Mail Thread Index
- Advisory X41-2017-001: Multiple Vulnerabilities in X.org,
X41 D-Sec GmbH Advisories
- Multiple persistent Cross-Site Scripting vulnerabilities in osTicket,
Securify B.V.
- Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability,
Summer of Pwnage
- Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field,
Summer of Pwnage
- Admin Custom Login WordPress plugin custom login page affected by persistent Cross-Site Scripting,
Summer of Pwnage
- Cross-Site Request Forgery in File Manager WordPress plugin,
Summer of Pwnage
- Cross-Site Request Forgery in Global Content Blocks WordPress Plugin,
Summer of Pwnage
- Cross-Site Scripting vulnerability in Gwolle Guestbook WordPress Plugin,
Summer of Pwnage
- Persistent Cross-Site Scripting in the WordPress NewStatPress plugin,
Summer of Pwnage
- Cross-Site Request Forgery in WordPress Download Manager Plugin,
Summer of Pwnage
- Gwolle Guestbook mass action vulnerable for Cross-Site Request Forgery,
Summer of Pwnage
- Cross-Site Request Forgery in Atahualpa WordPress Theme,
Summer of Pwnage
- Cross-Site Scripting in Magic Fields 1 WordPress Plugin,
Summer of Pwnage
- Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin,
Summer of Pwnage
- Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin,
Summer of Pwnage
- Stored Cross-Site Scripting vulnerability in Contact Form WordPress Plugin,
Summer of Pwnage
- [SECURITY] [DSA 3798-1] tnef security update,
Sebastien Delafond
- Joomla com_webgrouper Component - 'Itemid' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_jdownloads Component - 'cid' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_phocadownload Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_frontpage Component - 'Itemid' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_filecabinet Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_news Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_publication Component - 'sid' Parameter Sql Injection Vulnerability,
iedb . team
- [SECURITY] [DSA 3794-2] munin regression update,
Salvatore Bonaccorso
- Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0,
Larry W. Cashdollar
- [SECURITY] [DSA 3801-1] ruby-zip security update,
Salvatore Bonaccorso
- EasyCom SQL iPlug Denial Of Service,
hyp3rlinx
- CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility,
ddos2me
- OpenElec: Remote Code Execution Vulnerability through Man-In-The-Middle(CVE-2017-6445),
Wolfgang
- CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility,
ddos2me
- CVE-2016-7955 - Alienvault OSSIM/USM Authentication Bypass,
Peter Lapp
- Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass,
hyp3rlinx
- EasyCom PHP API Stack Buffer Overflow,
hyp3rlinx
- WordPress audio playlist functionality is affected by Cross-Site Scripting,
Summer of Pwnage
- SEC Consult SA-20170307-0 :: Unauthenticated OS command injection & arbitrary file upload in Western Digital WD My Cloud,
SEC Consult Vulnerability Lab
- Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution,
Securify B.V.
- [security bulletin] HPESBHF03710 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Multiple Remote Vulnerabilities,
security-alert
- Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in GoAhead,
Pierre Kim
- [slackware-security] mozilla-firefox (SSA:2017-066-01),
Slackware Security Team
- SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint,
SEC Consult Vulnerability Lab
- [security bulletin] HPESBGN03712 rev.1 - HPE LoadRunner and Performance Center, Remote Code Execution,
security-alert
- [security bulletin] HPESBHF03713 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Deserialization of Untrusted Data, Remote Code Execution,
security-alert
- [SECURITY] [DSA 3804-1] linux security update,
Salvatore Bonaccorso
- [security bulletin] HPESBHF03714 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Local Arbitrary File Download,
security-alert
- RE: CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS,
Melissa Mayer
- [SECURITY] [DSA 3805-1] firefox-esr security update,
Moritz Muehlenhoff
- CVE-2016-10143: Vulnerability to read arbitrary files in "Tiki Wiki",
Leon . Zhao . 7
- [security bulletin] HPESBHF03716 rev.1 - HPE Intelligent Management Center (IMC) PLAT, Remote Authentication Bypass,
security-alert
- [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege,
security-alert
- [security bulletin] HPESBHF03711 rev.1 - HPE 2620 Series Network Switches, Remote Cross Site Request Forgery (CSRF),
security-alert
- [security bulletin] HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities,
security-alert
- Joomla com_eventlist Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_kide Component - 'view' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_carocci Component - 'isbn' Parameter Sql Injection Vulnerability,
iedb . team
- [SECURITY] [DSA 3808-1] imagemagick security update,
Moritz Muehlenhoff
- Atlassian - March 2017 - Bamboo, Crowd and HipChat Server - Critical Security Advisory,
David Black
- Joomla com_easyblog Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_registrationpro Component - 'did' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_fidecalendar Component - 'aid' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_sngevents Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_kunena Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Joomla com_virtuemart Component - 'id' Parameter Sql Injection Vulnerability,
iedb . team
- Microsoft Edge Fetch API allows setting of arbitrary request headers,
Securify B.V.
- CVE-2017-0045 Windows DVD Maker XML External Entity File Disclosure,
hyp3rlinx
- Path Traversal Remote File Disclosure,
hyp3rlinx
- [slackware-security] pidgin (SSA:2017-074-01),
Slackware Security Team
- CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability,
wsachin092
- SEC Consult SA-20170316-0 :: Authenticated command injection in multiple Ubiquiti Networks products,
SEC Consult Vulnerability Lab
- CVE-2017-6805 MobaXterm Personal Edition v9.4 Path Traversal Remote File Disclosure,
hyp3rlinx
- MS Internet Information Services XSS / HTML Injection vulnerability,
David FM
- [SECURITY] [DSA 3811-1] wireshark security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3812-1] ioquake3 security update,
Moritz Muehlenhoff
- [SECURITY] [DSA 3813-1] r-base security update,
Moritz Muehlenhoff
- CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service,
hyp3rlinx
- [security bulletin] HPSBUX03596 rev.2 - HPE HP-UX running CIFS Server (Samba), Remote Access Restriction Bypass, Unauthorized Access,
security-alert
- [SECURITY] [DSA 3796-2] sitesummary regression update,
Sebastien Delafond
- ESA-2017-010: EMC RecoverPoint SSL Stripping Vulnerability,
EMC Product Security Response Center
- [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM,
ERPScan inc
- Defense in depth -- the Microsoft way (part 47): "AppLocker bypasses are not serviced via monthly security roll-ups",
Stefan Kanthak
- SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices,
SEC Consult Vulnerability Lab
- APPLE-SA-2017-03-22-1 iTunes for Windows 12.6,
Apple Product Security
- [SECURITY] [DSA 3816-1] samba security update,
Salvatore Bonaccorso
- [SECURITY] [DSA 3817-1] jbig2dec security update,
Moritz Muehlenhoff
- APPLE-SA-2017-03-27-1 Pages 6.1, Numbers 4.1, and Keynote 7.1 for Mac; Pages 3.1, Numbers 3.1, and Keynote 3.1 for iOS,
Apple Product Security
- [SECURITY] [DSA 3821-1] gst-plugins-ugly1.0 security update,
Moritz Muehlenhoff
- APPLE-SA-2017-03-27-7 macOS Server 5.3,
Apple Product Security
- [SECURITY] [DSA 3823-1] eject security update,
Salvatore Bonaccorso
- APPLE-SA-2017-03-28-1 iCloud for Windows 6.2,
Apple Product Security
- [slackware-security] mariadb (SSA:2017-087-01),
Slackware Security Team
- [SECURITY] [DSA 3798-2] tnef regression update,
Sebastien Delafond
- [SECURITY] [DSA 3824-1] firebird2.5 security update,
Sebastien Delafond
- ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability,
EMC Product Security Response Center
- ESA-2017-013: RSA Archer® GRC Security Operations Management Sensitive Information Disclosure Vulnerability,
EMC Product Security Response Center
- [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities,
security-alert
- [security bulletin] HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution,
security-alert
Mail converted by MHonArc