Bugtraq: by thread
165 messages
starting Jun 01 15 and
ending Jun 30 15
Date index |
Thread index |
Author index
- [SECURITY] [DSA 3275-1] fusionforge security update Salvatore Bonaccorso (Jun 01)
- [SECURITY] [DSA 3269-2] postgresql-9.1 regression update Salvatore Bonaccorso (Jun 01)
- [SECURITY] [DSA 3276-1] symfony security update Moritz Muehlenhoff (Jun 01)
- Ektron CMS 9.10 SP1 - CSRF Vulnerability jerold (Jun 01)
- Ektron CMS 9.10 SP1 - XSS Vulnerability jerold (Jun 01)
- WebDrive Buffer OverFlow PoC banana88 (Jun 01)
- CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] pan . vagenas (Jun 01)
- CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] pan . vagenas (Jun 01)
- t2'15: Call for Papers 2015 (Helsinki / Finland) Tomi Tuominen (Jun 02)
- Freebox OS Web interface 3.0.2 XSS, CSRF huyngocbk (Jun 02)
- Enhanced SQL Portal 5.0.7961 XSS Vulnerability apparitionsec (Jun 02)
- vfront-0.99.2 CSRF & Persistent XSS apparitionsec (Jun 02)
- WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability Vulnerability Lab (Jun 02)
- [SECURITY] [DSA 3277-1] wireshark security update Moritz Muehlenhoff (Jun 02)
- [SECURITY] [DSA 3249-2] jqueryui security update Sebastien Delafond (Jun 03)
- Safari Address Spoofing - Impact, Code, How It Works, History David Leo (Jun 03)
- Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability banana88 (Jun 03)
- Local PHP File Inclusion in ResourceSpace High-Tech Bridge Security Research (Jun 03)
- ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability Security Alert (Jun 03)
- [SECURITY] [DSA 3278-1] libapache-mod-jk security update Markus Koschany (Jun 05)
- [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) Pedro Ribeiro (Jun 05)
- IBM Watson (Cognea) - XSS and Redirect Vulnerabilities jerold (Jun 05)
- CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] pan . vagenas (Jun 05)
- [security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access security-alert (Jun 05)
- CA20150604-01: Security Notice for CA Common Services Kotas, Kevin J (Jun 05)
- [CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability alex_haynes (Jun 05)
- [CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities alex_haynes (Jun 05)
- Wing FTP Server Remote Code Execution vulnerability alex_haynes (Jun 05)
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
- <Possible follow-ups>
- 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
- 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
- CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] pan . vagenas (Jun 05)
- Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure Mike Sheward (Jun 08)
- Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar (Jun 08)
- CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 venkatesh . nitin (Jun 08)
- Symphony CMS 2.6.2 apparitionsec (Jun 08)
- [SECURITY] [DSA 3279-1] redis security update Alessandro Ghedini (Jun 08)
- Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App Payatu Research (Jun 08)
- [SECURITY] [DSA 3280-1] php5 security update Moritz Muehlenhoff (Jun 08)
- [SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice Thijs Kinkhorst (Jun 08)
- AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability d4rkr0id (Jun 08)
- Symphony CMS XSS Vulnerability apparitionsec (Jun 08)
- [SECURITY] [DSA 3282-1] strongswan security update Yves-Alexis Perez (Jun 08)
- Symphony CMS XSS Vulnerability [Corrected Post] apparitionsec (Jun 09)
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec (Jun 09)
- <Possible follow-ups>
- SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec (Jun 09)
- CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 icissp . secretariat (Jun 09)
- NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues VMware Security Response Center (Jun 09)
- [security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) security-alert (Jun 09)
- [security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution security-alert (Jun 09)
- [SECURITY] [DSA 3283-1] cups security update Salvatore Bonaccorso (Jun 10)
- Logstash vulnerability CVE-2015-4152 Kevin Kluge (Jun 10)
- Kibana vulnerability CVE-2015-4093 Kevin Kluge (Jun 10)
- Elasticsearch vulnerability CVE-2015-4165 Kevin Kluge (Jun 10)
- [security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Jun 10)
- [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID RedTeam Pentesting GmbH (Jun 10)
- [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery RedTeam Pentesting GmbH (Jun 10)
- Arbitrary File Disclosure and Open Redirect in Bonita BPM High-Tech Bridge Security Research (Jun 10)
- Multiple Vulnerabilities in ISPConfig High-Tech Bridge Security Research (Jun 10)
- Use-After-Free in PHP High-Tech Bridge Security Research (Jun 10)
- Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability Vulnerability Lab (Jun 10)
- XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) stasvolfus (Jun 11)
- Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar (Jun 11)
- [security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Jun 11)
- D-Link DSP-W110 - multiple vulnerabilities Peter Adkins (Jun 11)
- Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jun 11)
- Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar (Jun 11)
- [KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability Egidio Romano (Jun 11)
- [KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano (Jun 11)
- [KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability Egidio Romano (Jun 11)
- Nakid-CMS CSRF, Persistent XSS & LFI apparitionsec (Jun 12)
- [slackware-security] php (SSA:2015-162-02) Slackware Security Team (Jun 12)
- ZCMS SQL Injection & Persistent XSS apparitionsec (Jun 12)
- [SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting ludwig . stage (Jun 12)
- FreeBSD Security Advisory FreeBSD-SA-15:10.openssl FreeBSD Security Advisories (Jun 12)
- [slackware-security] openssl (SSA:2015-162-01) Slackware Security Team (Jun 12)
- [SECURITY] [DSA 3285-1] qemu-kvm security update Salvatore Bonaccorso (Jun 15)
- [SECURITY] [DSA 3286-1] xen security update Moritz Muehlenhoff (Jun 15)
- Buffer Overflow in My Wifi Router Software sudson08 (Jun 15)
- [SECURITY] [DSA 3287-1] openssl security update Alessandro Ghedini (Jun 15)
- [SECURITY] [DSA 3288-1] libav security update Moritz Muehlenhoff (Jun 15)
- [SECURITY] [DSA 3252-2] sqlite3 security update Alessandro Ghedini (Jun 15)
- Productsurf Cms Sql Injection Vulnerability iedb . team (Jun 15)
- WebdesignJiNi Cms Sql Injection Vulnerability iedb . team (Jun 15)
- [RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager RedTeam Pentesting GmbH (Jun 15)
- [SECURITY] [DSA 3289-1] p7zip security update Ben Hutchings (Jun 15)
- BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability d4rkr0id (Jun 16)
- ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability Security Alert (Jun 16)
- ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities Security Alert (Jun 16)
- OS Command Injection in Vesta Control Panel High-Tech Bridge Security Research (Jun 17)
- Reflected Cross-Site Scripting (XSS) in SearchBlox High-Tech Bridge Security Research (Jun 17)
- VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities VCE - PSIRT (Jun 17)
- [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information security-alert (Jun 17)
- [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information security-alert (Jun 17)
- [SECURITY] [DSA 3290-1] linux security update Ben Hutchings (Jun 18)
- [SECURITY] [DSA 3291-1] drupal7 security update Sebastien Delafond (Jun 18)
- DUO Security push Timing Attack jpierini (Jun 19)
- [SECURITY] [DSA 3292-1] cinder security update Sebastien Delafond (Jun 19)
- ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Vulnerability Lab (Jun 19)
- ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability Vulnerability Lab (Jun 19)
- Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability Vulnerability Lab (Jun 19)
- Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jun 19)
- Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability Vulnerability Lab (Jun 19)
- [CVE-2015-3188] Apache Storm remote code execution vulnerability P. Taylor Goetz (Jun 23)
- [SECURITY] [DSA 3293-1] pyjwt security update Alessandro Ghedini (Jun 23)
- mysql-lite-administrator XSS vulnerabilities apparitionsec (Jun 23)
- <Possible follow-ups>
- mysql-lite-administrator XSS vulnerabilities apparitionsec (Jun 23)
- GeniXCMS XSS Vulnerabilities apparitionsec (Jun 23)
- [oCERT-2015-008] FreeRADIUS insufficent CRL application Andrea Barisani (Jun 23)
- ManageEngine Asset Explorer v6.1 - Persistent Vulnerability Vulnerability Lab (Jun 23)
- The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address Amit Klein (Jun 23)
- [security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information security-alert (Jun 23)
- KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) n4ser . farhadi (Jun 23)
- ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Security Alert (Jun 23)
- ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert (Jun 23)
- [SECURITY] [DSA 3294-1] wireshark security update Moritz Muehlenhoff (Jun 24)
- CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 Marco Delai (Jun 24)
- CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders Federick Joe P Fajardo (Jun 24)
- [SECURITY] [DSA 3295-1] cacti security update Salvatore Bonaccorso (Jun 24)
- [ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Darya Maenkova (Jun 25)
- [ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE Darya Maenkova (Jun 25)
- [ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Darya Maenkova (Jun 25)
- [ERPSCAN-15-005] SAP Mobile Platform - XXE Darya Maenkova (Jun 25)
- [ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Darya Maenkova (Jun 25)
- [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check Darya Maenkova (Jun 25)
- [ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Darya Maenkova (Jun 25)
- [ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll Darya Maenkova (Jun 25)
- [ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Darya Maenkova (Jun 25)
- Netgear Prosafe VPN Firewalls - Multiple vulnerabilities post (Jun 25)
- ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability Security Alert (Jun 25)
- Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA Cisco Systems Product Security Incident Response Team (Jun 25)
- CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability Imre RAD (Jun 29)
- ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities Security Alert (Jun 29)
- SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences SEC Consult Vulnerability Lab (Jun 29)
- [security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
- [security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege security-alert (Jun 29)
- [security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
- [security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information security-alert (Jun 29)
- [security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
- [security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
- Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 Tim (Jun 29)
- CSRF Vulnerability in C2Box application CVE-2015-4460 wissam . bashour (Jun 29)
- CollabNet Subversion Edge Hook Script Privilege Escalation Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge Password Hash Leak Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge downloadHook local file inclusion Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge tail local file inclusion Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge insecure password change Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge show local file inclusion Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge missing brute force protection Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge missing clickjacking protection Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge autocomplete on Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge weak password policy Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge missing XSRF protection Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge weak password storage mechanism Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge missing single login restriction Oliver-Tobias Ripka (Jun 29)
- CollabNet Subversion Edge indes local file inclusion Oliver-Tobias Ripka (Jun 29)
- novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities apparitionsec (Jun 29)
- [SECURITY] [DSA 3296-1] libcrypto++ security update Alessandro Ghedini (Jun 29)
- [SECURITY] [DSA 3297-1] unattended-upgrades security update Alessandro Ghedini (Jun 29)
- CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP Fernando Muñoz (Jun 30)
- Google Chrome Address Spoofing (Request For Comment) David Leo (Jun 30)
- APPLE-SA-2015-06-30-1 iOS 8.4 Apple Product Security (Jun 30)
- APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Product Security (Jun 30)
- APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Apple Product Security (Jun 30)
- APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Apple Product Security (Jun 30)