Mail Thread Index

• Date Index

• Microsoft Dynamic CRM 2016 - Cross-Site Scripting vulnerability, gregory draperi
• [slackware-security] kernel (SSA:2017-181-02), Slackware Security Team
• [slackware-security] glibc (SSA:2017-181-01), Slackware Security Team
• InsomniaX loader allows loading of arbitrary Kernel Extensions, Securify B.V.
• [CVE-2017-9313] Webmin 1.840 Multiple XSS Vulnerabilities, andys3c
• [SECURITY] [DSA 3901-1] libgcrypt20 security update, Salvatore Bonaccorso
• [slackware-security] Slackware 14.0 kernel (SSA:2017-184-01), Slackware Security Team
• [security bulletin] HPSBMU02933 rev.3 - HPE SiteScope, issueSiebelCmd and loadFileContents SOAP Requests, Remote Code Execution, Arbitrary File download, Denial of Service (DoS), HPE Product Security Response Team
• [SECURITY] [DSA 3902-1] jabberd2 security update, Salvatore Bonaccorso
• [SECURITY] [DSA 3903-1] tiff security update, Moritz Muehlenhoff
• KL-001-2017-011 : Barracuda WAF Internal Development Credential Disclosure, KoreLogic Disclosures
• KL-001-2017-012 : Barracuda WAF Grub Password Complexity, KoreLogic Disclosures
• KL-001-2017-014 : Barracuda WAF Support Tunnel Hijack, KoreLogic Disclosures
• KL-001-2017-015 : Solarwinds LEM Hardcoded Credentials, KoreLogic Disclosures
• Firefox v54.0.1 Denial Of Service, apparitionsec
• [SYSS-2017-011] Office 365: Insufficient Session Expiration (CWE-613), Micha Borrmann
• [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr, Shalin Shekhar Mangar
• CVE-2017-10974 Yaws Web Server v1.91 Unauthenticated Remote File Disclosure, hyp3rlinx
• [slackware-security] php (SSA:2017-188-01), Slackware Security Team
• [SECURITY] [DSA 3904-1] bind9 security update, Yves-Alexis Perez
• [SECURITY] [DSA 3905-1] xorg-server security update, Moritz Muehlenhoff
• [slackware-security] irssi (SSA:2017-190-01), Slackware Security Team
• ToorCon 19 Call For Papers Closing This Week!, h1kari
• [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure, Sailesh Mukil
• CVE-2017-5640 Apache Impala (incubating) Information Disclosure, Sailesh Mukil
• [security bulletin] HPESBNS03755 rev.1 - HPE NonStop Server using Samba, Multiple Remote Vulnerabilities, HPE Product Security Response Team
• [security bulletin] HPESBHF03745 rev.2 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, HPE Product Security Response Team
• [security bulletin] HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection, HPE Product Security Response Team
• [security bulletin] HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution, HPE Product Security Response Team
• CVE-2017-4918: Code Injection in VMware Horizon’s macOS Client, Florian Bogner
• [RT-SA-2017-011] Remote Command Execution in PDNS Manager, RedTeam Pentesting GmbH
• [CVE request]linux kernel xfrm migrate out-of-bound access, bo Zhang
• SEC Consult SA-20170712-0 :: Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products, SEC Consult Vulnerability Lab
• [SECURITY] [DSA 3908-1] nginx security update, Moritz Muehlenhoff
• CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2, William A Rowe Jr
• CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest, William A Rowe Jr
• CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation, Maxim Solodovnik
• CVE-2017-7663 - Apache OpenMeetings - XSS in chat, Maxim Solodovnik
• CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload, Maxim Solodovnik
• CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update, Maxim Solodovnik
• [CVE-2017-7728] - Authentication Bypass allows alarm's commands execution in iSmartAlarm, ilia . shnaidman
• [SECURITY] [DSA 3914-1] imagemagick security update, Moritz Muehlenhoff
• APPLE-SA-2017-07-19-4 tvOS 10.2.2, Apple Product Security
• APPLE-SA-2017-07-19-6 iTunes 12.6.2, Apple Product Security
• APPLE-SA-2017-07-19-1 iOS 10.3.3, Apple Product Security
• APPLE-SA-2017-07-19-3 watchOS 3.2.2, Apple Product Security
• APPLE-SA-2017-07-19-2 macOS 10.12.6, Apple Product Security
• APPLE-SA-2017-07-19-5 Safari 10.1.2, Apple Product Security
• APPLE-SA-2017-07-19-7 iCloud for Windows 6.2.2, Apple Product Security
• Directory Traversal vulnerability in Integration Gateway (PSIGW), ERPScan inc
• Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft), ERPScan inc
• File Upload in Integration Gateway (PSIGW), ERPScan inc
• [security bulletin] HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS), security-alert
• [security bulletin] HPESBHF03745 rev.3 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution, security-alert
• [slackware-security] seamonkey (SSA:2017-202-01), Slackware Security Team
• [SECURITY] [DSA 3917-1] catdoc security update, Salvatore Bonaccorso
• [RT-SA-2017-004] Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-007] Undocumented Administrative Service Account in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-003] Cross-Site Scripting in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-009] Remote Command Execution as root in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-005] Unauthenticated Extraction of Session-IDs in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-008] Unauthenticated Access to Diagnostic Functions in REDDOXX Appliance, RedTeam Pentesting GmbH
• [RT-SA-2017-006] Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance, RedTeam Pentesting GmbH
• SEC Consult SA-20170724-1 :: Open Redirect issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
• SEC Consult SA-20170724-0 :: Cross-Site Scripting (XSS) issue in multiple Ubiquiti Networks products, SEC Consult Vulnerability Lab
• [slackware-security] tcpdump (SSA:2017-205-01), Slackware Security Team
• [SECURITY] [DSA 3920-1] qemu security update, Moritz Muehlenhoff
• [SECURITY] [DSA 3919-1] openjdk-8 security update, Moritz Muehlenhoff
• [security bulletin] HPESBHF03765 rev.1 - HPE ConvergedSystem 700 Solution with Comware v7 Switches using OpenSSL, Remote Denial of Service (DoS) and Disclosure of Sensitive Information, HPE Product Security Response Team
• FortiOS <= 5.6.0 Multiple XSS Vulnerabilities, msg