Bugtraq: by author
RSS Feed
About List
All Lists
Previous period
165 messages
starting Jun 23 15 and
ending Jun 08 15
Date index |
Thread index |
Author index
Alessandro Ghedini
[SECURITY] [DSA 3293-1] pyjwt security update Alessandro Ghedini (Jun 23)
[SECURITY] [DSA 3296-1] libcrypto++ security update Alessandro Ghedini (Jun 29)
[SECURITY] [DSA 3252-2] sqlite3 security update Alessandro Ghedini (Jun 15)
[SECURITY] [DSA 3297-1] unattended-upgrades security update Alessandro Ghedini (Jun 29)
[SECURITY] [DSA 3279-1] redis security update Alessandro Ghedini (Jun 08)
[SECURITY] [DSA 3287-1] openssl security update Alessandro Ghedini (Jun 15)
alex_haynes
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability alex_haynes (Jun 05)
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities alex_haynes (Jun 05)
Wing FTP Server Remote Code Execution vulnerability alex_haynes (Jun 05)
Amit Klein
The "localhosed" attack - stealing IE local machine cookies and exposing its internal IP address Amit Klein (Jun 23)
Andrea Barisani
[oCERT-2015-008] FreeRADIUS insufficent CRL application Andrea Barisani (Jun 23)
apparitionsec
Symphony CMS XSS Vulnerability apparitionsec (Jun 08)
vfront-0.99.2 CSRF & Persistent XSS apparitionsec (Jun 02)
novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities apparitionsec (Jun 29)
mysql-lite-administrator XSS vulnerabilities apparitionsec (Jun 23)
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec (Jun 09)
Nakid-CMS CSRF, Persistent XSS & LFI apparitionsec (Jun 12)
Enhanced SQL Portal 5.0.7961 XSS Vulnerability apparitionsec (Jun 02)
mysql-lite-administrator XSS vulnerabilities apparitionsec (Jun 23)
ZCMS SQL Injection & Persistent XSS apparitionsec (Jun 12)
GeniXCMS XSS Vulnerabilities apparitionsec (Jun 23)
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities apparitionsec (Jun 09)
Symphony CMS XSS Vulnerability [Corrected Post] apparitionsec (Jun 09)
Symphony CMS 2.6.2 apparitionsec (Jun 08)
Apple Product Security
APPLE-SA-2015-06-30-3 Mac EFI Security Update 2015-001 Apple Product Security (Jun 30)
APPLE-SA-2015-06-30-4 Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 Apple Product Security (Jun 30)
APPLE-SA-2015-06-30-1 iOS 8.4 Apple Product Security (Jun 30)
APPLE-SA-2015-06-30-2 OS X Yosemite v10.10.4 and Security Update 2015-005 Apple Product Security (Jun 30)
banana88
WebDrive Buffer OverFlow PoC banana88 (Jun 01)
Jildi FTP Client 1.5.2 b1138 - Buffer Overflow Vulnerability banana88 (Jun 03)
Ben Hutchings
[SECURITY] [DSA 3289-1] p7zip security update Ben Hutchings (Jun 15)
[SECURITY] [DSA 3290-1] linux security update Ben Hutchings (Jun 18)
Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Cisco IOS XR Software Crafted IPv6 Packet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (Jun 11)
Cisco Security Advisory: Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA Cisco Systems Product Security Incident Response Team (Jun 25)
d4rkr0id
BlackCat CMS v1.1.1 Arbitrary File Download Vulnerability d4rkr0id (Jun 16)
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability d4rkr0id (Jun 08)
Darya Maenkova
[ERPSCAN-15-010] SYBASE SQL Anywhere 12 and 16 - DoS Darya Maenkova (Jun 25)
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check Darya Maenkova (Jun 25)
[ERPSCAN-15-011] SAP Mobile Platform 3.0 - XXE Darya Maenkova (Jun 25)
[ERPSCAN-15-007] SAP Management Console ReadProfile Parameters - Information disclosure Darya Maenkova (Jun 25)
[ERPSCAN-15-005] SAP Mobile Platform - XXE Darya Maenkova (Jun 25)
[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE Darya Maenkova (Jun 25)
[ERPSCAN-15-008] SAP Afaria 7 XcListener - DoS in the module XeClient.Dll Darya Maenkova (Jun 25)
[ERPSCAN-15-006] SAP NetWeaver Portal ReportXmlViewer - XXE Darya Maenkova (Jun 25)
[ERPSCAN-15-003] SAP NetWeaver Dispatcher Buffer Overflow - RCE, DoS Darya Maenkova (Jun 25)
David Leo
Safari Address Spoofing - Impact, Code, How It Works, History David Leo (Jun 03)
Google Chrome Address Spoofing (Request For Comment) David Leo (Jun 30)
Egidio Romano
[KIS-2015-03] Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability Egidio Romano (Jun 11)
[KIS-2015-01] Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability Egidio Romano (Jun 11)
[KIS-2015-02] Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities Egidio Romano (Jun 11)
Federick Joe P Fajardo
CVE-2015-4464 Insufficient Authorization Checks Request Handling Remote Authentication Bypass for Kguard Digital Video Recorders Federick Joe P Fajardo (Jun 24)
Fernando Muñoz
CVE-2015-4674 - TimeDoctor autoupdate over plain-HTTP Fernando Muñoz (Jun 30)
FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-15:10.openssl FreeBSD Security Advisories (Jun 12)
High-Tech Bridge Security Research
Multiple Vulnerabilities in ISPConfig High-Tech Bridge Security Research (Jun 10)
OS Command Injection in Vesta Control Panel High-Tech Bridge Security Research (Jun 17)
Local PHP File Inclusion in ResourceSpace High-Tech Bridge Security Research (Jun 03)
Reflected Cross-Site Scripting (XSS) in SearchBlox High-Tech Bridge Security Research (Jun 17)
Use-After-Free in PHP High-Tech Bridge Security Research (Jun 10)
Arbitrary File Disclosure and Open Redirect in Bonita BPM High-Tech Bridge Security Research (Jun 10)
huyngocbk
Freebox OS Web interface 3.0.2 XSS, CSRF huyngocbk (Jun 02)
icissp . secretariat
CFP The 2nd International Conference on Information Systems Security and Privacy ICISSP 2016 icissp . secretariat (Jun 09)
iedb . team
Productsurf Cms Sql Injection Vulnerability iedb . team (Jun 15)
WebdesignJiNi Cms Sql Injection Vulnerability iedb . team (Jun 15)
Imre RAD
CVE-2015-3931 Microsec e-Szigno, CVE-2015-3932 Netlock Mokka XSW vulnerability Imre RAD (Jun 29)
jerold
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities jerold (Jun 05)
Ektron CMS 9.10 SP1 - CSRF Vulnerability jerold (Jun 01)
Ektron CMS 9.10 SP1 - XSS Vulnerability jerold (Jun 01)
jpierini
DUO Security push Timing Attack jpierini (Jun 19)
Kevin Kluge
Logstash vulnerability CVE-2015-4152 Kevin Kluge (Jun 10)
Elasticsearch vulnerability CVE-2015-4165 Kevin Kluge (Jun 10)
Kibana vulnerability CVE-2015-4093 Kevin Kluge (Jun 10)
Kotas, Kevin J
CA20150604-01: Security Notice for CA Common Services Kotas, Kevin J (Jun 05)
Larry W. Cashdollar
Path Traversal vulnerability in Wordpress plugin se-html5-album-audio-player v1.1.0 Larry W. Cashdollar (Jun 11)
Remote file upload vulnerability in aviary-image-editor-add-on-for-gravity-forms v3.0beta Wordpress plugin Larry W. Cashdollar (Jun 11)
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS Larry W. Cashdollar (Jun 08)
ludwig . stage
[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting ludwig . stage (Jun 12)
Marco Delai
CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 Marco Delai (Jun 24)
Markus Koschany
[SECURITY] [DSA 3278-1] libapache-mod-jk security update Markus Koschany (Jun 05)
Mike Sheward
Expedia Product Security Advisory: Cruise Ship Centers Information Disclosure Mike Sheward (Jun 08)
Moritz Muehlenhoff
[SECURITY] [DSA 3276-1] symfony security update Moritz Muehlenhoff (Jun 01)
[SECURITY] [DSA 3288-1] libav security update Moritz Muehlenhoff (Jun 15)
[SECURITY] [DSA 3294-1] wireshark security update Moritz Muehlenhoff (Jun 24)
[SECURITY] [DSA 3277-1] wireshark security update Moritz Muehlenhoff (Jun 02)
[SECURITY] [DSA 3286-1] xen security update Moritz Muehlenhoff (Jun 15)
[SECURITY] [DSA 3280-1] php5 security update Moritz Muehlenhoff (Jun 08)
n4ser . farhadi
KMPlayer 3.9.1.136 Capture Unicode Buffer Overflow (ASLR Bypass) n4ser . farhadi (Jun 23)
Oliver-Tobias Ripka
CollabNet Subversion Edge missing brute force protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing XSRF protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge autocomplete on Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge downloadHook local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge indes local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing clickjacking protection Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge insecure password change Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge Password Hash Leak Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge weak password policy Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge missing single login restriction Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge Hook Script Privilege Escalation Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge show local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge tail local file inclusion Oliver-Tobias Ripka (Jun 29)
CollabNet Subversion Edge weak password storage mechanism Oliver-Tobias Ripka (Jun 29)
pan . vagenas
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] pan . vagenas (Jun 01)
CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] pan . vagenas (Jun 05)
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] pan . vagenas (Jun 05)
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] pan . vagenas (Jun 01)
Payatu Research
Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App Payatu Research (Jun 08)
Pedro Ribeiro
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) Pedro Ribeiro (Jun 05)
Peter Adkins
D-Link DSP-W110 - multiple vulnerabilities Peter Adkins (Jun 11)
post
Netgear Prosafe VPN Firewalls - Multiple vulnerabilities post (Jun 25)
P. Taylor Goetz
[CVE-2015-3188] Apache Storm remote code execution vulnerability P. Taylor Goetz (Jun 23)
RedTeam Pentesting GmbH
[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery RedTeam Pentesting GmbH (Jun 10)
[RT-SA-2015-002] SQL Injection in TYPO3 Extension Akronymmanager RedTeam Pentesting GmbH (Jun 15)
[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID RedTeam Pentesting GmbH (Jun 10)
Salvatore Bonaccorso
[SECURITY] [DSA 3285-1] qemu-kvm security update Salvatore Bonaccorso (Jun 15)
[SECURITY] [DSA 3269-2] postgresql-9.1 regression update Salvatore Bonaccorso (Jun 01)
[SECURITY] [DSA 3295-1] cacti security update Salvatore Bonaccorso (Jun 24)
[SECURITY] [DSA 3275-1] fusionforge security update Salvatore Bonaccorso (Jun 01)
[SECURITY] [DSA 3283-1] cups security update Salvatore Bonaccorso (Jun 10)
Sebastien Delafond
[SECURITY] [DSA 3292-1] cinder security update Sebastien Delafond (Jun 19)
[SECURITY] [DSA 3249-2] jqueryui security update Sebastien Delafond (Jun 03)
[SECURITY] [DSA 3291-1] drupal7 security update Sebastien Delafond (Jun 18)
SEC Consult Vulnerability Lab
SEC Consult SA-20150626-0 :: Critical vulnerabilities in Polycom RealPresence Resource Manager (RPRM) allow surveillance on conferences SEC Consult Vulnerability Lab (Jun 29)
Security Alert
ESA-2015-043: RSA® Validation Manager Security Update for Multiple Vulnerabilities Security Alert (Jun 16)
ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities Security Alert (Jun 29)
ESA-2015-110: EMC Documentum Thumbnail Server Directory Traversal Vulnerability Security Alert (Jun 23)
ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability Security Alert (Jun 25)
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability Security Alert (Jun 03)
ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Security Alert (Jun 23)
ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability Security Alert (Jun 16)
security-alert
[security bulletin] HPSBUX03359 rev.1 - HP-UX pppoec, local elevation of privilege security-alert (Jun 29)
[security bulletin] HPSBUX03341 SSRT102068 rev.1 - HP-UX Apache Tomcat v7.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Jun 10)
[security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information security-alert (Jun 17)
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access security-alert (Jun 05)
[security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information security-alert (Jun 17)
[security bulletin] HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and Other Vulnerabilities security-alert (Jun 11)
[security bulletin] HPSBPI03107 rev.1 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
[security bulletin] HPSBST03346 rev.1 - HP P6000 Command View Software running Jetty, Remote Denial of Service (DoS) security-alert (Jun 09)
[security bulletin] HPSBMU03267 rev.3 - HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
[security bulletin] HPSBMU03349 rev.1- HP Helion CloudSystem, Local Denial of Service (DoS), Arbitrary Code Execution security-alert (Jun 09)
[security bulletin] HPSBGN03362 rev.1 - HP Discovery and Dependency Mapping Inventory (DDMI) with TLS, Remote Disclosure of Information security-alert (Jun 29)
[security bulletin] HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
[security bulletin] HPSBMU03356 rev.1 - HP Business Service Automation Essentials (BSAE) running TLS, Remote Disclosure of Information security-alert (Jun 23)
[security bulletin] HPSBGN03351 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL, Remote Disclosure of Information security-alert (Jun 29)
Slackware Security Team
[slackware-security] openssl (SSA:2015-162-01) Slackware Security Team (Jun 12)
[slackware-security] php (SSA:2015-162-02) Slackware Security Team (Jun 12)
stasvolfus
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 ) stasvolfus (Jun 11)
sudson08
Buffer Overflow in My Wifi Router Software sudson08 (Jun 15)
Thijs Kinkhorst
[SECURITY] [DSA 3281-1] Debian Security Team PGP/GPG key change notice Thijs Kinkhorst (Jun 08)
Tim
Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 Tim (Jun 29)
Tomi Tuominen
t2'15: Call for Papers 2015 (Helsinki / Finland) Tomi Tuominen (Jun 02)
VCE - PSIRT
VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities VCE - PSIRT (Jun 17)
venkatesh . nitin
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 venkatesh . nitin (Jun 08)
VMware Security Response Center
NEW VMSA-2015-0004 - VMware Workstation, Fusion and Horizon View Client updates address critical security issues VMware Security Response Center (Jun 09)
Vulnerability Lab
ManageEngine Asset Explorer v6.1 - Persistent Vulnerability Vulnerability Lab (Jun 23)
Heroku Bug Bounty #2 - (API) Re Auth Session Bypass Vulnerability Vulnerability Lab (Jun 10)
Ebay Magento Bug Bounty #12 - Cross Site Request Forgery Web Vulnerability Vulnerability Lab (Jun 19)
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
Ebay Magento Bug Bounty #17 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Jun 19)
WebDrive 12.2 (B4172) - Buffer Overflow Vulnerability Vulnerability Lab (Jun 02)
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Vulnerability Lab (Jun 19)
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow Vulnerability Lab (Jun 05)
Ebay Magento Bug Bounty #10 - Persistent Filename Vulnerability Vulnerability Lab (Jun 19)
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability Vulnerability Lab (Jun 19)
wissam . bashour
CSRF Vulnerability in C2Box application CVE-2015-4460 wissam . bashour (Jun 29)
Yves-Alexis Perez
[SECURITY] [DSA 3282-1] strongswan security update Yves-Alexis Perez (Jun 08)