Mail Index
- Advisory X41-2017-001: Multiple Vulnerabilities in X.org
- From: X41 D-Sec GmbH Advisories
- Multiple persistent Cross-Site Scripting vulnerabilities in osTicket
- Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability
- Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field
- Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting
- Cross-Site Request Forgery in File Manager WordPress plugin
- Cross-Site Request Forgery in Global Content Blocks WordPress Plugin
- Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin
- Persistent Cross-Site Scripting in the WordPress NewStatPress plugin
- Cross-Site Request Forgery in WordPress Download Manager Plugin
- Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery
- Cross-Site Request Forgery in Atahualpa WordPress Theme
- Cross-Site Scripting in Magic Fields 1 WordPress Plugin
- Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
- Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin
- Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin
- [SECURITY] [DSA 3798-1] tnef security update
- Joomla com_webgrouper Component - 'Itemid' Parameter Sql Injection Vulnerability
- Joomla com_jdownloads Component - 'cid' Parameter Sql Injection Vulnerability
- Joomla com_phocadownload Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_frontpage Component - 'Itemid' Parameter Sql Injection Vulnerability
- Joomla com_filecabinet Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_news Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_publication Component - 'sid' Parameter Sql Injection Vulnerability
- [SECURITY] [DSA 3794-2] munin regression update
- From: Salvatore Bonaccorso
- Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0
- From: Larry W. Cashdollar
- [SECURITY] [DSA 3801-1] ruby-zip security update
- From: Salvatore Bonaccorso
- EasyCom SQL iPlug Denial Of Service
- CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility
- OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445)
- CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility
- CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass
- Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass
- EasyCom PHP API Stack Buffer Overflow
- WordPress audio playlist functionality is affected by Cross-Site Scripting
- SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud
- From: SEC Consult Vulnerability Lab
- Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution
- [security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities
- Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead
- [slackware-security] mozilla-firefox (SSA:2017-066-01)
- From: Slackware Security Team
- SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint
- From: SEC Consult Vulnerability Lab
- [security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution
- [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution
- [SECURITY] [DSA 3804-1] linux security update
- From: Salvatore Bonaccorso
- [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download
- RE: CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS
- [SECURITY] [DSA 3805-1] firefox-esr security update
- CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki"
- [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass
- [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege
- [security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF)
- [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities
- Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability
- Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability
- [SECURITY] [DSA 3808-1] imagemagick security update
- Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory
- Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability
- Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability
- Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability
- Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability
- Microsoft Edge Fetch API allows setting of arbitrary request headers
- CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure
- Path Traversal Remote File Disclosure
- [slackware-security] pidgin (SSA:2017-074-01)
- From: Slackware Security Team
- CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability
- SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products
- From: SEC Consult Vulnerability Lab
- CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure
- MS Internet Information Services XSS / HTML Injection vulnerability
- [SECURITY] [DSA 3811-1] wireshark security update
- [SECURITY] [DSA 3812-1] ioquake3 security update
- [SECURITY] [DSA 3813-1] r-base security update
- CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service
- [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access
- [SECURITY] [DSA 3796-2] sitesummary regression update
- ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability
- From: EMC Product Security Response Center
- [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups"
- SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices
- From: SEC Consult Vulnerability Lab
- APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
- From: Apple Product Security
- [SECURITY] [DSA 3816-1] samba security update
- From: Salvatore Bonaccorso
- [SECURITY] [DSA 3817-1] jbig2dec security update
- APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS
- From: Apple Product Security
- [SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update
- APPLE-SA-2017-03-27-7 macOS Server 5.3
- From: Apple Product Security
- [SECURITY] [DSA 3823-1] eject security update
- From: Salvatore Bonaccorso
- APPLE-SA-2017-03-28-1 iCloud for Windows 6.2
- From: Apple Product Security
- [slackware-security] mariadb (SSA:2017-087-01)
- From: Slackware Security Team
- [SECURITY] [DSA 3798-2] tnef regression update
- [SECURITY] [DSA 3824-1] firebird2.5 security update
- ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability
- From: EMC Product Security Response Center
- ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability
- From: EMC Product Security Response Center
- [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- [security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution
Mail converted by MHonArc