 : Sophos Web Appliance Remote Code Execution
  • From: KoreLogic Disclosures
• [security bulletin] HPSBGN03657 rev.1 - HPE Network Node Manager i (NNMi) Software, Local Code Execution
  • From: security-alert
• [security bulletin] HPSBGN03656 rev.1 - HPE Network Node Manager i (NNMi) Software using Java Deserialization, Remote Arbitrary Code Execution and Cross-Site Scripting
  • From: security-alert
• Rapid PHP Editor CSRF Remote Command Execution
  • From: apparitionsec
• Axessh 4.2.2 Denial Of Service
  • From: apparitionsec
• WinaXe v7.7 FTP 'Server Ready' CMD Remote Buffer Overflow
  • From: apparitionsec
• Faraznet Cms Cross-Site Scripting Vulnerability
  • From: iedb . team
• Faraznet Cms Cross-Site Scripting Vulnerability
  • From: iedb . team
• Edusson (Robotdon) BB - Filter Bypass & Persistent Vulnerability
  • From: Vulnerability Lab
• Edusson (Robotdon) - Client Side Cross Site Scripting Vulnerability
  • From: Vulnerability Lab
• Schoolhos CMS v2.29 - (kelas) Data Siswa SQL Injection Vulnerability
  • From: Vulnerability Lab
• [security bulletin] HPSBGN03643 rev.1 - HPE KeyView using Filter SDK, Remote Code Execution
  • From: security-alert
• [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow
  • From: Pedro Ribeiro
• [SECURITY] [DSA 3707-1] openjdk-7 security update
  • From: Moritz Muehlenhoff
• Cross Site Scripting Vulnerability In Verint Impact 360
  • From: sanehsingh
• Cross-Site Scripting vulnerability in Quotes Collection WordPress Plugin
  • From: Summer of Pwnage
• Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting in Calendar WordPress Plugin
  • From: Summer of Pwnage
• URL Redirection Vulnerability In Verint Impact 360
  • From: sanehsingh
• [security bulletin] HPSBGN03670 rev.1 - HPE Business Service Management (BSM) using Java Deserialization, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3709-1] libxslt security update
  • From: Salvatore Bonaccorso
• MSIE 9-11 MSHTML PROPERTYDESC::HandleStyleComponentProperty OOB read details
  • From: Berend-Jan Wever
• Blind SQL Injection Vulnerability in Exponent CMS 2.4.0
  • From: nickyccwu
• WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details
  • From: Berend-Jan Wever
• Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability
  • From: Secunia Research
• Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability
  • From: Secunia Research
• CVE-2016-6809 – Arbitrary Code Execution Vulnerability in Apache Tika’s MATLAB Parser
  • From: tallison
• Secunia Research: Microsoft Windows OTF Parsing Table Encoding Record Offset Vulnerability
  • From: Secunia Research
• [SECURITY] [DSA 3711-1] mariadb-10.0 security update
  • From: Salvatore Bonaccorso
• CVE-2016-9277: A IDX Out of Bound vulnerability in systemui can make crash and ui restart
  • From: unlimitsec
• WHM Panel Mail Delivery Reports crash database Vulnerability
  • From: iedb . team
• [CVE-2016-8736] Apache Openmeetings RMI Registry Java Deserialization RCE
  • From: Maxim Solodovnik
• WHM Panel Mail Delivery Reports crash database Vulnerability
  • From: iedb . team
• CVE-2015-0040: Microsoft Internet Explorer 11 MSHTML CMapElement::Notify use-after-free details
  • From: Berend-Jan Wever
• SEC Consult SA-20161114-0 :: Multiple vulnerabilities in I-Panda SolarEagle - Solar Controller Administration Software / MPPT Solar Controller SMART2
  • From: SEC Consult Vulnerability Lab
• Multiple vulnerabilities in Barco Clickshare
  • From: vincent.ruijter
• [security bulletin] HPSBGN03669 rev.1 - HPE SiteScope, Local Elevation of Privilege, Remote Denial of Service, Arbitrary Code Execution and Cross-Site Request Forgery
  • From: security-alert
• [security bulletin] HPSBUX03665 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
  • From: security-alert
• CVE-2016-4484: - Cryptsetup Initrd root Shell
  • From: Hector Marco
• Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset
  • From: Andrew Klaus
• Re: [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell
  • From: Leo Famulari
• [security bulletin] HPSBST03671 rev.1 - HPE StoreEver MSL6480 Tape Library, Remote Unauthorized Disclosure of Information
  • From: security-alert
• CVE-2015-2482 MSIE 8 jscript RegExpBase::FBadHeader use-after-free details
  • From: Berend-Jan Wever
• [security bulletin] HPSBGN03676 rev.1 - HPE Helion OpenStack Glance Image Service, Remote Denial of Service (DoS)
  • From: security-alert
• [SECURITY] [DSA 3716-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• Executable installers are vulnerable^WEVIL (case 41): EmsiSoft's Emergency Kit allows elevation of privilege for everybody
  • From: Stefan Kanthak
• [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability
  • From: ERPScan inc
• [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET
  • From: ERPScan inc
• Reason Core Security v1.2.0.1 - Unqoted Path Privilege Escalation Vulnerability
  • From: Vulnerability Lab
• CVE-2016-3247 Microsoft Edge CTextExtractor::GetBlockText OOB read details
  • From: Berend-Jan Wever
• [slackware-security] mozilla-firefox (SSA:2016-323-01)
  • From: Slackware Security Team
• Cross-Site Scripting in Huge IT Portfolio Gallery WordPress Plugin
  • From: Summer of Pwnage
• Cross-Site Scripting in Check Email WordPress Plugin
  • From: Summer of Pwnage
• Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin
  • From: Summer of Pwnage
• Putty Cleartext Password Storage
  • From: apparitionsec
• [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS)
  • From: security-alert
• Multiple issues in OpManager 12100 & 12200
  • From: Michael Heydon
• [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
  • From: Julien Ahrens
• [RCESEC-2016-007] AppFusions Doxygen for Atlassian Confluence v1.3.0 getTemporaryDirectory() tempId Path Traversal/Remote Code Execution
  • From: Julien Ahrens
• [RCESEC-2016-008] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Full Path Information Disclosure
  • From: Julien Ahrens
• [RCESEC-2016-009] AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent() Persistent Cross-Site Scripting
  • From: Julien Ahrens
• Nginx (Debian-based distros) - Root Privilege Escalation (CVE-2016-1247)
  • From: Dawid Golunski
• [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component
  • From: ERPScan inc
• [SECURITY] [DSA 3719-1] wireshark security update
  • From: Sebastien Delafond
• Web vulnerabilities in Siemens S7-300/S7-400/CP343-1/CP443-1
  • From: Andrea Barisani
• CVE-2015-0050: Microsoft Internet Explorer 8 MSHTML SRunPointer::SpanQualifier/RunType OOB read details
  • From: Berend-Jan Wever
• [CORE-2016-0007] - TP-LINK TDDP Multiple Vulnerabilities
  • From: CORE Advisories Team
• [SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
  • From: matthias . deeg
• CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details
  • From: Berend-Jan Wever
• [security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
  • From: security-alert
• [CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
  • From: Dawid Golunski
• [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
  • From: gerhard . klostermeier
• [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
  • From: gerhard . klostermeier
• [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
  • From: matthias . deeg
• [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
  • From: gerhard . klostermeier
• WorldCIST'17 - Submission deadline: November 27
  • From: ML
• [SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update
  • From: Salvatore Bonaccorso
• [SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update
  • From: Salvatore Bonaccorso
• Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic
  • From: Jackie Blanco
• Call for Participation - 5th International Conference on Cyber Security, Cyber Welfare and Digital Forensic
  • From: Jackie Blanco
• CVE 2016-6803: Apache OpenOffice Unquoted Search Path Vulnerability
  • From: Apache OpenOffice Security
• WorldCIST'2017 - Submission deadline: November 30
  • From: ML
• Core FTP LE v2.2 Remote SSH/SFTP Buffer Overflow
  • From: apparitionsec
• [SECURITY] [DSA 3725-1] icu security update
  • From: Luciano Bello
• SEC Consult SA-20161128-0 :: DoS & heap-based buffer overflow in Guidance Software EnCase Forensic
  • From: SEC Consult Vulnerability Lab
• Google Chrome Accessibility blink::Node corruption details
  • From: Berend-Jan Wever
• XSS in tooltip plugin of Zurb Foundation 5
  • From: Winni Neessen
• [RT-SA-2016-003] Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler
  • From: RedTeam Pentesting GmbH