Mail Thread Index

• Date Index

• [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege, security-alert
• Splunk Enterprise Information Theft CVE-2017-5607, hyp3rlinx
• SEC Consult SA-20170403-0 :: Misbehavior of PHP fsockopen function, SEC Consult Vulnerability Lab
• [security bulletin] HPESBGN03721 rev.1 - HPE Operations Bridge Analytics, Remote Cross-Site Scripting (XSS), security-alert
• Kaseya VSA 6.5 Parameter Reflected XSS, Enumeration and Bruteforce Weakness, Patrick Webster
• Lotus Protector for Mail Security remote code execution, Patrick Webster
• Avaya Radvision SCOPIA Desktop dlg_loginownerid.jsp ownerid SQL Injection, Patrick Webster
• AirWatch Self Service Portal Username Parameter LDAP Injection, Patrick Webster
• Manhattan Software IWMS (Integrated Workplace Management System) XML External Entity (XXE) Injection File Disclosure, Patrick Webster
• Lantern CMS Path Disclosure, SQL Injection, Reflected XSS, Patrick Webster
• CVE-2017-7185 - Mongoose OS - Use-after-free / Denial of Service, Advisories
• Computer Associates API Gateway CRLF Response Splitting, Directory Traversal vulnerabilities, Patrick Webster
• Tweek!DM Document Management Authentication bypass, SQL injection, Patrick Webster
• SilverStripe CMS - Path Disclosure, Patrick Webster
• SmartJobBoard - Cross-site scripting, personal information disclosure and PHPMailer package, Patrick Webster
• AcoraCMS browser redirect and Cross-site scripting vulnerabilities, Patrick Webster
• Kaseya information disclosure vulnerability, Patrick Webster
• iPlatinum iOneView Multiple Parameter Reflected XSS, Patrick Webster
• Moodle URL Manipulation Remote Account Information Disclosure, Patrick Webster
• OS-S-2017-01: The password for the application protection of the Schneider Modicon TM221CE16R can be retrieved without authentication. Subsequently the application may be arbitrarily downloaded, uploaded and modified. CVSS 10., Ralf Spenneberg
• The password for the project protection of the Schneider Modicon TM221CE16R is hard-coded and cannot be changed., Ralf Spenneberg
• AST-2017-001: Buffer overflow in CDR's set user, Asterisk Security Team
• [SECURITY] [DSA 3826-1] tryton-server security update, Salvatore Bonaccorso
• DefenseCode ThunderScan SAST Advisory: Apache Tomcat Directory/Path Traversal, DefenseCode
• [security bulletin] HPESBGN03727 rev.1 - HPE Business Process Monitor, Remote Unauthorized Access to Data, security-alert
• Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload, hyp3rlinx
• Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319), David Coomber
• Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387), David Coomber
• SEC Consult SA-20170407-0 :: Server-Side Request Forgery in MyBB forum, SEC Consult Vulnerability Lab
• D-Link DWR-116 - CVE-2017-6190 - Arbitrary File Download, patrykgnt
• [CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite, Denis Magda
• [security bulletin] HPESBGN03733 rev.1 - HPE Universal CMDB using Apache Struts, Remote Code Execution, security-alert
• [SECURITY] [DSA 3827-1] jasper security update, Moritz Muehlenhoff
• [slackware-security] libtiff (SSA:2017-098-01), Slackware Security Team
• Foscam All networked devices, multiple Design Errors. SSL bypass., nick . m . mckenna
• ChromeOS / ChromeBooks Persist Certain Network Settings in Guest Mode, Nightwatch Cybersecurity Research
• DefenseCode ThunderScan SAST Advisory: WordPress Tribulant Slideshow Gallery Plugin - Cross-Site Scripting Vulnerabilities, DefenseCode
• [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure, Mark Thomas
• [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure, Mark Thomas
• Multiple local privilege escalation vulnerabilities in Proxifier for Mac, Securify B.V.
• Microsoft Office OneNote 2007 DLL side loading vulnerability, Securify B.V.
• [SECURITY] [DSA 3829-1] bouncycastle security update, Moritz Muehlenhoff
• FreeBSD Security Advisory FreeBSD-SA-17:03.ntp, FreeBSD Security Advisories
• CVE-2017-7457 Moxa MX AOPC-Server v1.5 XML External Entity Injection, hyp3rlinx
• CVE-2017-7455 Moxa MXview v2.8 Remote Private Key Disclosure, hyp3rlinx
• CVE-2017-7456 Moxa MXview v2.8 Denial Of Service, hyp3rlinx
• DefenseCode Security Advisory: Magento 0day Arbitrary File Upload Vulnerability (Remote Code Execution, CSRF), DefenseCode
• April 2017 - HipChat Server Advisory, Matthew Hart
• [SYSS-2017-005] agorum core Pro - Persistent Cross-Site Scripting, erlijn . vangenuchten
• [SYSS-2017-006] agorum core Pro - Insecure Direct Object Reference, erlijn . vangenuchten
• [SYSS-2017-007] agorum core Pro - Cross-Site Scripting, erlijn . vangenuchten
• [SYSS-2017-008] agorum core Pro - Cross-Site Request Forgery, erlijn . vangenuchten
• [SYSS-2017-009] agorum core Pro - Improper Restriction of XML External Entity Reference ('XXE'), erlijn . vangenuchten
• [security bulletin] HPESBGN03728 rev.1 - HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data, security-alert
• [slackware-security] bind (SSA:2017-103-01), Slackware Security Team
• concrete5 v8.1.0 Host Header Injection, hyp3rlinx
• Watchguard Fireware XXE DoS & User Enumeration, David Fernandez
• [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396, Bryan Call
• [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability, Simon Steiner
• CVE-2017-7615 Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset, hyp3rlinx
• [slackware-security] minicom (SSA:2017-108-01), Slackware Security Team
• CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution, Filippo Cavallarin
  • Message not available
    • Message not available
      • Message not available
        • Message not available
          • Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution, Dawid Golunski
• CVE-2017-7220. OpenText Documentum Content Server: privilege evaluation using crafted RPC save-commands., Andrey B. Panfilov
• DefenseCode ThunderScan SAST Advisory: Ultimate Form Builder Cross-Site Scripting (XSS) Vulnerability, DefenseCode
• October CMS v1.0.412 several vulnerabilities, Anti Räis
• [HITB-Announce] HITB GSEC 2017 CFP Closes April 30th, Hafez Kamal
• [SECURITY] [DSA 3831-1] firefox-esr security update, Moritz Muehlenhoff
• CVE-2017-7192: Starscream library before 2.0.4 allows SSL pinning bypass, Security Advisories
• CVE-2017-5887: Starscream library before 2.0.4 SSL pinning not applied for websocket handshake, Security Advisories
• Authentication bypass vulnerability in Western Digital My Cloud allows escalation to admin privileges, Securify B.V.
• [slackware-security] proftpd (SSA:2017-112-03), Slackware Security Team
• [slackware-security] mozilla-firefox (SSA:2017-112-01), Slackware Security Team
• [slackware-security] ntp (SSA:2017-112-02), Slackware Security Team
• CVE-2017-7221. OpenText Documentum Content Server: arbitrary code execution in dm_bp_transition.ebs docbase method, Andrey B. Panfilov
• KL-001-2017-005 : Solarwinds LEM Privilege Escalation via Controlled Sudo Path, KoreLogic Disclosures
• KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse, KoreLogic Disclosures
• KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection, KoreLogic Disclosures
• KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read, KoreLogic Disclosures
• KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials, KoreLogic Disclosures
• [SECURITY] [DSA 3833-1] libav security update, Moritz Muehlenhoff
• [slackware-security] mozilla-firefox (SSA:2017-114-01), Slackware Security Team
• [SECURITY] [DSA 3834-1] mysql-5.5 security update, Salvatore Bonaccorso
• April 2017 - Confluence - Security Advisory, David Black
• CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability, Chris Douglas
• FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter, FreeBSD Security Advisories
• [SECURITY] [DSA 3836-1] weechat security update, Salvatore Bonaccorso
• Live Helper Chat - Cross-Site Scripting, Advisories
• Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability, Vulnerability Lab
• [SECURITY] [DSA 3838-1] ghostscript security update, Salvatore Bonaccorso
• [security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert