Bugtraq: by date

PreviousPrevious period
Next periodNext

174 messages starting Feb 02 15 and ending Feb 27 15
Date index | Thread index | Author index

Monday, 02 February

Defense in depth -- the Microsoft way (part 27): the command line you get differs from the command line I use to call you Stefan Kanthak
Major Internet Explorer Vulnerability - NOT Patched David Leo
[SECURITY] [DSA 3148-1] chromium-browser end of life Michael Gilbert
Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384 Onur Yilmaz
Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities ITAS Team
Microweber 0.95 - SQL Injection Vulnerability ITAS Team
Fork CMS 3.8.3 - XSS Vulnerability ITAS Team
[security bulletin] HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution security-alert
[SECURITY] [DSA 3150-1] vlc security update Alessandro Ghedini
[security bulletin] HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3149-1] condor security update Sebastien Delafond

Tuesday, 03 February

[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code security-alert
[security bulletin] HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege security-alert
[CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory mohamed . idris
Re: [SECURITY] [DSA 3149-1] condor security update xfrendnugroho
articleFR CMS 3.0.5 - XSS vulnerability Tien Tran Dinh
articleFR CMS 3.0.5 - SQL injection vulnerability Tien Tran Dinh
articleFR CMS 3.0.5 - Arbitrary File Upload Tien Tran Dinh
[SECURITY] [DSA 3151-1] python-django security update Salvatore Bonaccorso
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability alex_haynes
[SECURITY] [DSA 3152-1] unzip security update Salvatore Bonaccorso
CVE-2015-1437 XSS In ASUS Router. kingkaustubh
MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token Greg Hudson

Wednesday, 04 February

[SECURITY] [DSA 3153-1] krb5 security update Moritz Muehlenhoff
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 sven
Re: CVE-2015-1437 XSS In ASUS Router. Henri Salo
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched David Leo
Re: CVE-2015-1437 XSS In ASUS Router. Michael Meyer
ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability Security Alert
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities Security Alert
Bitdefender Internet Security - jerold
Re: CVE-2015-1437 XSS In ASUS Router. Darko Vršič
Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability Cisco Systems Product Security Incident Response Team
Re: Re: CVE-2015-1437 XSS In ASUS Router. kingkaustubh

Monday, 09 February

Re: [FD] Major Internet Explorer Vulnerability - NOT Patched David Leo
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" David Leo
RE: [FD] Major Internet Explorer Vulnerability - NOT Patched Dimitris Strevinas
CVE-2015-1172 Wordpress-theme remote arbitrary code borg
[ MDVSA-2015:030 ] bugzilla security
[ MDVSA-2015:029 ] binutils security
[oCERT-2015-002] e2fsprogs input sanitization errors Andrea Barisani
ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability Security Alert
[ MDVSA-2015:032 ] php security
[ MDVSA-2015:031 ] busybox security
[SECURITY] [DSA 3154-1] ntp security update Salvatore Bonaccorso
LG On Screen Phone authentication bypass (CVE-2014-8757) Imre Rad
[ MDVSA-2015:033 ] java-1.7.0-openjdk security
[ MDVSA-2015:034 ] jasper security
[ MDVSA-2015:036 ] python-django security
[ MDVSA-2015:035 ] libvirt security
BMC Footprints Service Core 11.5 - Multiple Cross Site Scripting Vulnerabilities (XSS) ayman . abdelaziz
[ MDVSA-2015:037 ] vorbis-tools security
[SECURITY] [DSA 3155-1] postgresql-9.1 security update Luciano Bello
[SECURITY] [DSA 2978-2] libxml2 security update Alessandro Ghedini
[security bulletin] HPSBUX03166 SSRT101489 rev.2 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass security-alert
[security bulletin] HPSBUX03235 SSRT101750 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS) security-alert
[security bulletin] HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03224 rev.1 - HP LoadRunner and Performance Center, Load Generator Virtual Machine Images, running Windows, Remote Elevation of Privilege security-alert
[security bulletin] HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information security-alert
[security bulletin] HPSBMU03216 rev.2 - HP Service Manager running SSLv3, Multiple Remote Vulnerabilities security-alert
[SECURITY] [DSA 3154-2] ntp security update Salvatore Bonaccorso
[SECURITY] [DSA 3156-1] liblivemedia security update Alessandro Ghedini
Radexscript CMS 2.2.0 - SQL Injection vulnerability ITAS Team
Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072) bhdresh
[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling Mark Thomas
Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched Shawn Hsiao
[SECURITY] [DSA 3157-1] ruby1.9.1 security update Alessandro Ghedini
[security bulletin] HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information security-alert
[SECURITY] [DSA 3158-1] unrtf security update Salvatore Bonaccorso
[security bulletin] HPSBGN03251 rev.1 - HP Storage Essentials running SSLv3, Remote Disclosure of Information security-alert

Tuesday, 10 February

Mooplayer 1.3.0 'm3u' SEH Buffer Overflow POC saman . j . l33t
Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched Christoph Gruber
[ MDVSA-2015:039 ] glibc security
[RT-SA-2014-013] Cross-Site Scripting in IBM Endpoint Manager Relay Diagnostics Page RedTeam Pentesting GmbH
[security bulletin] HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information security-alert
[security bulletin] HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities security-alert
[security bulletin] HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities security-alert
Re: Suspicious URL:Re: [FD] Major Internet Explorer Vulnerability - NOT Patched Joshua Rogers
[ MDVSA-2015:040 ] zarafa security
[ MDVSA-2015:041 ] cabextract security
[ MDVSA-2015:042 ] clamav security
[ MDVSA-2015:043 ] otrs security
[SECURITY] [DSA 3159-1] ruby1.8 security update Alessandro Ghedini

Wednesday, 11 February

Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin High-Tech Bridge Security Research
Multiple Vulnerabilities in my little forum High-Tech Bridge Security Research
Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability Vulnerability Lab
BlinkSale Bug Bounty #1 - Encode & Validation Vulnerability Vulnerability Lab
Pandora FMS v5.1 SP1 - SQL Injection Web Vulnerability Vulnerability Lab
T-Mobile Internet Manager - DLL Hijacking (mfc71enu.dll) Vulnerability Lab
[ANN] MSKB 3004375 available for Windows 2000 and later too (but NOT from Mcirosoft) Stefan Kanthak
Cisco Security Advisory: Cisco Secure Access Control System SQL Injection Vulnerability Cisco Systems Product Security Incident Response Team
Elasticsearch vulnerability CVE-2015-1427 Kevin Kluge
[SECURITY] [DSA 3160-1] xorg-server security update Moritz Muehlenhoff
Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability sn

Thursday, 12 February

[SECURITY] [DSA 3161-1] dbus security update Salvatore Bonaccorso
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software Cisco Systems Product Security Incident Response Team
Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) Jonathan Brossard
Open-Xchange Security Advisory 2015-02-12 Martin Heiland
[ MDVSA-2015:044 ] perl-Gtk2 security
[ MDVSA-2015:045 ] e2fsprogs security
[ MDVSA-2015:046 ] ntp security
[ MDVSA-2015:048 ] postgresql security
[ MDVSA-2015:047 ] elfutils security

Friday, 13 February

Re: Shakacon 2015 Last Call for Papers (July 6-9 2015, Honolulu, Hawaii) Jonathan Brossard
CVE-2015-1574 - Google Email App 4.2.2 remote denial of service Hector Marco
[security bulletin] HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution security-alert
UNIT4 Prosoft HRMS XSS Vulnerability jerold

Monday, 16 February

CVE-2015-1600 - Netatmo Weather Station Cleartext Password Leak jullrich
CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four Hector Marco
[CVE-2015-1585] Fat Free CRM - CSRF Vulnerability in Version 0.13.5 sven
Cosmoshop - XSS on Admin-Login Mask innate
Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher kingkaustubh
Reflected File Download in AOL Search Website Ricardo Iramar dos Santos
Re: Reflected File Download in AOL Search Website Mike Antcliffe

Tuesday, 17 February

[slackware-security] seamonkey (SSA:2015-047-02) Slackware Security Team
[slackware-security] patch (SSA:2015-047-01) Slackware Security Team
[slackware-security] sudo (SSA:2015-047-03) Slackware Security Team
CVE-2015-1614 csrf/xss in in wordpress Plugin Image Metadata cruncher kingkaustubh
Ebay Inc Magento Bug Bounty #5 - Persistent Validation & Mail Encoding Web Vulnerability Vulnerability Lab
NetGear WNDR Authentication Bypass / Information Disclosure Peter Adkins

Wednesday, 18 February

Crushftp 7.2.0 - Multiple CSRF & XSS Vulnerabilities‏ Rehan Ahmed
[RT-SA-2014-016] Directory Traversal and Arbitrary File Disclosure in hybris Commerce Software Suite RedTeam Pentesting GmbH
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3 sven
PHP Code Execution in jui_filter_rules Parsing Library Timo Schmid

Thursday, 19 February

[SECURITY] [DSA 3162-1] bind9 security update Florian Weimer
[SECURITY] [DSA 3163-1] libreoffice security update Alessandro Ghedini
Defense in depth -- the Microsoft way (part 28): yes, we can (create even empty, but properly quoted pathnames) Stefan Kanthak
iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... Stefan Kanthak

Monday, 23 February

[security bulletin] HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS) security-alert
Cisco Security Advisory: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team
[security bulletin] HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties security-alert
Stored XSS Vulnerability in ADPlugg Wordpress Plugin kingkaustubh
Defense in depth -- the Microsoft way (part 29): contradicting, ambiguous, incomplete documentation Stefan Kanthak
[SECURITY] [DSA 3164-1] typo3-src security update Moritz Muehlenhoff
[SECURITY] [DSA 3165-1] xdg-utils security update Michael Gilbert
[SECURITY] [DSA 3166-1] e2fsprogs security update Michael Gilbert
[SECURITY] [DSA 3167-1] sudo security update Salvatore Bonaccorso
CVE-2014-8487: Kony EMM insecurity Direct Object Reference michael . hendrickx
[SECURITY] [DSA 3168-1] ruby-redcloth security update Sebastien Delafond
[SECURITY] [DSA 3169-1] eglibc security update Aurelien Jarno
[SECURITY] [DSA 3171-1] samba security update Salvatore Bonaccorso

Thursday, 26 February

[SECURITY] [DSA 3170-1] linux security update Moritz Muehlenhoff
N.E.T. E-Commerce Group Cross Site Scripting Vulnerability iedb . team
FreeBSD Security Advisory FreeBSD-SA-15:04.igmp FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:05.bind FreeBSD Security Advisories
[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench Onapsis Research Labs
[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA Onapsis Research Labs
[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA Onapsis Research Labs
[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information security-alert
TangoBB 1.5.0-A3 XSS Vulnerability dennis . veninga
EnanoCMS 1.1.8pl1 XSS Vulnerability dennis . veninga
GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server rgutierrez
[SECURITY] [DSA 3172-1] cups security update Sebastien Delafond
[SECURITY] [DSA 3173-1] libgtk2-perl security update Salvatore Bonaccorso
[SECURITY] [DSA 3174-1] iceweasel security update Moritz Muehlenhoff
[security bulletin] HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites security-alert
[SECURITY] [DSA 3175-1] kfreebsd-9 security update Moritz Muehlenhoff
[security bulletin] HPSBUX03244 SSRT101885 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites security-alert
[security bulletin] HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities security-alert
[slackware-security] mozilla-thunderbird (SSA:2015-056-02) Slackware Security Team
[slackware-security] mozilla-firefox (SSA:2015-056-01) Slackware Security Team
D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities Peter Adkins
DSS TFTP 1.0 Server - Path Traversal Vulnerability Vulnerability Lab
Data Source: Scopus CMS - SQL Injection Web Vulnerability Vulnerability Lab
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities Vulnerability Lab
[SECURITY] [DSA 3176-1] request-tracker4 security update Salvatore Bonaccorso

Friday, 27 February

Cross-Site-Scripting (XSS) in tcllib's html::textarea Ben Fuhrmannek
HelpDezk 1.0.1 Multiple Vulnerabilities dennis . veninga
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Jeremy Boynes
Wordpress Media Cleaner Plugin - XSS Vulnerability iletisim
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home SEC Consult Vulnerability Lab
PreviousPrevious period
Next periodNext