Mail Thread Index

• Date Index

• Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X, Securify B.V.
• SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options, Securify B.V.
• IML 2017 Conference, ACM digital library proceedings, Venue: Liverpool John Moores University, United Kingdom, IML 2017 Conference
• [security bulletin] HPESBHF03741 rev.1 - HPE Network products including Comware 7, IMC, and VCX running OpenSSL, Local Unauthorized Disclosure of Information, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, security-alert
• MODX Revolution 2.0.1-pl - 2.5.6-pl blind SQLi, Anti Räis
• [SECURITY] [DSA 3842-1] tomcat7 security update, Sebastien Delafond
• [SECURITY] [DSA 3843-1] tomcat8 security update, Sebastien Delafond
• Mura CMS Cross-Site Scripting (XSS) Vulnerability, Leon . Zhao . 7
• Hola VPN v1.34 - Privilege Escalation Vulnerability, Vulnerability Lab
• Joomla com_tag v1.7.6 - (tag) SQL Injection Vulnerability, Vulnerability Lab
• Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability, Vulnerability Lab
• Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability, Vulnerability Lab
• Zenario v7.6 - Persistent Cross Site Scripting Vulnerability, Vulnerability Lab
• Zenario CMS v7.6 - (Delete) Persistent Cross Site Vulnerability, Vulnerability Lab
• ESA-2017-036: EMC Data Domain Privilege Escalation Vulnerability, EMC Product Security Response Center
• WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) [CVE-2017-8295], Dawid Golunski
• [security bulletin] HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities, security-alert
• [security bulletin] HPESBHF03736 rev.1 - HPE Aruba and HPE ProVision network switches using Diffie Hellman Group1 Sha1 Exchange Algorithm, Remote Disclosure of Information, security-alert
• CA20170504-01: Security Notice for CA Client Automation OS Installation Management, Kotas, Kevin J
• ESA-2017-035: EMC Mainframe Enablers ResourcePak Base privilege management vulnerability, EMC Product Security Response Center
• [SECURITY] [DSA 3845-1] libtirpc security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3846-1] libytnef security update, Sebastien Delafond
• SEC Consult SA-20170509-0 :: Multiple vulnerabilities in I, Librarian PDF manager, SEC Consult Vulnerability Lab
• CVE-2016-6799: Internal system information leak, Simon MacDonald
• [security bulletin] HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege, security-alert
• [SECURITY] [DSA 3847-1] xen security update, Moritz Muehlenhoff
• Multiple Vulnerabilities in ASUS Routers [CVE-2017-5891 and CVE-2017-5892], Nightwatch Cybersecurity Research
• [SECURITY] [DSA 3848-1] git security update, Salvatore Bonaccorso
• SEC Consult SA-20170510-0 :: Insecure Handling Of URI Schemes in Microsoft OneDrive iOS App, SEC Consult Vulnerability Lab
• [CORE-2017-0001] - SAP SAPCAR Heap Based Buffer Overflow Vulnerability, Core Security Advisories Team
• ESA-2017-027: EMC Isilon OneFS NFS Export Upgrade Vulnerability, EMC Product Security Response Center
• ESA-2017-017: RSA® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerability, EMC Product Security Response Center
• DefenseCode ThunderScan SAST Advisory: WordPress Tracking Code Manager Plugin Multiple Security Vulnerabilities, DefenseCode
• DefenseCode WebScanner DAST Advisory: WordPress User Access Manager Plugin Security Vulnerability, DefenseCode
• SEC Consult SA-20170511-0 :: Stack-based buffer overflow vulnerability in Guidance Software EnCase Forensic Imager, SEC Consult Vulnerability Lab
• DefenseCode ThunderScan SAST Advisory: GOOGLE google-api-php-client Multiple Security Vulnerabilities, DefenseCode
• [security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
• Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability, Secunia Research
• Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability, Secunia Research
• [SECURITY] [DSA 3853-1] bitlbee security update, Sebastien Delafond
• APPLE-SA-2017-05-15-4 watchOS 3.2.1, Apple Product Security
• APPLE-SA-2017-05-15-6 iTunes 12.6.1, Apple Product Security
• Nextcloud/Owncloud - Reflected Cross Site Scripting in error pages, Manuel Mancera
• [SYSS-2017-010] HP Wireless Mouse: Spoofing Attack (CWE-345), Micha Borrmann
• [slackware-security] kdelibs (SSA:2017-136-02), Slackware Security Team
• PingID (MFA) - Reflected Cross-Site Scripting, Advisories
• [SECURITY] [DSA 3856-1] deluge security update, Moritz Muehlenhoff
• [security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information, security-alert
• [SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints, Martin
• [SECURITY] [DSA 3858-1] openjdk-7 security update, Moritz Muehlenhoff
• CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal, hyp3rlinx
  • <Possible follow-ups>
  • CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal, hyp3rlinx
• May 2017 - SourceTree - Critical Security Advisory, Atlassian
• CVE-2017-9046 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection, hyp3rlinx
• CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution, hyp3rlinx
• HPESBHF03744 rev.1 - HPE Intelligent Management Center (iMC) PLAT running OpenSSL, Remote Denial of Service (DoS), HPE Product Security Response Team
• Secunia Research: Microsoft Windows Heap-based Buffer Overflow Vulnerabilities, Secunia Research
• [SECURITY] [DSA 3861-1] libtasn1-6 security update, Sebastien Delafond
• DefenseCode ThunderScan SAST Advisory: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability, DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress Huge-IT Video Gallery Plugin Security Vulnerability, DefenseCode
• DefenseCode ThunderScan SAST Advisory: WordPress AffiliateWP Plugin Security Vulnerability, DefenseCode
• [security bulletin] HPESBHF03751 rev.1 - HPE Aruba AirWave Glass, Remote Code Execution, security-alert
• [slackware-security] samba (SSA:2017-144-01), Slackware Security Team
• WebKitGTK+ Security Advisory WSA-2017-0004, Carlos Alberto Lopez Perez
• [security bulletin] HPESBHF03746 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, HPE Product Security Response Team
• [SECURITY] [DSA 3863-1] imagemagick security update, Moritz Muehlenhoff
• [security bulletin] HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS), security-alert
• [security bulletin] HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass, security-alert
• [security bulletin] HPESBHF03730 rev.1 - HPE Aruba ClearPass Policy Manager, Multiple Vulnerabilities, security-alert
• Wordpress Plugin Social-Stream - Exposure of Twitter API Secret Key and Token, kyle Lovett
• Multiple Local Privilege Escalation Vulnerabilities in Acunetix Web Vulnerability Scanner 11, Florian Bogner
• [SECURITY] [DSA 3865-1] mosquitto security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3866-1] strongswan security update, Yves-Alexis Perez
• [SECURITY] [DSA 3867-1] sudo security update, Salvatore Bonaccorso
• DefenseCode ThunderScan SAST Advisory: WordPress Simple Slideshow Manager Plugin Multiple Security Vulnerabilities, DefenseCode
• [CVE-2017-5688] Executable installers are vulnerable^WEVIL (case 52): Intel installation framework allows arbitrary code execution with escalation of privilege, Stefan Kanthak