Mail Index

• Thread Index

• [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
  • From: security-alert
• Splunk Enterprise Information Theft CVE-2017-5607
  • From: hyp3rlinx
• SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function
  • From: SEC Consult Vulnerability Lab
• [security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS)
  • From: security-alert
• Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness
  • From: Patrick Webster
• Lotus Protector for Mail Security remote code execution
  • From: Patrick Webster
• Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection
  • From: Patrick Webster
• AirWatch Self Service Portal Username Parameter LDAP Injection
  • From: Patrick Webster
• Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure
  • From: Patrick Webster
• Lantern CMS Path Disclosure, SQL Injection, Reflected XSS
  • From: Patrick Webster
• CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service
  • From: Advisories
• Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities
  • From: Patrick Webster
• Tweek!DM Document Management Authentication bypass, SQL injection
  • From: Patrick Webster
• SilverStripe CMS - Path Disclosure
  • From: Patrick Webster
• SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package
  • From: Patrick Webster
• AcoraCMS browser redirect and Cross-site scripting vulnerabilities
  • From: Patrick Webster
• Kaseya information disclosure vulnerability
  • From: Patrick Webster
• iPlatinum iOneView Multiple Parameter Reflected XSS
  • From: Patrick Webster
• Moodle URL Manipulation Remote Account Information Disclosure
  • From: Patrick Webster
• OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10.
  • From: Ralf Spenneberg
• The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed.
  • From: Ralf Spenneberg
• AST-2017-001: Buffer overflow in CDR's set user
  • From: Asterisk Security Team
• [SECURITY] [DSA 3826-1] tryton-server security update
  • From: Salvatore Bonaccorso
• DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal
  • From: DefenseCode
• [security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data
  • From: security-alert
• Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload
  • From: hyp3rlinx
• Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)
  • From: David Coomber
• Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)
  • From: David Coomber
• SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum
  • From: SEC Consult Vulnerability Lab
• D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download
  • From: patrykgnt
• [CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite
  • From: Denis Magda
• [security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution
  • From: security-alert
• [SECURITY] [DSA 3827-1] jasper security update
  • From: Moritz Muehlenhoff
• [slackware-security] libtiff (SSA:2017-098-01)
  • From: Slackware Security Team
• Foscam All networked devices, multiple Design Errors. SSL bypass.
  • From: nick . m . mckenna
• ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode
  • From: Nightwatch Cybersecurity Research
• DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities
  • From: DefenseCode
• [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure
  • From: Mark Thomas
• [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
  • From: Mark Thomas
• Multiple local privilege escalation vulnerabilities in Proxifier for Mac
  • From: Securify B.V.
• Microsoft Office OneNote 2007 DLL side loading vulnerability
  • From: Securify B.V.
• [SECURITY] [DSA 3829-1] bouncycastle security update
  • From: Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-17:03.ntp
  • From: FreeBSD Security Advisories
• CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection
  • From: hyp3rlinx
• CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure
  • From: hyp3rlinx
• CVE-2017-7456 Moxa MXview v2.8 Denial Of Service
  • From: hyp3rlinx
• DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF)
  • From: DefenseCode
• April 2017 - HipChat Server Advisory
  • From: Matthew Hart
• [SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting
  • From: erlijn . vangenuchten
• [SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference
  • From: erlijn . vangenuchten
• [SYSS-2017-007] agorum core Pro - Cross-Site Scripting
  • From: erlijn . vangenuchten
• [SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery
  • From: erlijn . vangenuchten
• [SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE')
  • From: erlijn . vangenuchten
• [security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data
  • From: security-alert
• [slackware-security] bind (SSA:2017-103-01)
  • From: Slackware Security Team
• concrete5 v8.1.0 Host Header Injection
  • From: hyp3rlinx
• Watchguard Fireware XXE DoS & User Enumeration
  • From: David Fernandez
• [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396
  • From: Bryan Call
• [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability
  • From: Simon Steiner
• CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
  • From: hyp3rlinx
• [slackware-security] minicom (SSA:2017-108-01)
  • From: Slackware Security Team
• CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Filippo Cavallarin
• CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands.
  • From: Andrey B. Panfilov
• DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability
  • From: DefenseCode
• October CMS v1.0.412 several vulnerabilities
  • From: Anti Räis
• [HITB-Announce] HITB GSEC 2017 CFP Closes April 30th
  • From: Hafez Kamal
• [SECURITY] [DSA 3831-1] firefox-esr security update
  • From: Moritz Muehlenhoff
• CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass
  • From: Security Advisories
• CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake
  • From: Security Advisories
• Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges
  • From: Securify B.V.
• [slackware-security] proftpd (SSA:2017-112-03)
  • From: Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2017-112-01)
  • From: Slackware Security Team
• [slackware-security] ntp (SSA:2017-112-02)
  • From: Slackware Security Team
• Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution
  • From: Dawid Golunski
• CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method
  • From: Andrey B. Panfilov
• KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path
  • From: KoreLogic Disclosures
• KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse
  • From: KoreLogic Disclosures
• KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection
  • From: KoreLogic Disclosures
• KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read
  • From: KoreLogic Disclosures
• KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials
  • From: KoreLogic Disclosures
• [SECURITY] [DSA 3833-1] libav security update
  • From: Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2017-114-01)
  • From: Slackware Security Team
• [SECURITY] [DSA 3834-1] mysql-5.5 security update
  • From: Salvatore Bonaccorso
• April 2017 - Confluence - Security Advisory
  • From: David Black
• CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability
  • From: Chris Douglas
• FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 3836-1] weechat security update
  • From: Salvatore Bonaccorso
• Live Helper Chat - Cross-Site Scripting
  • From: Advisories
• Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
  • From: Vulnerability Lab
• [SECURITY] [DSA 3838-1] ghostscript security update
  • From: Salvatore Bonaccorso
• [security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
  • From: security-alert